Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
rliquida____odefaturadepagamento.exe

Overview

General Information

Sample name:rliquida____odefaturadepagamento.exe
Analysis ID:1529044
MD5:383574fcb2a1b030666cb7c3be603445
SHA1:2fcf52b141d329798d4d9c6fc1c2b3326a8ccdc9
SHA256:b0a9e6a7deccda1f29e48f243f15e225f59e9fe11e7ce25f9433e3f8d233ad6c
Tags:exeuser-Porcupine
Infos:

Detection

Snake Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected Snake Keylogger
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
AI detected suspicious sample
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect the country of the analysis system (by using the IP)
Writes to foreign memory regions
Yara detected Costura Assembly Loader
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • rliquida____odefaturadepagamento.exe (PID: 3200 cmdline: "C:\Users\user\Desktop\rliquida____odefaturadepagamento.exe" MD5: 383574FCB2A1B030666CB7C3BE603445)
    • InstallUtil.exe (PID: 2448 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
      • cmd.exe (PID: 1292 cmdline: "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 2072 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • choice.exe (PID: 6428 cmdline: choice /C Y /N /D Y /T 3 MD5: FCE0E41C87DC4ABBE976998AD26C27E4)
  • Koerxmxvkh.exe (PID: 1440 cmdline: "C:\Users\user\AppData\Roaming\Koerxmxvkh.exe" MD5: 383574FCB2A1B030666CB7C3BE603445)
    • InstallUtil.exe (PID: 6644 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
      • cmd.exe (PID: 6540 cmdline: "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 1488 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • choice.exe (PID: 6160 cmdline: choice /C Y /N /D Y /T 3 MD5: FCE0E41C87DC4ABBE976998AD26C27E4)
  • Koerxmxvkh.exe (PID: 3168 cmdline: "C:\Users\user\AppData\Roaming\Koerxmxvkh.exe" MD5: 383574FCB2A1B030666CB7C3BE603445)
    • InstallUtil.exe (PID: 5028 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
      • cmd.exe (PID: 6480 cmdline: "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 1440 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • choice.exe (PID: 3148 cmdline: choice /C Y /N /D Y /T 3 MD5: FCE0E41C87DC4ABBE976998AD26C27E4)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: Snake Keylogger

{"Exfil Mode": "SMTP", "Username": "info@setarehatlaspars.com", "Password": "Set@reh1398", "Host": "webmail.setarehatlaspars.com", "Port": "587", "Version": "5.1"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.2195287029.00000000041E8000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000003.00000002.2195287029.00000000041E8000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
      00000003.00000002.2195287029.00000000041E8000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
      • 0x15458:$a1: get_encryptedPassword
      • 0x15744:$a2: get_encryptedUsername
      • 0x15264:$a3: get_timePasswordChanged
      • 0x1535f:$a4: get_passwordField
      • 0x1546e:$a5: set_encryptedPassword
      • 0x16abe:$a7: get_logins
      • 0x16a21:$a10: KeyLoggerEventArgs
      • 0x1668c:$a11: KeyLoggerEventArgsEventHandler
      00000003.00000002.2195287029.00000000041E8000.00000004.00000800.00020000.00000000.sdmpMALWARE_Win_SnakeKeyloggerDetects Snake KeyloggerditekSHen
      • 0x18d9c:$x1: $%SMTPDV$
      • 0x18e02:$x2: $#TheHashHere%&
      • 0x1a50b:$x3: %FTPDV$
      • 0x1a5ff:$x4: $%TelegramDv$
      • 0x1668c:$x5: KeyLoggerEventArgs
      • 0x16a21:$x5: KeyLoggerEventArgs
      • 0x1a52f:$m2: Clipboard Logs ID
      • 0x1a74f:$m2: Screenshot Logs ID
      • 0x1a85f:$m2: keystroke Logs ID
      • 0x1ab39:$m3: SnakePW
      • 0x1a727:$m4: \SnakeKeylogger\
      00000006.00000002.2266200449.0000000003499000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
        Click to see the 60 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        0.2.rliquida____odefaturadepagamento.exe.5790000.9.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
          2.2.InstallUtil.exe.700000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            2.2.InstallUtil.exe.700000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
              2.2.InstallUtil.exe.700000.0.unpackJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
                2.2.InstallUtil.exe.700000.0.unpackWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
                • 0x14a58:$a1: get_encryptedPassword
                • 0x14d44:$a2: get_encryptedUsername
                • 0x14864:$a3: get_timePasswordChanged
                • 0x1495f:$a4: get_passwordField
                • 0x14a6e:$a5: set_encryptedPassword
                • 0x160be:$a7: get_logins
                • 0x16021:$a10: KeyLoggerEventArgs
                • 0x15c8c:$a11: KeyLoggerEventArgsEventHandler
                Click to see the 38 entries

                Sigma Signatures

                System Summary

                barindex
                Sigma detected: CurrentVersion Autorun Keys Modification
                Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\Koerxmxvkh.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exe, ProcessId: 3200, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Koerxmxvkh

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-10-08T15:44:54.971771+020028033053Unknown Traffic192.168.2.549706188.114.96.3443TCP
                2024-10-08T15:44:56.477684+020028033053Unknown Traffic192.168.2.549708188.114.96.3443TCP
                2024-10-08T15:45:16.214292+020028033053Unknown Traffic192.168.2.549743188.114.96.3443TCP
                2024-10-08T15:45:16.885099+020028033053Unknown Traffic192.168.2.549748188.114.96.3443TCP
                2024-10-08T15:45:22.678325+020028033053Unknown Traffic192.168.2.549785188.114.96.3443TCP
                2024-10-08T15:45:23.775616+020028033053Unknown Traffic192.168.2.549796188.114.96.3443TCP
                2024-10-08T15:45:31.637943+020028033053Unknown Traffic192.168.2.549853188.114.96.3443TCP
                2024-10-08T15:45:31.812166+020028033053Unknown Traffic192.168.2.549855188.114.96.3443TCP
                2024-10-08T15:45:35.899895+020028033053Unknown Traffic192.168.2.549876188.114.96.3443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-10-08T15:44:53.271736+020028032742Potentially Bad Traffic192.168.2.549704132.226.8.16980TCP
                2024-10-08T15:44:54.412161+020028032742Potentially Bad Traffic192.168.2.549704132.226.8.16980TCP
                2024-10-08T15:44:55.896514+020028032742Potentially Bad Traffic192.168.2.549707132.226.8.16980TCP
                2024-10-08T15:44:57.412233+020028032742Potentially Bad Traffic192.168.2.549709132.226.8.16980TCP
                2024-10-08T15:45:13.209011+020028032742Potentially Bad Traffic192.168.2.549714132.226.8.16980TCP
                2024-10-08T15:45:16.215883+020028032742Potentially Bad Traffic192.168.2.549714132.226.8.16980TCP
                2024-10-08T15:45:21.834009+020028032742Potentially Bad Traffic192.168.2.549742132.226.8.16980TCP
                2024-10-08T15:45:23.130920+020028032742Potentially Bad Traffic192.168.2.549742132.226.8.16980TCP
                2024-10-08T15:45:25.381017+020028032742Potentially Bad Traffic192.168.2.549754132.226.8.16980TCP
                2024-10-08T15:45:28.255945+020028032742Potentially Bad Traffic192.168.2.549801132.226.8.16980TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Found malware configuration
                Source: 00000002.00000002.2355015844.0000000000702000.00000040.00000400.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "SMTP", "Username": "info@setarehatlaspars.com", "Password": "Set@reh1398", "Host": "webmail.setarehatlaspars.com", "Port": "587", "Version": "5.1"}
                Multi AV Scanner detection for dropped file
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeReversingLabs: Detection: 26%
                Multi AV Scanner detection for submitted file
                Source: rliquida____odefaturadepagamento.exeReversingLabs: Detection: 26%
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for dropped file
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeJoe Sandbox ML: detected
                Machine Learning detection for sample
                Source: rliquida____odefaturadepagamento.exeJoe Sandbox ML: detected

                Location Tracking

                barindex
                Tries to detect the country of the analysis system (by using the IP)
                Source: unknownDNS query: name: reallyfreegeoip.org
                Source: rliquida____odefaturadepagamento.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49705 version: TLS 1.0
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49739 version: TLS 1.0
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49786 version: TLS 1.0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\InstallUtil.exe.logJump to behavior
                Source: rliquida____odefaturadepagamento.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: rliquida____odefaturadepagamento.exe, 00000000.00000002.2064357881.0000000005A40000.00000004.08000000.00040000.00000000.sdmp, rliquida____odefaturadepagamento.exe, 00000000.00000002.2060230016.0000000004029000.00000004.00000800.00020000.00000000.sdmp, rliquida____odefaturadepagamento.exe, 00000000.00000002.2044343749.0000000003398000.00000004.00000800.00020000.00000000.sdmp, Koerxmxvkh.exe, 00000003.00000002.2195287029.0000000004170000.00000004.00000800.00020000.00000000.sdmp, Koerxmxvkh.exe, 00000003.00000002.2177753295.00000000032E5000.00000004.00000800.00020000.00000000.sdmp, Koerxmxvkh.exe, 00000003.00000002.2195287029.0000000003FC7000.00000004.00000800.00020000.00000000.sdmp, Koerxmxvkh.exe, 00000006.00000002.2266200449.0000000003705000.00000004.00000800.00020000.00000000.sdmp, Koerxmxvkh.exe, 00000006.00000002.2290932961.0000000004457000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: rliquida____odefaturadepagamento.exe, 00000000.00000002.2064357881.0000000005A40000.00000004.08000000.00040000.00000000.sdmp, rliquida____odefaturadepagamento.exe, 00000000.00000002.2060230016.0000000004029000.00000004.00000800.00020000.00000000.sdmp, rliquida____odefaturadepagamento.exe, 00000000.00000002.2044343749.0000000003398000.00000004.00000800.00020000.00000000.sdmp, Koerxmxvkh.exe, 00000003.00000002.2195287029.0000000004170000.00000004.00000800.00020000.00000000.sdmp, Koerxmxvkh.exe, 00000003.00000002.2177753295.00000000032E5000.00000004.00000800.00020000.00000000.sdmp, Koerxmxvkh.exe, 00000003.00000002.2195287029.0000000003FC7000.00000004.00000800.00020000.00000000.sdmp, Koerxmxvkh.exe, 00000006.00000002.2266200449.0000000003705000.00000004.00000800.00020000.00000000.sdmp, Koerxmxvkh.exe, 00000006.00000002.2290932961.0000000004457000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: protobuf-net.pdbSHA256}Lq source: rliquida____odefaturadepagamento.exe, 00000000.00000002.2063179296.00000000057F0000.00000004.08000000.00040000.00000000.sdmp, rliquida____odefaturadepagamento.exe, 00000000.00000002.2060230016.0000000004029000.00000004.00000800.00020000.00000000.sdmp, rliquida____odefaturadepagamento.exe, 00000000.00000002.2060230016.00000000041DA000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: protobuf-net.pdb source: rliquida____odefaturadepagamento.exe, 00000000.00000002.2063179296.00000000057F0000.00000004.08000000.00040000.00000000.sdmp, rliquida____odefaturadepagamento.exe, 00000000.00000002.2060230016.0000000004029000.00000004.00000800.00020000.00000000.sdmp, rliquida____odefaturadepagamento.exe, 00000000.00000002.2060230016.00000000041DA000.00000004.00000800.00020000.00000000.sdmp
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 4x nop then jmp 0585942Ch0_2_058590CD
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 4x nop then jmp 0585942Ch0_2_058590D8
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 4x nop then jmp 05861E30h0_2_05861D73
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 4x nop then jmp 05861E30h0_2_05861D78
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 4x nop then jmp 0586813Eh0_2_05867F06
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 4x nop then jmp 0586813Eh0_2_05867E08
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 4x nop then jmp 0586813Eh0_2_05867E18
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h0_2_058660F0
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h0_2_058660F8
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h0_2_0593CE18
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 4x nop then jmp 058B942Ch3_2_058B90D8
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 4x nop then jmp 058B942Ch3_2_058B90D3
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 4x nop then jmp 058C1E30h3_2_058C1D78
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 4x nop then jmp 058C1E30h3_2_058C1D72
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 4x nop then jmp 058C813Eh3_2_058C7F06
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 4x nop then jmp 058C813Eh3_2_058C7E08
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 4x nop then jmp 058C813Eh3_2_058C7E18
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h3_2_058C60F8
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h3_2_058C60F0
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h3_2_0599CE18
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 4x nop then jmp 059A942Ch6_2_059A90A4
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 4x nop then jmp 059A942Ch6_2_059A90D8
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 4x nop then jmp 059B1E30h6_2_059B1D78
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 4x nop then jmp 059B1E30h6_2_059B1D71
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 4x nop then jmp 059B813Eh6_2_059B7F06
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 4x nop then jmp 059B813Eh6_2_059B7E18
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 4x nop then jmp 059B813Eh6_2_059B7E08
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h6_2_059B60F8
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h6_2_059B60F0
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h6_2_05D3CE18

                Networking

                barindex
                Yara detected Generic Downloader
                Source: Yara matchFile source: 2.2.InstallUtil.exe.700000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.rliquida____odefaturadepagamento.exe.41da780.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.Koerxmxvkh.exe.41e8a00.3.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.rliquida____odefaturadepagamento.exe.42209c0.5.raw.unpack, type: UNPACKEDPE
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: Joe Sandbox ViewIP Address: 132.226.8.169 132.226.8.169
                Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
                Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
                Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
                Source: unknownDNS query: name: checkip.dyndns.org
                Source: unknownDNS query: name: reallyfreegeoip.org
                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49709 -> 132.226.8.169:80
                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49707 -> 132.226.8.169:80
                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49742 -> 132.226.8.169:80
                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49801 -> 132.226.8.169:80
                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49714 -> 132.226.8.169:80
                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49704 -> 132.226.8.169:80
                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49754 -> 132.226.8.169:80
                Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49708 -> 188.114.96.3:443
                Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49706 -> 188.114.96.3:443
                Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49748 -> 188.114.96.3:443
                Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49785 -> 188.114.96.3:443
                Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49743 -> 188.114.96.3:443
                Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49796 -> 188.114.96.3:443
                Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49853 -> 188.114.96.3:443
                Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49855 -> 188.114.96.3:443
                Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49876 -> 188.114.96.3:443
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49705 version: TLS 1.0
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49739 version: TLS 1.0
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49786 version: TLS 1.0
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
                Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
                Source: InstallUtil.exe, 00000002.00000002.2357847009.00000000027A7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.00000000027B5000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.000000000278D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.00000000027F0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.00000000027E2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.000000000279A000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.00000000026FA000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D27000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D7D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D35000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D8B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D42000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D50000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002C94000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2548344456.000000000254B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2548344456.0000000002510000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2548344456.00000000024E7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2548344456.0000000002454000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2548344456.000000000253D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2548344456.00000000024F5000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2548344456.0000000002502000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.com
                Source: InstallUtil.exe, 00000002.00000002.2357847009.00000000027A7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.00000000027B5000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.000000000278D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.00000000027C2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.00000000027F0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.00000000027E2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.000000000273C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.000000000279A000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.00000000026FA000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.0000000002641000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D27000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D7D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D35000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D8B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002CD7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D42000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D50000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002C94000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002C88000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2548344456.000000000254B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
                Source: InstallUtil.exe, 00000004.00000002.2555666774.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2548344456.0000000002391000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
                Source: InstallUtil.exe, 00000002.00000002.2357847009.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/0
                Source: rliquida____odefaturadepagamento.exe, 00000000.00000002.2044343749.0000000003021000.00000004.00000800.00020000.00000000.sdmp, rliquida____odefaturadepagamento.exe, 00000000.00000002.2060230016.000000000429E000.00000004.00000800.00020000.00000000.sdmp, rliquida____odefaturadepagamento.exe, 00000000.00000002.2060230016.00000000041DA000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2355015844.0000000000702000.00000040.00000400.00020000.00000000.sdmp, Koerxmxvkh.exe, 00000003.00000002.2195287029.00000000041E8000.00000004.00000800.00020000.00000000.sdmp, Koerxmxvkh.exe, 00000003.00000002.2177753295.0000000003366000.00000004.00000800.00020000.00000000.sdmp, Koerxmxvkh.exe, 00000003.00000002.2195287029.0000000004024000.00000004.00000800.00020000.00000000.sdmp, Koerxmxvkh.exe, 00000006.00000002.2266200449.0000000003786000.00000004.00000800.00020000.00000000.sdmp, Koerxmxvkh.exe, 00000006.00000002.2290932961.00000000044B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
                Source: InstallUtil.exe, 00000002.00000002.2357847009.00000000027A7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.00000000027B5000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.000000000278D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.00000000027F0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.00000000027E2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.000000000279A000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.0000000002712000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D27000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D7D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D35000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002CAC000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D8B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D42000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D50000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2548344456.000000000254B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2548344456.0000000002510000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2548344456.00000000024E7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2548344456.000000000246C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2548344456.000000000253D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2548344456.00000000024F5000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2548344456.0000000002502000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://reallyfreegeoip.org
                Source: rliquida____odefaturadepagamento.exe, 00000000.00000002.2044343749.0000000003021000.00000004.00000800.00020000.00000000.sdmp, rliquida____odefaturadepagamento.exe, 00000000.00000002.2044343749.0000000003398000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.0000000002641000.00000004.00000800.00020000.00000000.sdmp, Koerxmxvkh.exe, 00000003.00000002.2177753295.00000000032E5000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, Koerxmxvkh.exe, 00000006.00000002.2266200449.0000000003705000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2548344456.0000000002391000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                Source: rliquida____odefaturadepagamento.exe, 00000000.00000002.2063179296.00000000057F0000.00000004.08000000.00040000.00000000.sdmp, rliquida____odefaturadepagamento.exe, 00000000.00000002.2060230016.0000000004029000.00000004.00000800.00020000.00000000.sdmp, rliquida____odefaturadepagamento.exe, 00000000.00000002.2060230016.00000000041DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                Source: rliquida____odefaturadepagamento.exe, 00000000.00000002.2063179296.00000000057F0000.00000004.08000000.00040000.00000000.sdmp, rliquida____odefaturadepagamento.exe, 00000000.00000002.2060230016.0000000004029000.00000004.00000800.00020000.00000000.sdmp, rliquida____odefaturadepagamento.exe, 00000000.00000002.2060230016.00000000041DA000.00000004.00000800.00020000.00000000.sdmp, Koerxmxvkh.exe, 00000003.00000002.2195287029.0000000004170000.00000004.00000800.00020000.00000000.sdmp, Koerxmxvkh.exe, 00000006.00000002.2290932961.0000000004600000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                Source: rliquida____odefaturadepagamento.exe, 00000000.00000002.2063179296.00000000057F0000.00000004.08000000.00040000.00000000.sdmp, rliquida____odefaturadepagamento.exe, 00000000.00000002.2060230016.0000000004029000.00000004.00000800.00020000.00000000.sdmp, rliquida____odefaturadepagamento.exe, 00000000.00000002.2060230016.00000000041DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                Source: InstallUtil.exe, 00000002.00000002.2357847009.00000000027A7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.00000000027B5000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.000000000278D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.00000000027F0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.00000000027E2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.000000000273C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.000000000279A000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.00000000026FA000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D27000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D7D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D35000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D8B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002CD7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D42000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D50000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002C94000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2548344456.000000000254B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2548344456.0000000002510000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2548344456.00000000024E7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2548344456.0000000002454000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2548344456.000000000253D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
                Source: rliquida____odefaturadepagamento.exe, 00000000.00000002.2044343749.0000000003021000.00000004.00000800.00020000.00000000.sdmp, rliquida____odefaturadepagamento.exe, 00000000.00000002.2060230016.000000000429E000.00000004.00000800.00020000.00000000.sdmp, rliquida____odefaturadepagamento.exe, 00000000.00000002.2060230016.00000000041DA000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2355015844.0000000000702000.00000040.00000400.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.00000000026FA000.00000004.00000800.00020000.00000000.sdmp, Koerxmxvkh.exe, 00000003.00000002.2195287029.00000000041E8000.00000004.00000800.00020000.00000000.sdmp, Koerxmxvkh.exe, 00000003.00000002.2177753295.0000000003366000.00000004.00000800.00020000.00000000.sdmp, Koerxmxvkh.exe, 00000003.00000002.2195287029.0000000004024000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002C94000.00000004.00000800.00020000.00000000.sdmp, Koerxmxvkh.exe, 00000006.00000002.2266200449.0000000003786000.00000004.00000800.00020000.00000000.sdmp, Koerxmxvkh.exe, 00000006.00000002.2290932961.00000000044B5000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2548344456.0000000002454000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
                Source: InstallUtil.exe, 00000007.00000002.2548344456.0000000002497000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.33
                Source: InstallUtil.exe, 00000002.00000002.2357847009.00000000027A7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.00000000027B5000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.000000000278D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.00000000027F0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.00000000027E2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.000000000273C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.000000000279A000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D27000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D7D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D35000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D8B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002CD7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D42000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D50000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2548344456.000000000254B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2548344456.0000000002510000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2548344456.00000000024E7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2548344456.000000000253D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2548344456.00000000024F5000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2548344456.0000000002502000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2548344456.0000000002497000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.33$
                Source: rliquida____odefaturadepagamento.exe, 00000000.00000002.2063179296.00000000057F0000.00000004.08000000.00040000.00000000.sdmp, rliquida____odefaturadepagamento.exe, 00000000.00000002.2060230016.0000000004029000.00000004.00000800.00020000.00000000.sdmp, rliquida____odefaturadepagamento.exe, 00000000.00000002.2060230016.00000000041DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                Source: rliquida____odefaturadepagamento.exe, 00000000.00000002.2063179296.00000000057F0000.00000004.08000000.00040000.00000000.sdmp, rliquida____odefaturadepagamento.exe, 00000000.00000002.2044343749.0000000003021000.00000004.00000800.00020000.00000000.sdmp, rliquida____odefaturadepagamento.exe, 00000000.00000002.2060230016.0000000004029000.00000004.00000800.00020000.00000000.sdmp, rliquida____odefaturadepagamento.exe, 00000000.00000002.2060230016.00000000041DA000.00000004.00000800.00020000.00000000.sdmp, Koerxmxvkh.exe, 00000003.00000002.2177753295.0000000002F71000.00000004.00000800.00020000.00000000.sdmp, Koerxmxvkh.exe, 00000006.00000002.2266200449.00000000034C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                Source: rliquida____odefaturadepagamento.exe, 00000000.00000002.2063179296.00000000057F0000.00000004.08000000.00040000.00000000.sdmp, rliquida____odefaturadepagamento.exe, 00000000.00000002.2060230016.0000000004029000.00000004.00000800.00020000.00000000.sdmp, rliquida____odefaturadepagamento.exe, 00000000.00000002.2060230016.00000000041DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
                Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57721
                Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 57721 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                Source: unknownNetwork traffic detected: HTTP traffic on port 57744 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57737
                Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
                Source: unknownNetwork traffic detected: HTTP traffic on port 57737 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57746
                Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57744
                Source: unknownNetwork traffic detected: HTTP traffic on port 57746 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
                Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
                Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: 2.2.InstallUtil.exe.700000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 2.2.InstallUtil.exe.700000.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 2.2.InstallUtil.exe.700000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 2.2.InstallUtil.exe.700000.0.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: 0.2.rliquida____odefaturadepagamento.exe.42209c0.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 0.2.rliquida____odefaturadepagamento.exe.42209c0.5.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 0.2.rliquida____odefaturadepagamento.exe.42209c0.5.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 0.2.rliquida____odefaturadepagamento.exe.42209c0.5.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: 0.2.rliquida____odefaturadepagamento.exe.41da780.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 0.2.rliquida____odefaturadepagamento.exe.41da780.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 0.2.rliquida____odefaturadepagamento.exe.41da780.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 0.2.rliquida____odefaturadepagamento.exe.41da780.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: 3.2.Koerxmxvkh.exe.41e8a00.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 3.2.Koerxmxvkh.exe.41e8a00.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 0.2.rliquida____odefaturadepagamento.exe.42209c0.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 3.2.Koerxmxvkh.exe.41e8a00.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 0.2.rliquida____odefaturadepagamento.exe.42209c0.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 3.2.Koerxmxvkh.exe.41e8a00.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: 0.2.rliquida____odefaturadepagamento.exe.42209c0.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 0.2.rliquida____odefaturadepagamento.exe.42209c0.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: 3.2.Koerxmxvkh.exe.41e8a00.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 3.2.Koerxmxvkh.exe.41e8a00.3.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 3.2.Koerxmxvkh.exe.41e8a00.3.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 3.2.Koerxmxvkh.exe.41e8a00.3.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: 00000003.00000002.2195287029.00000000041E8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 00000003.00000002.2195287029.00000000041E8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: 00000003.00000002.2177753295.0000000003366000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: 00000006.00000002.2266200449.0000000003786000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: 00000002.00000002.2355015844.0000000000702000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 00000002.00000002.2355015844.0000000000702000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: 00000003.00000002.2195287029.0000000004024000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 00000003.00000002.2195287029.0000000004024000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: 00000000.00000002.2060230016.000000000429E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 00000000.00000002.2060230016.000000000429E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: 00000006.00000002.2290932961.00000000044B5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 00000006.00000002.2290932961.00000000044B5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: 00000000.00000002.2060230016.00000000041DA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 00000000.00000002.2060230016.00000000041DA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: 00000000.00000002.2044343749.0000000003021000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: Process Memory Space: rliquida____odefaturadepagamento.exe PID: 3200, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: Process Memory Space: rliquida____odefaturadepagamento.exe PID: 3200, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: Process Memory Space: InstallUtil.exe PID: 2448, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: Process Memory Space: InstallUtil.exe PID: 2448, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: Process Memory Space: Koerxmxvkh.exe PID: 1440, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: Process Memory Space: Koerxmxvkh.exe PID: 1440, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: Process Memory Space: Koerxmxvkh.exe PID: 3168, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: Process Memory Space: Koerxmxvkh.exe PID: 3168, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_05864700 NtResumeThread,0_2_05864700
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_05863250 NtProtectVirtualMemory,0_2_05863250
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_058646F9 NtResumeThread,0_2_058646F9
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_05863249 NtProtectVirtualMemory,0_2_05863249
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_058C4700 NtResumeThread,3_2_058C4700
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_058C3250 NtProtectVirtualMemory,3_2_058C3250
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_058C46F9 NtResumeThread,3_2_058C46F9
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_058C3249 NtProtectVirtualMemory,3_2_058C3249
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_059B4700 NtResumeThread,6_2_059B4700
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_059B3250 NtProtectVirtualMemory,6_2_059B3250
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_059B46F8 NtResumeThread,6_2_059B46F8
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_059B3249 NtProtectVirtualMemory,6_2_059B3249
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_02E149F00_2_02E149F0
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_02E176520_2_02E17652
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_02E1C4180_2_02E1C418
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_02E17D200_2_02E17D20
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_02E149E10_2_02E149E1
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_02E176520_2_02E17652
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_02E176520_2_02E17652
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_02E17D120_2_02E17D12
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_0578CD580_2_0578CD58
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_0578142C0_2_0578142C
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_0578C0580_2_0578C058
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_057800400_2_05780040
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_0578C4140_2_0578C414
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_05785F500_2_05785F50
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_05785F410_2_05785F41
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_05782F300_2_05782F30
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_057841400_2_05784140
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_0578412F0_2_0578412F
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_0578B8700_2_0578B870
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_0578C0480_2_0578C048
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_0578001F0_2_0578001F
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_057800070_2_05780007
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_0578B8800_2_0578B880
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_0585B8E00_2_0585B8E0
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_0585A8280_2_0585A828
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_05855B780_2_05855B78
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_0585CDEA0_2_0585CDEA
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_0585CDF80_2_0585CDF8
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_0585B8D00_2_0585B8D0
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_058600400_2_05860040
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_05867F060_2_05867F06
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_05867E080_2_05867E08
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_05867E180_2_05867E18
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_0586F0890_2_0586F089
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_0586F0980_2_0586F098
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_058600070_2_05860007
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_058623910_2_05862391
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_058623A00_2_058623A0
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_0587C5300_2_0587C530
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_058787E00_2_058787E0
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_058792C80_2_058792C8
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_058700070_2_05870007
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_058700400_2_05870040
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_058792B80_2_058792B8
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_058788960_2_05878896
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_0587C8570_2_0587C857
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_0587DB280_2_0587DB28
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_059300060_2_05930006
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_059300400_2_05930040
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_05BED0C00_2_05BED0C0
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_05BD00060_2_05BD0006
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_05BD00400_2_05BD0040
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_04AC46D92_2_04AC46D9
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_04ACB7E22_2_04ACB7E2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_04ACC7612_2_04ACC761
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_04AC67482_2_04AC6748
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_04ACC0802_2_04ACC080
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_04AC61202_2_04AC6120
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_04ACB3382_2_04ACB338
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_04ACBDA02_2_04ACBDA0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_04AC98682_2_04AC9868
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_04ACBAC02_2_04ACBAC0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_04ACCA412_2_04ACCA41
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_04ACB5032_2_04ACB503
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_04AC35702_2_04AC3570
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_014249F03_2_014249F0
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_014273503_2_01427350
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_0142EAB03_2_0142EAB0
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_01427D203_2_01427D20
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_0142C4183_2_0142C418
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_014249E13_2_014249E1
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_01427D123_2_01427D12
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_014257883_2_01425788
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_014257983_2_01425798
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_014273503_2_01427350
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_014273503_2_01427350
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_053F00483_2_053F0048
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_053F00003_2_053F0000
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_057ECD593_2_057ECD59
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_057E142C3_2_057E142C
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_057EC0583_2_057EC058
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_057E00403_2_057E0040
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_057EC4143_2_057EC414
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_057E5F503_2_057E5F50
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_057E5F413_2_057E5F41
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_057E2F303_2_057E2F30
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_057E41403_2_057E4140
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_057E412F3_2_057E412F
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_057EB8703_2_057EB870
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_057EC0483_2_057EC048
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_057E001F3_2_057E001F
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_057E00073_2_057E0007
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_057EB8803_2_057EB880
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_058BB8E03_2_058BB8E0
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_058BA8283_2_058BA828
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_058B5B783_2_058B5B78
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_058BCDEB3_2_058BCDEB
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_058BCDF83_2_058BCDF8
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_058BB8D03_2_058BB8D0
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_058C00403_2_058C0040
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_058CDC983_2_058CDC98
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_058CDCA83_2_058CDCA8
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_058C7F063_2_058C7F06
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_058C7E083_2_058C7E08
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_058C7E183_2_058C7E18
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_058C00073_2_058C0007
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_058C23913_2_058C2391
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_058C23A03_2_058C23A0
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_058DC5303_2_058DC530
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_058D87E03_2_058D87E0
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_058DDB283_2_058DDB28
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_058D00133_2_058D0013
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_058D00403_2_058D0040
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_058D92B83_2_058D92B8
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_058D92C83_2_058D92C8
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_058D88963_2_058D8896
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_058DC8573_2_058DC857
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_059648103_2_05964810
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_059648013_2_05964801
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_059900063_2_05990006
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_059900403_2_05990040
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_05C4D0C03_2_05C4D0C0
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_05C300403_2_05C30040
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_05C300233_2_05C30023
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_02A8B3284_2_02A8B328
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_02A8C1934_2_02A8C193
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_02A861084_2_02A86108
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_02A8C7534_2_02A8C753
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_02A8C4704_2_02A8C470
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_02A84AD94_2_02A84AD9
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_02A8CA334_2_02A8CA33
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_02A8BBD34_2_02A8BBD3
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_02A868804_2_02A86880
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_02A898584_2_02A89858
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_02A8BEB04_2_02A8BEB0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_02A8B4F34_2_02A8B4F3
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_02A835734_2_02A83573
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_019EEAB06_2_019EEAB0
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_019E4AA66_2_019E4AA6
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_019E7D206_2_019E7D20
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_019EC4186_2_019EC418
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_019E21B46_2_019E21B4
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_019E23046_2_019E2304
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_019E22AF6_2_019E22AF
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_019E7D146_2_019E7D14
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_019E57986_2_019E5798
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_019E57886_2_019E5788
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_0598CD586_2_0598CD58
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_0598142C6_2_0598142C
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_0598C0586_2_0598C058
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_059800406_2_05980040
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_0598C4146_2_0598C414
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_05982F306_2_05982F30
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_05985F506_2_05985F50
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_05985F416_2_05985F41
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_0598412F6_2_0598412F
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_059841406_2_05984140
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_0598B8806_2_0598B880
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_059800066_2_05980006
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_0598C0486_2_0598C048
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_0598B8706_2_0598B870
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_059AB8E06_2_059AB8E0
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_059AA8286_2_059AA828
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_059A5B786_2_059A5B78
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_059ACDF86_2_059ACDF8
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_059ACDEB6_2_059ACDEB
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_059AB8D06_2_059AB8D0
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_059B00406_2_059B0040
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_059BDC986_2_059BDC98
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_059BDCA86_2_059BDCA8
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_059B7F066_2_059B7F06
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_059B7E186_2_059B7E18
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_059B7E086_2_059B7E08
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_059B00076_2_059B0007
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_059B23916_2_059B2391
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_059B23A06_2_059B23A0
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_05A8C5226_2_05A8C522
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_05A887E06_2_05A887E0
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_05A800066_2_05A80006
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_05A800406_2_05A80040
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_05A892B86_2_05A892B8
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_05A892C86_2_05A892C8
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_05A888966_2_05A88896
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_05A8C8576_2_05A8C857
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_05A8DB386_2_05A8DB38
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_05D048106_2_05D04810
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_05D048016_2_05D04801
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_05D300406_2_05D30040
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_05D300076_2_05D30007
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_05FED0C06_2_05FED0C0
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_05FD00406_2_05FD0040
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_05FD00066_2_05FD0006
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_022161087_2_02216108
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0221C1907_2_0221C190
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_022167307_2_02216730
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0221C7517_2_0221C751
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0221C4707_2_0221C470
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0221B4FB7_2_0221B4FB
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_022135707_2_02213570
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0221CA317_2_0221CA31
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_02214AD97_2_02214AD9
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0221BBD27_2_0221BBD2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_022198587_2_02219858
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0221BEB07_2_0221BEB0
                Source: rliquida____odefaturadepagamento.exe, 00000000.00000002.2064357881.0000000005A40000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs rliquida____odefaturadepagamento.exe
                Source: rliquida____odefaturadepagamento.exe, 00000000.00000002.2063179296.00000000057F0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs rliquida____odefaturadepagamento.exe
                Source: rliquida____odefaturadepagamento.exe, 00000000.00000002.2062593680.0000000005690000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenamePkfbundhp.dll" vs rliquida____odefaturadepagamento.exe
                Source: rliquida____odefaturadepagamento.exe, 00000000.00000002.2044343749.0000000003021000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs rliquida____odefaturadepagamento.exe
                Source: rliquida____odefaturadepagamento.exe, 00000000.00000002.2044343749.0000000003021000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs rliquida____odefaturadepagamento.exe
                Source: rliquida____odefaturadepagamento.exe, 00000000.00000002.2060230016.000000000429E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePkfbundhp.dll" vs rliquida____odefaturadepagamento.exe
                Source: rliquida____odefaturadepagamento.exe, 00000000.00000002.2060230016.0000000004029000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs rliquida____odefaturadepagamento.exe
                Source: rliquida____odefaturadepagamento.exe, 00000000.00000002.2060230016.0000000004029000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs rliquida____odefaturadepagamento.exe
                Source: rliquida____odefaturadepagamento.exe, 00000000.00000002.2060230016.00000000041DA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs rliquida____odefaturadepagamento.exe
                Source: rliquida____odefaturadepagamento.exe, 00000000.00000002.2060230016.00000000041DA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs rliquida____odefaturadepagamento.exe
                Source: rliquida____odefaturadepagamento.exe, 00000000.00000002.2041283011.000000000121E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs rliquida____odefaturadepagamento.exe
                Source: rliquida____odefaturadepagamento.exe, 00000000.00000000.2029036205.00000000009F2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameLzstsk.exe. vs rliquida____odefaturadepagamento.exe
                Source: rliquida____odefaturadepagamento.exe, 00000000.00000002.2044343749.0000000003398000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs rliquida____odefaturadepagamento.exe
                Source: rliquida____odefaturadepagamento.exeBinary or memory string: OriginalFilenameLzstsk.exe. vs rliquida____odefaturadepagamento.exe
                Source: rliquida____odefaturadepagamento.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                Source: 2.2.InstallUtil.exe.700000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 2.2.InstallUtil.exe.700000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 2.2.InstallUtil.exe.700000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 2.2.InstallUtil.exe.700000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: 0.2.rliquida____odefaturadepagamento.exe.42209c0.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 0.2.rliquida____odefaturadepagamento.exe.42209c0.5.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 0.2.rliquida____odefaturadepagamento.exe.42209c0.5.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 0.2.rliquida____odefaturadepagamento.exe.42209c0.5.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: 0.2.rliquida____odefaturadepagamento.exe.41da780.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 0.2.rliquida____odefaturadepagamento.exe.41da780.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 0.2.rliquida____odefaturadepagamento.exe.41da780.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 0.2.rliquida____odefaturadepagamento.exe.41da780.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: 3.2.Koerxmxvkh.exe.41e8a00.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 3.2.Koerxmxvkh.exe.41e8a00.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 0.2.rliquida____odefaturadepagamento.exe.42209c0.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 3.2.Koerxmxvkh.exe.41e8a00.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 0.2.rliquida____odefaturadepagamento.exe.42209c0.5.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 3.2.Koerxmxvkh.exe.41e8a00.3.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: 0.2.rliquida____odefaturadepagamento.exe.42209c0.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 0.2.rliquida____odefaturadepagamento.exe.42209c0.5.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: 3.2.Koerxmxvkh.exe.41e8a00.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 3.2.Koerxmxvkh.exe.41e8a00.3.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 3.2.Koerxmxvkh.exe.41e8a00.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 3.2.Koerxmxvkh.exe.41e8a00.3.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: 00000003.00000002.2195287029.00000000041E8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 00000003.00000002.2195287029.00000000041E8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: 00000003.00000002.2177753295.0000000003366000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: 00000006.00000002.2266200449.0000000003786000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: 00000002.00000002.2355015844.0000000000702000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 00000002.00000002.2355015844.0000000000702000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: 00000003.00000002.2195287029.0000000004024000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 00000003.00000002.2195287029.0000000004024000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: 00000000.00000002.2060230016.000000000429E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 00000000.00000002.2060230016.000000000429E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: 00000006.00000002.2290932961.00000000044B5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 00000006.00000002.2290932961.00000000044B5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: 00000000.00000002.2060230016.00000000041DA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 00000000.00000002.2060230016.00000000041DA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: 00000000.00000002.2044343749.0000000003021000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: Process Memory Space: rliquida____odefaturadepagamento.exe PID: 3200, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: Process Memory Space: rliquida____odefaturadepagamento.exe PID: 3200, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: Process Memory Space: InstallUtil.exe PID: 2448, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: Process Memory Space: InstallUtil.exe PID: 2448, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: Process Memory Space: Koerxmxvkh.exe PID: 1440, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: Process Memory Space: Koerxmxvkh.exe PID: 1440, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: Process Memory Space: Koerxmxvkh.exe PID: 3168, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: Process Memory Space: Koerxmxvkh.exe PID: 3168, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: rliquida____odefaturadepagamento.exe, InfoClassRule.csCryptographic APIs: 'CreateDecryptor'
                Source: 0.2.rliquida____odefaturadepagamento.exe.42c79e0.3.raw.unpack, XZqr3KxXrV2Z3s67Q8Y.csCryptographic APIs: 'CreateDecryptor'
                Source: 0.2.rliquida____odefaturadepagamento.exe.42c79e0.3.raw.unpack, XZqr3KxXrV2Z3s67Q8Y.csCryptographic APIs: 'CreateDecryptor'
                Source: 0.2.rliquida____odefaturadepagamento.exe.42c79e0.3.raw.unpack, XZqr3KxXrV2Z3s67Q8Y.csCryptographic APIs: 'CreateDecryptor'
                Source: 0.2.rliquida____odefaturadepagamento.exe.42c79e0.3.raw.unpack, XZqr3KxXrV2Z3s67Q8Y.csCryptographic APIs: 'CreateDecryptor'
                Source: rliquida____odefaturadepagamento.exe, TaskInitializer.csTask registration methods: 'CreateVisitor', 'CreateParser', 'RegisterVisitor'
                Source: 0.2.rliquida____odefaturadepagamento.exe.4029550.4.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                Source: 0.2.rliquida____odefaturadepagamento.exe.4029550.4.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                Source: 0.2.rliquida____odefaturadepagamento.exe.4029550.4.raw.unpack, Task.csTask registration methods: 'RegisterChanges', 'CreateTask'
                Source: 0.2.rliquida____odefaturadepagamento.exe.4029550.4.raw.unpack, TaskService.csTask registration methods: 'CreateFromToken'
                Source: 0.2.rliquida____odefaturadepagamento.exe.4029550.4.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                Source: 0.2.rliquida____odefaturadepagamento.exe.4029550.4.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                Source: 0.2.rliquida____odefaturadepagamento.exe.4029550.4.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                Source: 0.2.rliquida____odefaturadepagamento.exe.4029550.4.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.rliquida____odefaturadepagamento.exe.4029550.4.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                Source: 0.2.rliquida____odefaturadepagamento.exe.4029550.4.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                Source: classification engineClassification label: mal100.troj.evad.winEXE@24/3@2/2
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeFile created: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeJump to behavior
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2072:120:WilError_03
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMutant created: NULL
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1440:120:WilError_03
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1488:120:WilError_03
                Source: rliquida____odefaturadepagamento.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: rliquida____odefaturadepagamento.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: rliquida____odefaturadepagamento.exeReversingLabs: Detection: 26%
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeFile read: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exe "C:\Users\user\Desktop\rliquida____odefaturadepagamento.exe"
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                Source: unknownProcess created: C:\Users\user\AppData\Roaming\Koerxmxvkh.exe "C:\Users\user\AppData\Roaming\Koerxmxvkh.exe"
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                Source: unknownProcess created: C:\Users\user\AppData\Roaming\Koerxmxvkh.exe "C:\Users\user\AppData\Roaming\Koerxmxvkh.exe"
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /C Y /N /D Y /T 3
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /C Y /N /D Y /T 3
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /C Y /N /D Y /T 3
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /C Y /N /D Y /T 3
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /C Y /N /D Y /T 3
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /C Y /N /D Y /T 3
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wtsapi32.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winsta.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: slc.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: slc.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: secur32.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: schannel.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mskeyprotect.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ntasn1.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncrypt.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncryptsslp.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msasn1.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: gpapi.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: propsys.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: edputil.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: urlmon.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iertutil.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: srvcli.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: netutils.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.staterepositoryps.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wintypes.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: appresolver.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: bcp47langs.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: slc.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: userenv.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sppc.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: onecorecommonproxystub.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: onecoreuapcommonproxystub.dll
                Source: C:\Windows\SysWOW64\choice.exeSection loaded: version.dll
                Source: C:\Windows\SysWOW64\choice.exeSection loaded: version.dll
                Source: C:\Windows\SysWOW64\choice.exeSection loaded: version.dll
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: rliquida____odefaturadepagamento.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: rliquida____odefaturadepagamento.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                Source: rliquida____odefaturadepagamento.exeStatic file information: File size 2386432 > 1048576
                Source: rliquida____odefaturadepagamento.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x246000
                Source: rliquida____odefaturadepagamento.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: rliquida____odefaturadepagamento.exe, 00000000.00000002.2064357881.0000000005A40000.00000004.08000000.00040000.00000000.sdmp, rliquida____odefaturadepagamento.exe, 00000000.00000002.2060230016.0000000004029000.00000004.00000800.00020000.00000000.sdmp, rliquida____odefaturadepagamento.exe, 00000000.00000002.2044343749.0000000003398000.00000004.00000800.00020000.00000000.sdmp, Koerxmxvkh.exe, 00000003.00000002.2195287029.0000000004170000.00000004.00000800.00020000.00000000.sdmp, Koerxmxvkh.exe, 00000003.00000002.2177753295.00000000032E5000.00000004.00000800.00020000.00000000.sdmp, Koerxmxvkh.exe, 00000003.00000002.2195287029.0000000003FC7000.00000004.00000800.00020000.00000000.sdmp, Koerxmxvkh.exe, 00000006.00000002.2266200449.0000000003705000.00000004.00000800.00020000.00000000.sdmp, Koerxmxvkh.exe, 00000006.00000002.2290932961.0000000004457000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: rliquida____odefaturadepagamento.exe, 00000000.00000002.2064357881.0000000005A40000.00000004.08000000.00040000.00000000.sdmp, rliquida____odefaturadepagamento.exe, 00000000.00000002.2060230016.0000000004029000.00000004.00000800.00020000.00000000.sdmp, rliquida____odefaturadepagamento.exe, 00000000.00000002.2044343749.0000000003398000.00000004.00000800.00020000.00000000.sdmp, Koerxmxvkh.exe, 00000003.00000002.2195287029.0000000004170000.00000004.00000800.00020000.00000000.sdmp, Koerxmxvkh.exe, 00000003.00000002.2177753295.00000000032E5000.00000004.00000800.00020000.00000000.sdmp, Koerxmxvkh.exe, 00000003.00000002.2195287029.0000000003FC7000.00000004.00000800.00020000.00000000.sdmp, Koerxmxvkh.exe, 00000006.00000002.2266200449.0000000003705000.00000004.00000800.00020000.00000000.sdmp, Koerxmxvkh.exe, 00000006.00000002.2290932961.0000000004457000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: protobuf-net.pdbSHA256}Lq source: rliquida____odefaturadepagamento.exe, 00000000.00000002.2063179296.00000000057F0000.00000004.08000000.00040000.00000000.sdmp, rliquida____odefaturadepagamento.exe, 00000000.00000002.2060230016.0000000004029000.00000004.00000800.00020000.00000000.sdmp, rliquida____odefaturadepagamento.exe, 00000000.00000002.2060230016.00000000041DA000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: protobuf-net.pdb source: rliquida____odefaturadepagamento.exe, 00000000.00000002.2063179296.00000000057F0000.00000004.08000000.00040000.00000000.sdmp, rliquida____odefaturadepagamento.exe, 00000000.00000002.2060230016.0000000004029000.00000004.00000800.00020000.00000000.sdmp, rliquida____odefaturadepagamento.exe, 00000000.00000002.2060230016.00000000041DA000.00000004.00000800.00020000.00000000.sdmp

                Data Obfuscation

                barindex
                .NET source code contains method to dynamically call methods (often used by packers)
                Source: 0.2.rliquida____odefaturadepagamento.exe.42c79e0.3.raw.unpack, XZqr3KxXrV2Z3s67Q8Y.cs.Net Code: Type.GetTypeFromHandle(yM8CUWipG5bB0IVpVFZ.SKTsr45snK(16777265)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(yM8CUWipG5bB0IVpVFZ.SKTsr45snK(16777259)),Type.GetTypeFromHandle(yM8CUWipG5bB0IVpVFZ.SKTsr45snK(16777263))})
                .NET source code contains potential unpacker
                Source: rliquida____odefaturadepagamento.exe, StateClass.cs.Net Code: VisitStub System.AppDomain.Load(byte[])
                Source: 0.2.rliquida____odefaturadepagamento.exe.4029550.4.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                Source: 0.2.rliquida____odefaturadepagamento.exe.4029550.4.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                Source: 0.2.rliquida____odefaturadepagamento.exe.4029550.4.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                Yara detected Costura Assembly Loader
                Source: Yara matchFile source: 0.2.rliquida____odefaturadepagamento.exe.5790000.9.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.rliquida____odefaturadepagamento.exe.4105d20.6.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.rliquida____odefaturadepagamento.exe.4029550.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000006.00000002.2266200449.0000000003499000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2063013108.0000000005790000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2060230016.0000000004029000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2044343749.0000000003021000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2177753295.0000000002F71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: rliquida____odefaturadepagamento.exe PID: 3200, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: Koerxmxvkh.exe PID: 1440, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: Koerxmxvkh.exe PID: 3168, type: MEMORYSTR
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_02E1601F push ss; iretd 0_2_02E16036
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_02E17610 push eax; ret 0_2_02E17611
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_05500D13 push eax; iretd 0_2_05500D1D
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_05502FE0 pushad ; retf 0_2_05503031
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_05502FE2 pushad ; retf 0_2_05503031
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_05786E2C push E8055232h; retf 0_2_05786E31
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_05788278 pushad ; iretd 0_2_05788279
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_0578827A push eax; iretd 0_2_05788281
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_0585A790 pushfd ; iretd 0_2_0585A791
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_0585A710 push esp; iretd 0_2_0585A711
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_058731F4 push ebp; iretd 0_2_058731FB
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_0587322F push ds; iretd 0_2_05873232
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeCode function: 0_2_05BD2035 push ebp; ret 0_2_05BD2038
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_04ACACDF push dword ptr [ebp+ebx-75h]; iretd 2_2_04ACACAD
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_01427610 push eax; ret 3_2_01427611
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_057E6E2C push E8057832h; retf 3_2_057E6E31
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_057E827A push eax; iretd 3_2_057E8281
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_057E8278 pushad ; iretd 3_2_057E8279
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_058B4810 push esp; retf 3_2_058B481D
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_058BA790 pushfd ; iretd 3_2_058BA791
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_058BA710 push esp; iretd 3_2_058BA711
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_058D31F4 push ebp; iretd 3_2_058D31FB
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_058D322F push ds; iretd 3_2_058D3232
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_05960718 pushfd ; ret 3_2_05960725
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_05C315B5 push ss; ret 3_2_05C315C8
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 3_2_05C32035 push ebp; ret 3_2_05C32038
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_019E601F push ss; iretd 6_2_019E6036
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_019E7610 push eax; ret 6_2_019E7611
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_05986E2C push E8058E32h; retf 6_2_05986E31
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_05988278 pushad ; iretd 6_2_05988279
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeCode function: 6_2_0598827A push eax; iretd 6_2_05988281
                Source: 0.2.rliquida____odefaturadepagamento.exe.5690000.8.raw.unpack, PwYLRVuMFkfydfAmtu2.csHigh entropy of concatenated method names: 'WTbuETjKxW', 'T7fpDZLqh9pwpmj3AQI', 'nh1dDiLbXvCpERC2pcL', 'PLodYnLOn2mIb1vEsvD', 'fjUGfILzIwYuGc2Ppds', 'zBJxQ0MSQvPMBp6alps', 'kcykWrL6cGV5qkp9R4n', 'KaZ5UvLf2mKPtWD2SFD'
                Source: 0.2.rliquida____odefaturadepagamento.exe.5690000.8.raw.unpack, tqPNnXvyZl5mgsjm3ri.csHigh entropy of concatenated method names: 'RtlInitUnicodeString', 'LdrLoadDll', 'RtlZeroMemory', 'NtQueryInformationProcess', 'JPgvCn1scf', 'NtProtectVirtualMemory', 'XQM3wrFXsIvNwYQqwOt', 'AgvDU7FHLa2c7V9R2YA', 'OvdjiXFruLhQS6wj9Bh', 'Sp28aFFguwFhJgHRZJM'
                Source: 0.2.rliquida____odefaturadepagamento.exe.42c79e0.3.raw.unpack, AssemblyLoader.csHigh entropy of concatenated method names: 'CultureToString', 'ReadExistingAssembly', 'CopyTo', 'LoadStream', 'LoadStream', 'ReadStream', 'ReadFromEmbeddedResources', 'ResolveAssembly', 'Attach', 'lwZuSfrRxHaDYHY3o6T'
                Source: 0.2.rliquida____odefaturadepagamento.exe.42c79e0.3.raw.unpack, tU19i5v3X0a3QxEpZnT.csHigh entropy of concatenated method names: 'V02vhvKvH2', 'vVbva67IKy', 'qakvwoZXC8', 'EravP9OOV6', 'V8jvo3Y2PR', 'F7KvN8BNKC', 'hCkveKTvt5', 'Rrlv4smfEh', 'qSgvJUheM5', 'XgJv545vEp'
                Source: 0.2.rliquida____odefaturadepagamento.exe.42c79e0.3.raw.unpack, vorraPaBnFLSUINRFL.csHigh entropy of concatenated method names: 'WRdTTS7UV', 'vc2PMXVdi', 'j2vNJ20OK', 'N2FemU3s7', 'wwewHskL3', 'HWBu00k6JUjcMOMgiHQ', 'FU4TdhkfolInVfFcjeo', 'dx9SoWkqwAjSJTxcsXE', 'TeRoeVkbBZ2tpFoGVsP', 'M17FAtkOFyYF51sepuW'
                Source: 0.2.rliquida____odefaturadepagamento.exe.42c79e0.3.raw.unpack, KaEv09xpkA93hWHWWQw.csHigh entropy of concatenated method names: 'goFsEOHwNf', 'GD1w8JgaMeRWXnqBphn', 'YXJbfegdwvbQpqOYo8x', 'BsSAf6gw3ugNyoiQA37', 'g6sYL9gT3OoW3TkEjwV', 'Y23PXQghl7OdXIPFmlC', 'n5VgQUgi3cZliogr25F', 'UGdmyRgPkENBT6jOMxq'
                Source: 0.2.rliquida____odefaturadepagamento.exe.42c79e0.3.raw.unpack, IvjIAt3R8PRYkMclbQq.csHigh entropy of concatenated method names: 'AGF3WpP7d2', 'upP32iSM8o', 'dPW3s5bWdI', 'xKq3twYHaa', 'L0sRC2pWeNn0EBcCVhl', 'waL6VLp2pZlGEcIEZKc', 'v4uCT3pB3tAwExpiQ3Z', 'jb5ePSp0d9nvGhmFMMa', 'p0pJl0pm58dHOU8RB4U', 'ANubdOp1iSsfq3DRjbY'
                Source: 0.2.rliquida____odefaturadepagamento.exe.42c79e0.3.raw.unpack, BuLBg33cLf4PSK5wPH3.csHigh entropy of concatenated method names: 'EcE3kpAm5H', 'NCdiBVEVyXfO1Sk4jIO', 'H0gcgoEjfSwiktCxuD0', 'RMbgk3E75RykrYlGPYk', 'mR39anEZFB9RU5QJF1a', 'lZL6iqEmuJH4919sTrt', 'ES1Q3EE1AyOfkCeYpd2'
                Source: 0.2.rliquida____odefaturadepagamento.exe.42c79e0.3.raw.unpack, J7JoPf3b0qgI8pTx4yv.csHigh entropy of concatenated method names: 'w6u3zGY4kR', 'DyhxUhjF94', 'wn6xSgLRmx', 'THECRxlTn2Rvm6GfrcS', 'gNE7aTlP7BJLvfWp3Xb', 'xap9KdldbVSP78mgJMR', 'e19wHllwPGkWHdF8frp', 'Ju7mmxlovBRcngHurUw', 'raRl96lNL3GoBj3xiTO', 'GZngQNleVnmpOt1UrSQ'
                Source: 0.2.rliquida____odefaturadepagamento.exe.42c79e0.3.raw.unpack, PwYLRVuMFkfydfAmtu2.csHigh entropy of concatenated method names: 'WTbuETjKxW', 'T7fpDZLqh9pwpmj3AQI', 'nh1dDiLbXvCpERC2pcL', 'PLodYnLOn2mIb1vEsvD', 'fjUGfILzIwYuGc2Ppds', 'zBJxQ0MSQvPMBp6alps', 'kcykWrL6cGV5qkp9R4n', 'KaZ5UvLf2mKPtWD2SFD'
                Source: 0.2.rliquida____odefaturadepagamento.exe.42c79e0.3.raw.unpack, zKYmpM3lWEsNXl1Kftq.csHigh entropy of concatenated method names: 'Isy3g6dqe6', 'gId3XIoykg', 'f7xRsdpult5J8kKn4ji', 'SJP3RqpvauN6xvkbWwg', 'LcmE4mpQl0wsdcbQU7m', 'eIfu1qp970lqRhBvjsf', 'XM7ixop3jUXPMAg7u59', 'WOjNi8pxTCGPQoLDZhu', 'Vp8HFDphXjv0lk2cpJw', 'iXmWFgpitYEoTF58bgw'
                Source: 0.2.rliquida____odefaturadepagamento.exe.42c79e0.3.raw.unpack, sYKsZtizk0fr2Sy4WUo.csHigh entropy of concatenated method names: 'EAJNcpp9A1', 'v7gNyN30X8', 'RDCNkWKf9X', 'EpkNChcdxJ', 'EZlNLDHTnu', 'eQbNM9UMys', 'a2bNFdlBg9', 'qjaaKlwGtk', 'M4nNEgSngt', 's6yNpMHfrd'
                Source: 0.2.rliquida____odefaturadepagamento.exe.42c79e0.3.raw.unpack, GWYN2DiH0xQ3ALOrJoa.csHigh entropy of concatenated method names: 'Nd3i1rSOOI', 'oDYiViUoOD', 'QwkijRRibS', 'afKi7snml7', 'EEIiZSEG4T', 'TZpi61sjky', 'KrJifRf6dO', 'wsMiqTv3CT', 'awIibCMHfY', 'QhuiOP4jNB'
                Source: 0.2.rliquida____odefaturadepagamento.exe.42c79e0.3.raw.unpack, OkxkuaxKMBVMMmuopTj.csHigh entropy of concatenated method names: 'LTuxyWFlTL', 'L3MxkZxBwh', 'nYXopprTinWuKyJGD0V', 'sB99GRrPpRK8X0yu5MH', 'FGeRf8rofMyGddq93RH', 'erHQ2GrddFUKPNmH0We', 'YdJnnVrw8vNJXHhRkut', 'hojGuUrNw5WWww0KjNg', 'CUBA0xre4HeYa1SZRDO'
                Source: 0.2.rliquida____odefaturadepagamento.exe.42c79e0.3.raw.unpack, DXyYBL3mZsSmMUfeEFy.csHigh entropy of concatenated method names: 'Oge3VFBuiu', 'o5XXD4p6EGTZecNaXJG', 'tXrcV1pfYjquIIqPlfh', 'UAaqlMpqObig1PZTxQD', 'JeyOympb5nrDR8chSxP', 'LwAO3hpOU6qDb0EQa8u', 'OwCo84pzqLwW6gS9fZ6', 'jgxjYSlSEoFTs2sBQqt', 'ffTwQYlUTb1dAfK5dAo', 'CVpTTvp7FPMsYxKVbgX'
                Source: 0.2.rliquida____odefaturadepagamento.exe.42c79e0.3.raw.unpack, BHg6PxAcI6mpf1nWALj.csHigh entropy of concatenated method names: 'UGZAk7NJt7', 'ec5BOMCnGAghYpch012', 'tZZ74NCRXPK6efwB6jI', 'J6cqodCGWq5gA9rnYZS', 'zdyiwUCsffHCejHtRqs', 'nsXsC1CtfkAEU9nTGkR', 'QZV94ICW7IDCBerOHvH', 'Q08egQC2RR6PunERdKs', 'rO0UmGCBt9YKHCHxdyR', 'vogVIUC0nkCK2FUSR2F'
                Source: 0.2.rliquida____odefaturadepagamento.exe.42c79e0.3.raw.unpack, LB9GA5unRcmMLNPJGTO.csHigh entropy of concatenated method names: 'jaDuGghXXm', 'GOcus8rogT', 'dpVutUsSAg', 'drMt1WMRWLSZXBqyRVK', 'TFkunLMGUBmD6Byb0Xk', 'uB8ThjMsBPeAYyxNsYf', 'r7YF4DMI5KBfYtWqImo', 'qvb8ihMnxwbubKb1gVV', 'QForLWMtcr4E2Y7wKXV', 'VbnnfgMW5L2fQfVVZ83'
                Source: 0.2.rliquida____odefaturadepagamento.exe.42c79e0.3.raw.unpack, jOxrCa3H3OhAD9vtIJb.csHigh entropy of concatenated method names: 'mhD3niTQwK', 'ssjwUJpXpHv9l6hnIMQ', 'eccN7YpHYdfJjXHlZXa', 'V8moZ1pIv0ZFdRl6V4i', 'RJRstopn4wxUvOpjhb1', 'Kp5829pRlKFCU143Exr', 'LL44LPprOZ1P8bM4GaV', 't9vA28pgDx4CqIcBw5v'
                Source: 0.2.rliquida____odefaturadepagamento.exe.42c79e0.3.raw.unpack, lVt4GTxoieg0UMJSuWc.csHigh entropy of concatenated method names: 'bcMxe7pqdI', 'Uxyx4QDVvQ', 'BG2YWClGO69XopHluAQ', 'JTjTLXlsXTXQ1bZl2ON', 'yusgLgltN8mSjp9q8bO', 'N1OT4PlnveEQLEtpEcj', 'J7Ld6alRtXBEfhjjKIp', 'Hm4KYhlWCXOBcfbucfU', 'i1QrbAl2njFO56aIoH2', 'KlXKdTlB9CMl94y8cR3'
                Source: 0.2.rliquida____odefaturadepagamento.exe.42c79e0.3.raw.unpack, XZqr3KxXrV2Z3s67Q8Y.csHigh entropy of concatenated method names: 'RVr1xfgJIwAgUI42wed', 'er4HqUg5HHWePabWYMD', 'zKmiiQ2nBh', 'rgWT01gyGvyDn3nbvJ5', 'V9m396gkYRSLx35DVaS', 'xgY84kgC3muncQxnrMy', 'WDywo1gLV77Bx2GomRL', 'dHcBhugMaEL4NdZfQCb', 'lT9bstgFmm0YTKyr6Sj', 'OJNOaXgEm0cCx6BJNGP'
                Source: 0.2.rliquida____odefaturadepagamento.exe.42c79e0.3.raw.unpack, QHk67g361kvmnXVQR82.csHigh entropy of concatenated method names: 'nnf3qifqUM', 'qA6PNtl9drupcEuVviO', 'jEoonwl3XPTp7U1WuQJ', 'L1MPpblx3bB63dRlGKt', 'dZv2UTlhuLabyGeqHhu', 'b2ity8lishrQUxqFFaw', 'DAAE7elvsoDIKALfNxX', 'nUuiJ6lQpJWT9bCijm4'
                Source: 0.2.rliquida____odefaturadepagamento.exe.42c79e0.3.raw.unpack, yUrrkqupRAsTltVoPyO.csHigh entropy of concatenated method names: 'lkwurBP1DJ', 'gmiug7HHJt', 'oLTuXGCqkI', 'KVsuHLBBme', 'ytEuIEG7cs', 'N1KLp0MY9AIVyPeZtUV', 'fJNNRpMu8KgjVbkkHE8', 'FujSZmMApt47u0RTtAL', 'uNFQB2M85Paxqkmq9Ki', 'Vit1NbMvw4GUqEc5WJZ'
                Source: 0.2.rliquida____odefaturadepagamento.exe.42c79e0.3.raw.unpack, QgF1OWD2EelPT6880Z.csHigh entropy of concatenated method names: 'u9xcV7Kch', 'FSEy0Enre', 'aL2C0Uavv', 'NjSkPBCOT', 'Vg9oYYC8Pyk4WJKYxEX', 'GIPXEXCYubl3KLpFAQY', 'GVt5aqCuRYG7uWgCq2S', 'alMqvuCvlfYPdl2UdYO', 'nupN5QCQ1W89mAwBAsV', 'dUwL9NC9CGUgXKNAo1Z'
                Source: 0.2.rliquida____odefaturadepagamento.exe.42c79e0.3.raw.unpack, kkfKRnx8Lr2EUhJhdgb.csHigh entropy of concatenated method names: 'hK0xu1EZXg', 'FTFxvaBvVd', 'Cepx9CfRNv', 'a6EbM7lD720jss2RXpP', 'tDQPhplK6OBSyn99dP2', 'AgjW6MlJcL8lWiK2byX', 'isIdGml5VfXIQc3Xthk', 'z5ptsylcu9nru6FcLtq', 'wF8HbUlyhw6NnWAW9GK'
                Source: 0.2.rliquida____odefaturadepagamento.exe.42c79e0.3.raw.unpack, tqPNnXvyZl5mgsjm3ri.csHigh entropy of concatenated method names: 'RtlInitUnicodeString', 'LdrLoadDll', 'RtlZeroMemory', 'NtQueryInformationProcess', 'JPgvCn1scf', 'NtProtectVirtualMemory', 'XQM3wrFXsIvNwYQqwOt', 'AgvDU7FHLa2c7V9R2YA', 'OvdjiXFruLhQS6wj9Bh', 'Sp28aFFguwFhJgHRZJM'
                Source: 0.2.rliquida____odefaturadepagamento.exe.42c79e0.3.raw.unpack, K22qnTxJ54p1SBQCxBl.csHigh entropy of concatenated method names: 'DWnxDKClVf', 'D8AiH5rYHybeB7aUVHw', 'qvfTCWruSA0eYPNeNPi', 'JfqyLcrvoKQEwZaSENu', 'NeC7QrrQVMM0kSMHcGE', 'bEXkiCr9fxcyk4PIW6i', 'hMCGZyr3U8dXM9GiYQ0', 'EruvhfrxXdtt8gu8SYT', 'fDfClPrhk2i3Ro3mHZT', 'NKrSiQriPig8JYS9P4n'
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeFile created: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\InstallUtil.exe.logJump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run KoerxmxvkhJump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run KoerxmxvkhJump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX

                Malware Analysis System Evasion

                barindex
                Yara detected AntiVM3
                Source: Yara matchFile source: Process Memory Space: rliquida____odefaturadepagamento.exe PID: 3200, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: Koerxmxvkh.exe PID: 1440, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: Koerxmxvkh.exe PID: 3168, type: MEMORYSTR
                Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                Source: rliquida____odefaturadepagamento.exe, 00000000.00000002.2044343749.0000000003021000.00000004.00000800.00020000.00000000.sdmp, Koerxmxvkh.exe, 00000003.00000002.2177753295.0000000002F71000.00000004.00000800.00020000.00000000.sdmp, Koerxmxvkh.exe, 00000006.00000002.2266200449.0000000003469000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeMemory allocated: 2D70000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeMemory allocated: 3020000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeMemory allocated: 2D70000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2480000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2640000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2480000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeMemory allocated: 13E0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeMemory allocated: 2F70000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeMemory allocated: 2E70000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2A20000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2BD0000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 4BD0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeMemory allocated: 19A0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeMemory allocated: 3400000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeMemory allocated: 3300000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 21D0000 memory reserve | memory write watch
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2390000 memory reserve | memory write watch
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 4390000 memory reserve | memory write watch
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 600000Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599891Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599782Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599657Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599532Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599419Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599312Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599158Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598963Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598810Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598672Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598544Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598434Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598328Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598219Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598094Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597985Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597860Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597735Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597610Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597485Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597360Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597235Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597110Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596985Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596860Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596735Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596610Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596485Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596328Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596218Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596028Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595922Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595813Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595703Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595594Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595485Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595360Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595235Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595110Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594985Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594860Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594735Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594610Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594485Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594360Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594235Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594110Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 593985Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 593860Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 593735Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 593578Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 600000Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599889Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599778Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599672Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599563Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599438Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599313Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599188Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599063Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598953Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598844Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598719Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598610Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598485Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598360Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598235Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598110Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597985Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597860Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597735Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597610Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597485Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597360Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597235Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597110Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596985Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596860Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596735Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596610Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596485Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596360Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596235Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596110Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595985Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595860Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595735Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595610Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595485Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595360Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595235Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595110Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594985Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594860Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594735Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594610Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594485Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594360Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594235Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594094Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 593969Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 600000
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599891
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599766
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599657
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599532
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599407
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599297
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599188
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599063
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598938
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598813
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598688
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598579
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598454
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598329
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598204
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598079
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597954
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597829
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597704
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597579
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597454
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597329
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597204
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597079
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596954
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596829
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596704
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596579
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596454
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596329
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596204
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596079
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595954
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595841
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595719
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595609
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595500
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595391
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595282
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595157
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595047
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594938
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594813
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594688
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594563
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594438
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594329
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594204
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594079
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 1937Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 7870Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 1635Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 8177Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 1350
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 8482
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 428Thread sleep count: 36 > 30Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 428Thread sleep time: -33204139332677172s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 428Thread sleep time: -600000s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5004Thread sleep count: 1937 > 30Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 428Thread sleep time: -599891s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5004Thread sleep count: 7870 > 30Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 428Thread sleep time: -599782s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 428Thread sleep time: -599657s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 428Thread sleep time: -599532s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 428Thread sleep time: -599419s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 428Thread sleep time: -599312s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 428Thread sleep time: -599158s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 428Thread sleep time: -598963s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 428Thread sleep time: -598810s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 428Thread sleep time: -598672s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 428Thread sleep time: -598544s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 428Thread sleep time: -598434s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 428Thread sleep time: -598328s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 428Thread sleep time: -598219s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 428Thread sleep time: -598094s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 428Thread sleep time: -597985s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 428Thread sleep time: -597860s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 428Thread sleep time: -597735s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 428Thread sleep time: -597610s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 428Thread sleep time: -597485s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 428Thread sleep time: -597360s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 428Thread sleep time: -597235s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 428Thread sleep time: -597110s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 428Thread sleep time: -596985s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 428Thread sleep time: -596860s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 428Thread sleep time: -596735s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 428Thread sleep time: -596610s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 428Thread sleep time: -596485s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 428Thread sleep time: -596328s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 428Thread sleep time: -596218s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 428Thread sleep time: -596028s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 428Thread sleep time: -595922s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 428Thread sleep time: -595813s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 428Thread sleep time: -595703s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 428Thread sleep time: -595594s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 428Thread sleep time: -595485s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 428Thread sleep time: -595360s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 428Thread sleep time: -595235s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 428Thread sleep time: -595110s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 428Thread sleep time: -594985s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 428Thread sleep time: -594860s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 428Thread sleep time: -594735s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 428Thread sleep time: -594610s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 428Thread sleep time: -594485s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 428Thread sleep time: -594360s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 428Thread sleep time: -594235s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 428Thread sleep time: -594110s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 428Thread sleep time: -593985s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 428Thread sleep time: -593860s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 428Thread sleep time: -593735s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 428Thread sleep time: -593578s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4476Thread sleep count: 37 > 30Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4476Thread sleep time: -34126476536362649s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4476Thread sleep time: -600000s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6444Thread sleep count: 1635 > 30Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4476Thread sleep time: -599889s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6444Thread sleep count: 8177 > 30Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4476Thread sleep time: -599778s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4476Thread sleep time: -599672s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4476Thread sleep time: -599563s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4476Thread sleep count: 38 > 30Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4476Thread sleep time: -599438s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4476Thread sleep time: -599313s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4476Thread sleep time: -599188s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4476Thread sleep time: -599063s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4476Thread sleep time: -598953s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4476Thread sleep time: -598844s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4476Thread sleep time: -598719s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4476Thread sleep time: -598610s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4476Thread sleep time: -598485s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4476Thread sleep time: -598360s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4476Thread sleep time: -598235s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4476Thread sleep time: -598110s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4476Thread sleep time: -597985s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4476Thread sleep time: -597860s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4476Thread sleep time: -597735s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4476Thread sleep time: -597610s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4476Thread sleep time: -597485s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4476Thread sleep time: -597360s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4476Thread sleep time: -597235s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4476Thread sleep time: -597110s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4476Thread sleep time: -596985s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4476Thread sleep time: -596860s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4476Thread sleep time: -596735s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4476Thread sleep time: -596610s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4476Thread sleep time: -596485s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4476Thread sleep time: -596360s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4476Thread sleep time: -596235s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4476Thread sleep time: -596110s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4476Thread sleep time: -595985s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4476Thread sleep time: -595860s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4476Thread sleep time: -595735s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4476Thread sleep time: -595610s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4476Thread sleep time: -595485s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4476Thread sleep time: -595360s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4476Thread sleep time: -595235s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4476Thread sleep time: -595110s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4476Thread sleep time: -594985s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4476Thread sleep time: -594860s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4476Thread sleep time: -594735s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4476Thread sleep time: -594610s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4476Thread sleep time: -594485s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4476Thread sleep time: -594360s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4476Thread sleep time: -594235s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4476Thread sleep time: -594094s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4476Thread sleep time: -593969s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1200Thread sleep time: -24903104499507879s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1200Thread sleep time: -600000s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5308Thread sleep count: 1350 > 30
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1200Thread sleep time: -599891s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5308Thread sleep count: 8482 > 30
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1200Thread sleep count: 35 > 30
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1200Thread sleep time: -599766s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1200Thread sleep time: -599657s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1200Thread sleep time: -599532s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1200Thread sleep time: -599407s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1200Thread sleep time: -599297s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1200Thread sleep time: -599188s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1200Thread sleep time: -599063s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1200Thread sleep time: -598938s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1200Thread sleep time: -598813s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1200Thread sleep time: -598688s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1200Thread sleep time: -598579s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1200Thread sleep time: -598454s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1200Thread sleep time: -598329s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1200Thread sleep time: -598204s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1200Thread sleep time: -598079s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1200Thread sleep time: -597954s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1200Thread sleep time: -597829s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1200Thread sleep time: -597704s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1200Thread sleep time: -597579s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1200Thread sleep time: -597454s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1200Thread sleep time: -597329s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1200Thread sleep time: -597204s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1200Thread sleep time: -597079s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1200Thread sleep time: -596954s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1200Thread sleep time: -596829s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1200Thread sleep time: -596704s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1200Thread sleep time: -596579s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1200Thread sleep time: -596454s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1200Thread sleep time: -596329s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1200Thread sleep time: -596204s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1200Thread sleep time: -596079s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1200Thread sleep time: -595954s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1200Thread sleep time: -595841s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1200Thread sleep time: -595719s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1200Thread sleep time: -595609s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1200Thread sleep time: -595500s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1200Thread sleep time: -595391s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1200Thread sleep time: -595282s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1200Thread sleep time: -595157s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1200Thread sleep time: -595047s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1200Thread sleep time: -594938s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1200Thread sleep time: -594813s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1200Thread sleep time: -594688s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1200Thread sleep time: -594563s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1200Thread sleep time: -594438s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1200Thread sleep time: -594329s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1200Thread sleep time: -594204s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1200Thread sleep time: -594079s >= -30000s
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 600000Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599891Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599782Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599657Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599532Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599419Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599312Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599158Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598963Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598810Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598672Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598544Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598434Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598328Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598219Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598094Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597985Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597860Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597735Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597610Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597485Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597360Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597235Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597110Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596985Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596860Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596735Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596610Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596485Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596328Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596218Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596028Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595922Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595813Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595703Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595594Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595485Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595360Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595235Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595110Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594985Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594860Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594735Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594610Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594485Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594360Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594235Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594110Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 593985Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 593860Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 593735Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 593578Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 600000Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599889Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599778Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599672Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599563Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599438Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599313Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599188Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599063Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598953Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598844Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598719Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598610Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598485Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598360Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598235Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598110Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597985Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597860Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597735Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597610Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597485Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597360Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597235Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597110Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596985Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596860Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596735Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596610Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596485Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596360Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596235Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596110Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595985Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595860Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595735Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595610Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595485Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595360Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595235Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595110Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594985Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594860Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594735Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594610Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594485Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594360Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594235Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594094Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 593969Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 600000
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599891
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599766
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599657
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599532
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599407
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599297
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599188
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599063
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598938
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598813
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598688
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598579
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598454
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598329
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598204
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598079
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597954
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597829
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597704
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597579
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597454
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597329
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597204
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597079
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596954
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596829
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596704
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596579
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596454
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596329
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596204
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596079
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595954
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595841
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595719
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595609
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595500
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595391
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595282
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595157
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595047
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594938
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594813
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594688
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594563
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594438
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594329
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594204
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594079
                Source: rliquida____odefaturadepagamento.exe, 00000000.00000002.2062593680.0000000005690000.00000004.08000000.00040000.00000000.sdmp, rliquida____odefaturadepagamento.exe, 00000000.00000002.2060230016.000000000429E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qgq9DW4BxccO5hGFSVY
                Source: Koerxmxvkh.exe, 00000006.00000002.2266200449.0000000003469000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SerialNumber0VMware|VIRTUAL|A M I|XenDselect * from Win32_ComputerSystem
                Source: Koerxmxvkh.exe, 00000006.00000002.2266200449.0000000003469000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: model0Microsoft|VMWare|Virtual
                Source: rliquida____odefaturadepagamento.exe, 00000000.00000002.2062593680.0000000005690000.00000004.08000000.00040000.00000000.sdmp, rliquida____odefaturadepagamento.exe, 00000000.00000002.2060230016.000000000429E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lZL6iqEmuJH4919sTrt
                Source: InstallUtil.exe, 00000004.00000002.2551692207.0000000000EA8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: InstallUtil.exe, 00000002.00000002.2355582772.00000000007B9000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2545853268.0000000000669000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Injects a PE file into a foreign processes
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 700000 value starts with: 4D5AJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5AJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 150000 value starts with: 4D5AJump to behavior
                Writes to foreign memory regions
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 700000Jump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 702000Jump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 722000Jump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 724000Jump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 48F008Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 422000Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 424000Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: A6B008Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 150000Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 152000Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 172000Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 174000Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 2F2008Jump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /C Y /N /D Y /T 3
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /C Y /N /D Y /T 3
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /C Y /N /D Y /T 3
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeQueries volume information: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeQueries volume information: C:\Users\user\AppData\Roaming\Koerxmxvkh.exe VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeQueries volume information: C:\Users\user\AppData\Roaming\Koerxmxvkh.exe VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\Koerxmxvkh.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformation
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                Source: C:\Users\user\Desktop\rliquida____odefaturadepagamento.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected Snake Keylogger
                Source: Yara matchFile source: 2.2.InstallUtil.exe.700000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.rliquida____odefaturadepagamento.exe.42209c0.5.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.rliquida____odefaturadepagamento.exe.41da780.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.Koerxmxvkh.exe.41e8a00.3.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.rliquida____odefaturadepagamento.exe.42209c0.5.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.Koerxmxvkh.exe.41e8a00.3.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000003.00000002.2195287029.00000000041E8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2177753295.0000000003366000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2266200449.0000000003786000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2355015844.0000000000702000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2195287029.0000000004024000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2060230016.000000000429E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2290932961.00000000044B5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2060230016.00000000041DA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.2555666774.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2044343749.0000000003021000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2357847009.0000000002641000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.2548344456.0000000002391000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: rliquida____odefaturadepagamento.exe PID: 3200, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 2448, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: Koerxmxvkh.exe PID: 1440, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 6644, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: Koerxmxvkh.exe PID: 3168, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 5028, type: MEMORYSTR
                Source: Yara matchFile source: 2.2.InstallUtil.exe.700000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.rliquida____odefaturadepagamento.exe.42209c0.5.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.rliquida____odefaturadepagamento.exe.41da780.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.Koerxmxvkh.exe.41e8a00.3.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.rliquida____odefaturadepagamento.exe.42209c0.5.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.Koerxmxvkh.exe.41e8a00.3.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000003.00000002.2195287029.00000000041E8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2177753295.0000000003366000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2266200449.0000000003786000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2355015844.0000000000702000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2195287029.0000000004024000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2060230016.000000000429E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2290932961.00000000044B5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2060230016.00000000041DA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2044343749.0000000003021000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: rliquida____odefaturadepagamento.exe PID: 3200, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 2448, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: Koerxmxvkh.exe PID: 1440, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: Koerxmxvkh.exe PID: 3168, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Yara detected Snake Keylogger
                Source: Yara matchFile source: 2.2.InstallUtil.exe.700000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.rliquida____odefaturadepagamento.exe.42209c0.5.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.rliquida____odefaturadepagamento.exe.41da780.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.Koerxmxvkh.exe.41e8a00.3.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.rliquida____odefaturadepagamento.exe.42209c0.5.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.Koerxmxvkh.exe.41e8a00.3.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000003.00000002.2195287029.00000000041E8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2177753295.0000000003366000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2266200449.0000000003786000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2355015844.0000000000702000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2195287029.0000000004024000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2060230016.000000000429E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2290932961.00000000044B5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2060230016.00000000041DA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.2555666774.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2044343749.0000000003021000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2357847009.0000000002641000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.2548344456.0000000002391000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: rliquida____odefaturadepagamento.exe PID: 3200, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 2448, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: Koerxmxvkh.exe PID: 1440, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 6644, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: Koerxmxvkh.exe PID: 3168, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 5028, type: MEMORYSTR

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                Scheduled Task/Job                		1
                Scheduled Task/Job                		211
                Process Injection                		1
                Masquerading                		OS Credential Dumping21
                Security Software Discovery                		Remote Services11
                Archive Collected Data                		11
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/Job1
                Registry Run Keys / Startup Folder                		1
                Scheduled Task/Job                		1
                Disable or Modify Tools                		LSASS Memory1
                Process Discovery                		Remote Desktop ProtocolData from Removable Media1
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAt1
                DLL Side-Loading                		1
                Registry Run Keys / Startup Folder                		31
                Virtualization/Sandbox Evasion                		Security Account Manager31
                Virtualization/Sandbox Evasion                		SMB/Windows Admin SharesData from Network Shared Drive2
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
                DLL Side-Loading                		211
                Process Injection                		NTDS1
                Application Window Discovery                		Distributed Component Object ModelInput Capture13
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Deobfuscate/Decode Files or Information                		LSA Secrets1
                System Network Configuration Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
                Obfuscated Files or Information                		Cached Domain Credentials1
                File and Directory Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
                Software Packing                		DCSync12
                System Information Discovery                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                DLL Side-Loading                		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1529044 Sample: rliquida____odefaturadepaga... Startdate: 08/10/2024 Architecture: WINDOWS Score: 100 50 reallyfreegeoip.org 2->50 52 checkip.dyndns.org 2->52 54 checkip.dyndns.com 2->54 56 Found malware configuration 2->56 58 Malicious sample detected (through community Yara rule) 2->58 60 Multi AV Scanner detection for submitted file 2->60 64 8 other signatures 2->64 9 rliquida____odefaturadepagamento.exe 1 4 2->9         started        13 Koerxmxvkh.exe 2 2->13         started        15 Koerxmxvkh.exe 2 2->15         started        signatures3 62 Tries to detect the country of the analysis system (by using the IP) 50->62 process4 file5 42 C:\Users\user\AppData\...\Koerxmxvkh.exe, PE32 9->42 dropped 44 C:\Users\...\Koerxmxvkh.exe:Zone.Identifier, ASCII 9->44 dropped 66 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 9->66 68 Writes to foreign memory regions 9->68 70 Injects a PE file into a foreign processes 9->70 17 InstallUtil.exe 15 4 9->17         started        72 Multi AV Scanner detection for dropped file 13->72 74 Machine Learning detection for dropped file 13->74 20 InstallUtil.exe 3 13->20         started        22 InstallUtil.exe 15->22         started        signatures6 process7 dnsIp8 46 reallyfreegeoip.org 188.114.96.3, 443, 49705, 49706 CLOUDFLARENETUS European Union 17->46 48 checkip.dyndns.com 132.226.8.169, 49704, 49707, 49709 UTMEMUS United States 17->48 24 cmd.exe 17->24         started        26 cmd.exe 20->26         started        28 cmd.exe 22->28         started        process9 process10 30 conhost.exe 24->30         started        32 choice.exe 24->32         started        34 conhost.exe 26->34         started        36 choice.exe 26->36         started        38 conhost.exe 28->38         started        40 choice.exe 28->40         started       

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                rliquida____odefaturadepagamento.exe26%ReversingLabsByteCode-MSIL.Trojan.Zilla
                rliquida____odefaturadepagamento.exe100%Joe Sandbox ML

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\Users\user\AppData\Roaming\Koerxmxvkh.exe100%Joe Sandbox ML
                C:\Users\user\AppData\Roaming\Koerxmxvkh.exe26%ReversingLabsByteCode-MSIL.Trojan.Zilla

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                http://checkip.dyndns.org/0%URL Reputationsafe
                https://stackoverflow.com/q/14436606/233540%URL Reputationsafe
                https://reallyfreegeoip.org/xml/8.46.123.33$0%URL Reputationsafe
                https://stackoverflow.com/q/11564914/23354;0%URL Reputationsafe
                https://stackoverflow.com/q/2152978/233540%URL Reputationsafe
                http://checkip.dyndns.org/q0%URL Reputationsafe
                http://reallyfreegeoip.org0%URL Reputationsafe
                https://reallyfreegeoip.org0%URL Reputationsafe
                http://checkip.dyndns.org0%URL Reputationsafe
                http://checkip.dyndns.com0%URL Reputationsafe
                https://reallyfreegeoip.org/xml/8.46.123.330%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                https://reallyfreegeoip.org/xml/0%URL Reputationsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                reallyfreegeoip.org
                		188.114.96.3
                		truetrue
                  		unknown
                  checkip.dyndns.com
                  		132.226.8.169
                  		truefalse
                    		unknown
                    checkip.dyndns.org
                    		unknown
                    		unknowntrue
                      		unknown

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      http://checkip.dyndns.org/false
                      • URL Reputation: safe
                      		unknown
                      https://reallyfreegeoip.org/xml/8.46.123.33false
                      • URL Reputation: safe
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://github.com/mgravell/protobuf-netirliquida____odefaturadepagamento.exe, 00000000.00000002.2063179296.00000000057F0000.00000004.08000000.00040000.00000000.sdmp, rliquida____odefaturadepagamento.exe, 00000000.00000002.2060230016.0000000004029000.00000004.00000800.00020000.00000000.sdmp, rliquida____odefaturadepagamento.exe, 00000000.00000002.2060230016.00000000041DA000.00000004.00000800.00020000.00000000.sdmpfalse
                        		unknown
                        https://stackoverflow.com/q/14436606/23354rliquida____odefaturadepagamento.exe, 00000000.00000002.2063179296.00000000057F0000.00000004.08000000.00040000.00000000.sdmp, rliquida____odefaturadepagamento.exe, 00000000.00000002.2044343749.0000000003021000.00000004.00000800.00020000.00000000.sdmp, rliquida____odefaturadepagamento.exe, 00000000.00000002.2060230016.0000000004029000.00000004.00000800.00020000.00000000.sdmp, rliquida____odefaturadepagamento.exe, 00000000.00000002.2060230016.00000000041DA000.00000004.00000800.00020000.00000000.sdmp, Koerxmxvkh.exe, 00000003.00000002.2177753295.0000000002F71000.00000004.00000800.00020000.00000000.sdmp, Koerxmxvkh.exe, 00000006.00000002.2266200449.00000000034C7000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://github.com/mgravell/protobuf-netJrliquida____odefaturadepagamento.exe, 00000000.00000002.2063179296.00000000057F0000.00000004.08000000.00040000.00000000.sdmp, rliquida____odefaturadepagamento.exe, 00000000.00000002.2060230016.0000000004029000.00000004.00000800.00020000.00000000.sdmp, rliquida____odefaturadepagamento.exe, 00000000.00000002.2060230016.00000000041DA000.00000004.00000800.00020000.00000000.sdmp, Koerxmxvkh.exe, 00000003.00000002.2195287029.0000000004170000.00000004.00000800.00020000.00000000.sdmp, Koerxmxvkh.exe, 00000006.00000002.2290932961.0000000004600000.00000004.00000800.00020000.00000000.sdmpfalse
                          		unknown
                          https://reallyfreegeoip.org/xml/8.46.123.33$InstallUtil.exe, 00000002.00000002.2357847009.00000000027A7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.00000000027B5000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.000000000278D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.00000000027F0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.00000000027E2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.000000000273C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.000000000279A000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D27000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D7D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D35000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D8B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002CD7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D42000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D50000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2548344456.000000000254B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2548344456.0000000002510000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2548344456.00000000024E7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2548344456.000000000253D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2548344456.00000000024F5000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2548344456.0000000002502000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2548344456.0000000002497000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://stackoverflow.com/q/11564914/23354;rliquida____odefaturadepagamento.exe, 00000000.00000002.2063179296.00000000057F0000.00000004.08000000.00040000.00000000.sdmp, rliquida____odefaturadepagamento.exe, 00000000.00000002.2060230016.0000000004029000.00000004.00000800.00020000.00000000.sdmp, rliquida____odefaturadepagamento.exe, 00000000.00000002.2060230016.00000000041DA000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://stackoverflow.com/q/2152978/23354rliquida____odefaturadepagamento.exe, 00000000.00000002.2063179296.00000000057F0000.00000004.08000000.00040000.00000000.sdmp, rliquida____odefaturadepagamento.exe, 00000000.00000002.2060230016.0000000004029000.00000004.00000800.00020000.00000000.sdmp, rliquida____odefaturadepagamento.exe, 00000000.00000002.2060230016.00000000041DA000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://checkip.dyndns.org/0InstallUtil.exe, 00000002.00000002.2357847009.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                            		unknown
                            http://checkip.dyndns.org/qrliquida____odefaturadepagamento.exe, 00000000.00000002.2044343749.0000000003021000.00000004.00000800.00020000.00000000.sdmp, rliquida____odefaturadepagamento.exe, 00000000.00000002.2060230016.000000000429E000.00000004.00000800.00020000.00000000.sdmp, rliquida____odefaturadepagamento.exe, 00000000.00000002.2060230016.00000000041DA000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2355015844.0000000000702000.00000040.00000400.00020000.00000000.sdmp, Koerxmxvkh.exe, 00000003.00000002.2195287029.00000000041E8000.00000004.00000800.00020000.00000000.sdmp, Koerxmxvkh.exe, 00000003.00000002.2177753295.0000000003366000.00000004.00000800.00020000.00000000.sdmp, Koerxmxvkh.exe, 00000003.00000002.2195287029.0000000004024000.00000004.00000800.00020000.00000000.sdmp, Koerxmxvkh.exe, 00000006.00000002.2266200449.0000000003786000.00000004.00000800.00020000.00000000.sdmp, Koerxmxvkh.exe, 00000006.00000002.2290932961.00000000044B5000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://reallyfreegeoip.orgInstallUtil.exe, 00000002.00000002.2357847009.00000000027A7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.00000000027B5000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.000000000278D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.00000000027F0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.00000000027E2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.000000000279A000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.0000000002712000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D27000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D7D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D35000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002CAC000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D8B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D42000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D50000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2548344456.000000000254B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2548344456.0000000002510000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2548344456.00000000024E7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2548344456.000000000246C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2548344456.000000000253D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2548344456.00000000024F5000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2548344456.0000000002502000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://github.com/mgravell/protobuf-netrliquida____odefaturadepagamento.exe, 00000000.00000002.2063179296.00000000057F0000.00000004.08000000.00040000.00000000.sdmp, rliquida____odefaturadepagamento.exe, 00000000.00000002.2060230016.0000000004029000.00000004.00000800.00020000.00000000.sdmp, rliquida____odefaturadepagamento.exe, 00000000.00000002.2060230016.00000000041DA000.00000004.00000800.00020000.00000000.sdmpfalse
                              		unknown
                              https://reallyfreegeoip.orgInstallUtil.exe, 00000002.00000002.2357847009.00000000027A7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.00000000027B5000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.000000000278D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.00000000027F0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.00000000027E2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.000000000273C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.000000000279A000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.00000000026FA000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D27000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D7D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D35000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D8B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002CD7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D42000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D50000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002C94000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2548344456.000000000254B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2548344456.0000000002510000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2548344456.00000000024E7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2548344456.0000000002454000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2548344456.000000000253D000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://checkip.dyndns.orgInstallUtil.exe, 00000002.00000002.2357847009.00000000027A7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.00000000027B5000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.000000000278D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.00000000027C2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.00000000027F0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.00000000027E2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.000000000273C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.000000000279A000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.00000000026FA000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.0000000002641000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D27000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D7D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D35000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D8B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002CD7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D42000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D50000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002C94000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002C88000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2548344456.000000000254B000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://checkip.dyndns.comInstallUtil.exe, 00000002.00000002.2357847009.00000000027A7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.00000000027B5000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.000000000278D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.00000000027F0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.00000000027E2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.000000000279A000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.00000000026FA000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D27000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D7D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D35000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D8B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D42000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002D50000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002C94000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2548344456.000000000254B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2548344456.0000000002510000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2548344456.00000000024E7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2548344456.0000000002454000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2548344456.000000000253D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2548344456.00000000024F5000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2548344456.0000000002502000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namerliquida____odefaturadepagamento.exe, 00000000.00000002.2044343749.0000000003021000.00000004.00000800.00020000.00000000.sdmp, rliquida____odefaturadepagamento.exe, 00000000.00000002.2044343749.0000000003398000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.0000000002641000.00000004.00000800.00020000.00000000.sdmp, Koerxmxvkh.exe, 00000003.00000002.2177753295.00000000032E5000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, Koerxmxvkh.exe, 00000006.00000002.2266200449.0000000003705000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2548344456.0000000002391000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              https://reallyfreegeoip.org/xml/rliquida____odefaturadepagamento.exe, 00000000.00000002.2044343749.0000000003021000.00000004.00000800.00020000.00000000.sdmp, rliquida____odefaturadepagamento.exe, 00000000.00000002.2060230016.000000000429E000.00000004.00000800.00020000.00000000.sdmp, rliquida____odefaturadepagamento.exe, 00000000.00000002.2060230016.00000000041DA000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2355015844.0000000000702000.00000040.00000400.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2357847009.00000000026FA000.00000004.00000800.00020000.00000000.sdmp, Koerxmxvkh.exe, 00000003.00000002.2195287029.00000000041E8000.00000004.00000800.00020000.00000000.sdmp, Koerxmxvkh.exe, 00000003.00000002.2177753295.0000000003366000.00000004.00000800.00020000.00000000.sdmp, Koerxmxvkh.exe, 00000003.00000002.2195287029.0000000004024000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2555666774.0000000002C94000.00000004.00000800.00020000.00000000.sdmp, Koerxmxvkh.exe, 00000006.00000002.2266200449.0000000003786000.00000004.00000800.00020000.00000000.sdmp, Koerxmxvkh.exe, 00000006.00000002.2290932961.00000000044B5000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2548344456.0000000002454000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown

                              World Map of Contacted IPs

                              • No. of IPs < 25%
                              • 25% < No. of IPs < 50%
                              • 50% < No. of IPs < 75%
                              • 75% < No. of IPs

                              Public IPs

                              IPDomainCountryFlagASNASN NameMalicious
                              132.226.8.169
                              		checkip.dyndns.comUnited States
                              		16989UTMEMUSfalse
                              188.114.96.3
                              		reallyfreegeoip.orgEuropean Union
                              		13335CLOUDFLARENETUStrue

                              General Information

                              Joe Sandbox version:41.0.0 Charoite
                              Analysis ID:1529044
                              Start date and time:2024-10-08 15:44:00 +02:00
                              Joe Sandbox product:CloudBasic
                              Overall analysis duration:0h 8m 15s
                              Hypervisor based Inspection enabled:false
                              Report type:full
                              Cookbook file name:default.jbs
                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                              Number of analysed new started processes analysed:18
                              Number of new started drivers analysed:0
                              Number of existing processes analysed:0
                              Number of existing drivers analysed:0
                              Number of injected processes analysed:0
                              Technologies:
                              • HCA enabled
                              • EGA enabled
                              • AMSI enabled
                              Analysis Mode:default
                              Analysis stop reason:Timeout
                              Sample name:rliquida____odefaturadepagamento.exe
                              Detection:MAL
                              Classification:mal100.troj.evad.winEXE@24/3@2/2
                              EGA Information:
                              • Successful, ratio: 50%
                              HCA Information:
                              • Successful, ratio: 96%
                              • Number of executed functions: 495
                              • Number of non-executed functions: 36
                              Cookbook Comments:
                              • Found application associated with file extension: .exe

                              Warnings

                              • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                              • Excluded domains from analysis (whitelisted): d.8.0.a.e.e.f.b.0.0.0.0.0.0.0.0.5.0.0.0.0.0.8.0.0.3.0.1.3.0.6.2.ip6.arpa, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                              • Execution Graph export aborted for target InstallUtil.exe, PID 2448 because it is empty
                              • Execution Graph export aborted for target InstallUtil.exe, PID 5028 because it is empty
                              • Execution Graph export aborted for target InstallUtil.exe, PID 6644 because it is empty
                              • Not all processes where analyzed, report is missing behavior information
                              • Report size exceeded maximum capacity and may have missing behavior information.
                              • Report size exceeded maximum capacity and may have missing disassembly code.
                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                              • Report size getting too big, too many NtOpenKeyEx calls found.
                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                              • Report size getting too big, too many NtQueryValueKey calls found.
                              • Report size getting too big, too many NtReadVirtualMemory calls found.
                              • VT rate limit hit for: rliquida____odefaturadepagamento.exe

                              Simulations

                              Behavior and APIs

                              TimeTypeDescription
                              09:44:53API Interceptor599x Sleep call for process: InstallUtil.exe modified
                              15:44:54AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Koerxmxvkh C:\Users\user\AppData\Roaming\Koerxmxvkh.exe
                              15:45:03AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Koerxmxvkh C:\Users\user\AppData\Roaming\Koerxmxvkh.exe

                              Joe Sandbox View / Context

                              IPs

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              132.226.8.1693g833ZIrnA.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                              • checkip.dyndns.org/
                              QUOTATION_OCTQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                              • checkip.dyndns.org/
                              PO_89_202876.Pdf.exeGet hashmaliciousMassLogger RAT, Snake Keylogger, VIP KeyloggerBrowse
                              • checkip.dyndns.org/
                              EUYIlr7uUX.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                              • checkip.dyndns.org/
                              wrong bank details.exeGet hashmaliciousMassLogger RATBrowse
                              • checkip.dyndns.org/
                              PO.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                              • checkip.dyndns.org/
                              8038.exeGet hashmaliciousSnake KeyloggerBrowse
                              • checkip.dyndns.org/
                              COMPANY PROFILE_pdf.exeGet hashmaliciousDarkTortilla, Snake KeyloggerBrowse
                              • checkip.dyndns.org/
                              na.htaGet hashmaliciousCobalt Strike, Snake KeyloggerBrowse
                              • checkip.dyndns.org/
                              Confirmation transfer AGS # 03-10-24.scr.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                              • checkip.dyndns.org/
                              188.114.96.3QUOTATION_OCTQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                              • filetransfer.io/data-package/fOmsJ2bL/download
                              NARLOG 08.10.2024.exeGet hashmaliciousFormBookBrowse
                              • www.thetahostthe.top/9r5x/
                              RFQ 245801.exeGet hashmaliciousFormBookBrowse
                              • www.j88.travel/c24t/?9rm4ULV=iDjdFcjw5QZJ8NeJJL4ZS/2sliUdDJEhqWnTSCKxgeFtQoD7uajT9bZ2+m2NwmP2xDXw&D4hl2=fT-dvVK08nUDKdF
                              74qgPmarBM.exeGet hashmaliciousPonyBrowse
                              • kuechenundmehr.com/x.htm
                              PURCHASE ORDER-6350.exeGet hashmaliciousFormBookBrowse
                              • www.cc101.pro/ttiz/
                              http://revexhibition.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                              • revexhibition.pages.dev/favicon.ico
                              http://meta.case-page-appeal.eu/community-standard/112225492204863/Get hashmaliciousUnknownBrowse
                              • meta.case-page-appeal.eu/assets/k9854w4e5136q5a-f2169603.png
                              http://www.tkmall-wholesale.com/Get hashmaliciousUnknownBrowse
                              • www.tkmall-wholesale.com/
                              c1#U09a6.exeGet hashmaliciousUnknownBrowse
                              • winfileshare.com/ticket_line/llb.php
                              QUOTATION_OCTQTRA071244PDF.scr.exeGet hashmaliciousUnknownBrowse
                              • filetransfer.io/data-package/eZFzMENr/download

                              Domains

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              reallyfreegeoip.org114mCZlpa3.exeGet hashmaliciousSnake KeyloggerBrowse
                              • 188.114.97.3
                              Request for Quotation Plug Valve.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                              • 188.114.96.3
                              3g833ZIrnA.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                              • 188.114.97.3
                              103_25IBOT242790502_725597355.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                              • 188.114.97.3
                              tax-invoice-0711.exeGet hashmaliciousSnake KeyloggerBrowse
                              • 188.114.97.3
                              PO-009 Compurent.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                              • 188.114.96.3
                              TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeGet hashmaliciousMassLogger RAT, Snake Keylogger, VIP KeyloggerBrowse
                              • 188.114.97.3
                              Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeGet hashmaliciousSnake KeyloggerBrowse
                              • 188.114.97.3
                              NXPYoHNSgv.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                              • 188.114.96.3
                              Order.docx.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                              • 188.114.97.3
                              checkip.dyndns.com114mCZlpa3.exeGet hashmaliciousSnake KeyloggerBrowse
                              • 193.122.6.168
                              Request for Quotation Plug Valve.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                              • 193.122.130.0
                              3g833ZIrnA.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                              • 132.226.8.169
                              103_25IBOT242790502_725597355.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                              • 158.101.44.242
                              tax-invoice-0711.exeGet hashmaliciousSnake KeyloggerBrowse
                              • 193.122.130.0
                              PO-009 Compurent.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                              • 158.101.44.242
                              TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeGet hashmaliciousMassLogger RAT, Snake Keylogger, VIP KeyloggerBrowse
                              • 158.101.44.242
                              Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeGet hashmaliciousSnake KeyloggerBrowse
                              • 193.122.6.168
                              PO.L0009316.Pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                              • 193.122.6.168
                              NXPYoHNSgv.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                              • 132.226.247.73

                              ASNs

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              UTMEMUS3g833ZIrnA.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                              • 132.226.8.169
                              na.elfGet hashmaliciousUnknownBrowse
                              • 132.224.223.52
                              NXPYoHNSgv.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                              • 132.226.247.73
                              Order.docx.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                              • 132.226.247.73
                              QUOTATION_OCTQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                              • 132.226.8.169
                              PO_89_202876.Pdf.exeGet hashmaliciousMassLogger RAT, Snake Keylogger, VIP KeyloggerBrowse
                              • 132.226.8.169
                              RFQ PAL-10GN SN 2001964_xls.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                              • 132.226.247.73
                              EUYIlr7uUX.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                              • 132.226.8.169
                              ABH projesi_SLG6%0190%_fiyat teklif - PO240017 xlsx.exeGet hashmaliciousSnake KeyloggerBrowse
                              • 132.226.247.73
                              wrong bank details.exeGet hashmaliciousMassLogger RATBrowse
                              • 132.226.8.169
                              CLOUDFLARENETUSMaersk BL, IN & PL.xlsGet hashmaliciousRemcosBrowse
                              • 188.114.96.3
                              PO20241008.xlsGet hashmaliciousUnknownBrowse
                              • 188.114.96.3
                              file.exeGet hashmaliciousLummaCBrowse
                              • 104.21.53.8
                              PO20241008.xlsGet hashmaliciousUnknownBrowse
                              • 188.114.96.3
                              original (3).emlGet hashmaliciousUnknownBrowse
                              • 172.64.41.3
                              https://dvj-305jg-9h.car-financeclaim.co.uk/4-604-9vh-9h35g-h3.html#info@tintolaw.co.zaGet hashmaliciousHTMLPhisherBrowse
                              • 104.17.25.14
                              PO20241008.xlsGet hashmaliciousUnknownBrowse
                              • 188.114.96.3
                              QPS-36477.xlsGet hashmaliciousRemcosBrowse
                              • 188.114.96.3
                              PO59458.exeGet hashmaliciousFormBookBrowse
                              • 104.21.73.154
                              114mCZlpa3.exeGet hashmaliciousSnake KeyloggerBrowse
                              • 188.114.97.3

                              JA3 Fingerprints

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              54328bd36c14bd82ddaa0c04b25ed9ad114mCZlpa3.exeGet hashmaliciousSnake KeyloggerBrowse
                              • 188.114.96.3
                              Request for Quotation Plug Valve.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                              • 188.114.96.3
                              3g833ZIrnA.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                              • 188.114.96.3
                              103_25IBOT242790502_725597355.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                              • 188.114.96.3
                              tax-invoice-0711.exeGet hashmaliciousSnake KeyloggerBrowse
                              • 188.114.96.3
                              PO-009 Compurent.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                              • 188.114.96.3
                              TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeGet hashmaliciousMassLogger RAT, Snake Keylogger, VIP KeyloggerBrowse
                              • 188.114.96.3
                              Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeGet hashmaliciousSnake KeyloggerBrowse
                              • 188.114.96.3
                              NXPYoHNSgv.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                              • 188.114.96.3
                              QUOTATION_OCTQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                              • 188.114.96.3

                              Dropped Files

                              No context

                              Created / dropped Files

                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\InstallUtil.exe.log

                              Download File
                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):1039
                              Entropy (8bit):5.353332853270839
                              Encrypted:false
                              SSDEEP:24:ML9E4KiE4Ko84qXKDE4KhKiKhPKIE4oKNzKoZAE4KzeR:MxHKiHKoviYHKh3oPtHo6hAHKzeR
                              MD5:A4AF0F36EC4E0C69DC0F860C891E8BBE
                              SHA1:28DD81A1EDDF71CBCBF86DA986E047279EF097CD
                              SHA-256:B038D4342E4DD96217BD90CFE32581FCCB381C5C2E6FF257CD32854F840D1FDE
                              SHA-512:A675D3E9DB5BDD325A22E82C6BCDBD5409D7A34453DAAEB0E37206BE982C388547E1BDF22DC70393C69D0CE55635E2364502572C3AD2E6753A56A5C3893F6D69
                              Malicious:false
                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e

                              C:\Users\user\AppData\Roaming\Koerxmxvkh.exe

                              Download File
                              Process:C:\Users\user\Desktop\rliquida____odefaturadepagamento.exe
                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                              Category:dropped
                              Size (bytes):2386432
                              Entropy (8bit):7.075903643231651
                              Encrypted:false
                              SSDEEP:24576:XNw5wQb8vxzKM8LKbaxrNzlEUBFs6JYH2oDXPtJv55njhYzuyKpraS7FFX:XNQbNEaxrNzl5FYJLtpxwuyuF
                              MD5:383574FCB2A1B030666CB7C3BE603445
                              SHA1:2FCF52B141D329798D4D9C6FC1C2B3326A8CCDC9
                              SHA-256:B0A9E6A7DECCDA1F29E48F243F15E225F59E9FE11E7CE25F9433E3F8D233AD6C
                              SHA-512:92F6BBB31D94F72E3FDF1396270563647F22F853828658AB9843616CB2D534CE2B3081DF87BB2129BEE267CFA83F8AAA7DFAF447A8D104A6C89EF049A4562E8A
                              Malicious:true
                              Antivirus:
                              • Antivirus: Joe Sandbox ML, Detection: 100%
                              • Antivirus: ReversingLabs, Detection: 26%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Y.g.................`$.........N.$.. ....$...@.. ........................$...........`...................................$.K.....$.`.....................$...................................................... ............... ..H............text...T_$.. ...`$................. ..`.rsrc...`.....$......b$.............@..@.reloc........$......h$.............@..B................0.$.....H............0......7.......&U...........................................*...(....*...(....*..(....*.0.......... '.......8........E(...v.......L...>.......m...<.......................?...........+...[...........;...}...............................q...........>.......P...].......................8q........YY#.......?..ZC(... ....~d...{5...:*...& ....8.......(....*....l[*8.... ....8....#........*......(....X.. ....8.......=.... ....~d...{L...:....& ....8.......X.. ....~d...{2...

                              C:\Users\user\AppData\Roaming\Koerxmxvkh.exe:Zone.Identifier

                              Download File
                              Process:C:\Users\user\Desktop\rliquida____odefaturadepagamento.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:modified
                              Size (bytes):26
                              Entropy (8bit):3.95006375643621
                              Encrypted:false
                              SSDEEP:3:ggPYV:rPYV
                              MD5:187F488E27DB4AF347237FE461A079AD
                              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                              Malicious:true
                              Preview:[ZoneTransfer]....ZoneId=0

                              Static File Info

                              General

                              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                              Entropy (8bit):7.075903643231651
                              TrID:
                              • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                              • Win32 Executable (generic) a (10002005/4) 49.78%
                              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                              • Win16/32 Executable Delphi generic (2074/23) 0.01%
                              • Generic Win/DOS Executable (2004/3) 0.01%
                              File name:rliquida____odefaturadepagamento.exe
                              File size:2'386'432 bytes
                              MD5:383574fcb2a1b030666cb7c3be603445
                              SHA1:2fcf52b141d329798d4d9c6fc1c2b3326a8ccdc9
                              SHA256:b0a9e6a7deccda1f29e48f243f15e225f59e9fe11e7ce25f9433e3f8d233ad6c
                              SHA512:92f6bbb31d94f72e3fdf1396270563647f22f853828658ab9843616cb2d534ce2b3081df87bb2129bee267cfa83f8aaa7dfaf447a8d104a6c89ef049a4562e8a
                              SSDEEP:24576:XNw5wQb8vxzKM8LKbaxrNzlEUBFs6JYH2oDXPtJv55njhYzuyKpraS7FFX:XNQbNEaxrNzl5FYJLtpxwuyuF
                              TLSH:B5B55997B94BB8F1C2BE877AC58B5C284374D9412213FA1A74CE235625433B6FA49C4F
                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Y.g.................`$.........N.$.. ....$...@.. ........................$...........`................................

                              File Icon

                              Icon Hash:00928e8e8686b000

                              Static PE Info

                              General

                              Entrypoint:0x647f4e
                              Entrypoint Section:.text
                              Digitally signed:false
                              Imagebase:0x400000
                              Subsystem:windows gui
                              Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                              DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                              Time Stamp:0x670459A8 [Mon Oct 7 21:59:04 2024 UTC]
                              TLS Callbacks:
                              CLR (.Net) Version:
                              OS Version Major:4
                              OS Version Minor:0
                              File Version Major:4
                              File Version Minor:0
                              Subsystem Version Major:4
                              Subsystem Version Minor:0
                              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                              Entrypoint Preview

                              Instruction
                              jmp dword ptr [00402000h]
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add al, 00h
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add al, byte ptr [eax]
                              adc byte ptr [eax], al
                              add byte ptr [eax], al
                              and byte ptr [eax], al

                              Data Directories

                              NameVirtual AddressVirtual Size Is in Section
                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_IMPORT0x247f000x4b.text
                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x2480000x560.rsrc
                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x24a0000xc.reloc
                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                              Sections

                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                              .text0x20000x245f540x246000032da2284c522dc749a06ece67d5b1ebunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              .rsrc0x2480000x5600x60000937d20e74e901c2c6dcf8449d515dcFalse0.4069010416666667data3.885797457433819IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                              .reloc0x24a0000xc0x200fe26ab3a9d373bac486f33dd6f3fc549False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                              Resources

                              NameRVASizeTypeLanguageCountryZLIB Complexity
                              RT_VERSION0x2480a00x30cdata0.42948717948717946
                              RT_MANIFEST0x2483ac0x1b4XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (433), with no line terminators0.5642201834862385

                              Imports

                              DLLImport
                              mscoree.dll_CorExeMain

                              Network Behavior

                              Suricata IDS Alerts

                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                              2024-10-08T15:44:53.271736+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549704132.226.8.16980TCP
                              2024-10-08T15:44:54.412161+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549704132.226.8.16980TCP
                              2024-10-08T15:44:54.971771+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549706188.114.96.3443TCP
                              2024-10-08T15:44:55.896514+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549707132.226.8.16980TCP
                              2024-10-08T15:44:56.477684+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549708188.114.96.3443TCP
                              2024-10-08T15:44:57.412233+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549709132.226.8.16980TCP
                              2024-10-08T15:45:13.209011+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549714132.226.8.16980TCP
                              2024-10-08T15:45:16.214292+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549743188.114.96.3443TCP
                              2024-10-08T15:45:16.215883+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549714132.226.8.16980TCP
                              2024-10-08T15:45:16.885099+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549748188.114.96.3443TCP
                              2024-10-08T15:45:21.834009+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549742132.226.8.16980TCP
                              2024-10-08T15:45:22.678325+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549785188.114.96.3443TCP
                              2024-10-08T15:45:23.130920+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549742132.226.8.16980TCP
                              2024-10-08T15:45:23.775616+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549796188.114.96.3443TCP
                              2024-10-08T15:45:25.381017+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549754132.226.8.16980TCP
                              2024-10-08T15:45:28.255945+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549801132.226.8.16980TCP
                              2024-10-08T15:45:31.637943+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549853188.114.96.3443TCP
                              2024-10-08T15:45:31.812166+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549855188.114.96.3443TCP
                              2024-10-08T15:45:35.899895+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549876188.114.96.3443TCP

                              Network Port Distribution

                              TCP Packets

                              TimestampSource PortDest PortSource IPDest IP
                              Oct 8, 2024 15:44:51.829777002 CEST4970480192.168.2.5132.226.8.169
                              Oct 8, 2024 15:44:51.834778070 CEST8049704132.226.8.169192.168.2.5
                              Oct 8, 2024 15:44:51.835315943 CEST4970480192.168.2.5132.226.8.169
                              Oct 8, 2024 15:44:51.835316896 CEST4970480192.168.2.5132.226.8.169
                              Oct 8, 2024 15:44:51.840282917 CEST8049704132.226.8.169192.168.2.5
                              Oct 8, 2024 15:44:52.703668118 CEST8049704132.226.8.169192.168.2.5
                              Oct 8, 2024 15:44:52.759736061 CEST4970480192.168.2.5132.226.8.169
                              Oct 8, 2024 15:44:52.779891968 CEST4970480192.168.2.5132.226.8.169
                              Oct 8, 2024 15:44:52.786962032 CEST8049704132.226.8.169192.168.2.5
                              Oct 8, 2024 15:44:53.219773054 CEST8049704132.226.8.169192.168.2.5
                              Oct 8, 2024 15:44:53.265906096 CEST49705443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:44:53.266001940 CEST44349705188.114.96.3192.168.2.5
                              Oct 8, 2024 15:44:53.266079903 CEST49705443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:44:53.271735907 CEST4970480192.168.2.5132.226.8.169
                              Oct 8, 2024 15:44:53.298069954 CEST49705443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:44:53.298139095 CEST44349705188.114.96.3192.168.2.5
                              Oct 8, 2024 15:44:53.819816113 CEST44349705188.114.96.3192.168.2.5
                              Oct 8, 2024 15:44:53.819910049 CEST49705443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:44:53.825874090 CEST49705443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:44:53.825925112 CEST44349705188.114.96.3192.168.2.5
                              Oct 8, 2024 15:44:53.826328993 CEST44349705188.114.96.3192.168.2.5
                              Oct 8, 2024 15:44:53.880901098 CEST49705443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:44:53.886720896 CEST49705443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:44:53.931400061 CEST44349705188.114.96.3192.168.2.5
                              Oct 8, 2024 15:44:54.024240971 CEST44349705188.114.96.3192.168.2.5
                              Oct 8, 2024 15:44:54.024352074 CEST44349705188.114.96.3192.168.2.5
                              Oct 8, 2024 15:44:54.024415970 CEST49705443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:44:54.054373026 CEST49705443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:44:54.057854891 CEST4970480192.168.2.5132.226.8.169
                              Oct 8, 2024 15:44:54.062781096 CEST8049704132.226.8.169192.168.2.5
                              Oct 8, 2024 15:44:54.364952087 CEST8049704132.226.8.169192.168.2.5
                              Oct 8, 2024 15:44:54.368056059 CEST49706443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:44:54.368089914 CEST44349706188.114.96.3192.168.2.5
                              Oct 8, 2024 15:44:54.368163109 CEST49706443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:44:54.368424892 CEST49706443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:44:54.368437052 CEST44349706188.114.96.3192.168.2.5
                              Oct 8, 2024 15:44:54.412161112 CEST4970480192.168.2.5132.226.8.169
                              Oct 8, 2024 15:44:54.827510118 CEST44349706188.114.96.3192.168.2.5
                              Oct 8, 2024 15:44:54.830322027 CEST49706443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:44:54.830411911 CEST44349706188.114.96.3192.168.2.5
                              Oct 8, 2024 15:44:54.971807003 CEST44349706188.114.96.3192.168.2.5
                              Oct 8, 2024 15:44:54.971923113 CEST44349706188.114.96.3192.168.2.5
                              Oct 8, 2024 15:44:54.971992016 CEST49706443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:44:54.975712061 CEST49706443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:44:54.980784893 CEST4970480192.168.2.5132.226.8.169
                              Oct 8, 2024 15:44:54.982364893 CEST4970780192.168.2.5132.226.8.169
                              Oct 8, 2024 15:44:54.986912966 CEST8049704132.226.8.169192.168.2.5
                              Oct 8, 2024 15:44:54.987413883 CEST4970480192.168.2.5132.226.8.169
                              Oct 8, 2024 15:44:54.987915993 CEST8049707132.226.8.169192.168.2.5
                              Oct 8, 2024 15:44:54.987996101 CEST4970780192.168.2.5132.226.8.169
                              Oct 8, 2024 15:44:54.988102913 CEST4970780192.168.2.5132.226.8.169
                              Oct 8, 2024 15:44:54.993490934 CEST8049707132.226.8.169192.168.2.5
                              Oct 8, 2024 15:44:55.853249073 CEST8049707132.226.8.169192.168.2.5
                              Oct 8, 2024 15:44:55.855542898 CEST49708443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:44:55.855597019 CEST44349708188.114.96.3192.168.2.5
                              Oct 8, 2024 15:44:55.855654955 CEST49708443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:44:55.856161118 CEST49708443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:44:55.856175900 CEST44349708188.114.96.3192.168.2.5
                              Oct 8, 2024 15:44:55.896513939 CEST4970780192.168.2.5132.226.8.169
                              Oct 8, 2024 15:44:56.332057953 CEST44349708188.114.96.3192.168.2.5
                              Oct 8, 2024 15:44:56.334078074 CEST49708443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:44:56.334103107 CEST44349708188.114.96.3192.168.2.5
                              Oct 8, 2024 15:44:56.477705956 CEST44349708188.114.96.3192.168.2.5
                              Oct 8, 2024 15:44:56.477814913 CEST44349708188.114.96.3192.168.2.5
                              Oct 8, 2024 15:44:56.477874994 CEST49708443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:44:56.478306055 CEST49708443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:44:56.481951952 CEST4970780192.168.2.5132.226.8.169
                              Oct 8, 2024 15:44:56.483159065 CEST4970980192.168.2.5132.226.8.169
                              Oct 8, 2024 15:44:56.487648010 CEST8049707132.226.8.169192.168.2.5
                              Oct 8, 2024 15:44:56.487737894 CEST4970780192.168.2.5132.226.8.169
                              Oct 8, 2024 15:44:56.488725901 CEST8049709132.226.8.169192.168.2.5
                              Oct 8, 2024 15:44:56.488809109 CEST4970980192.168.2.5132.226.8.169
                              Oct 8, 2024 15:44:56.488917112 CEST4970980192.168.2.5132.226.8.169
                              Oct 8, 2024 15:44:56.493787050 CEST8049709132.226.8.169192.168.2.5
                              Oct 8, 2024 15:44:57.359774113 CEST8049709132.226.8.169192.168.2.5
                              Oct 8, 2024 15:44:57.361509085 CEST49710443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:44:57.361566067 CEST44349710188.114.96.3192.168.2.5
                              Oct 8, 2024 15:44:57.361639977 CEST49710443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:44:57.361893892 CEST49710443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:44:57.361907959 CEST44349710188.114.96.3192.168.2.5
                              Oct 8, 2024 15:44:57.412233114 CEST4970980192.168.2.5132.226.8.169
                              Oct 8, 2024 15:44:57.846072912 CEST44349710188.114.96.3192.168.2.5
                              Oct 8, 2024 15:44:57.849117041 CEST49710443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:44:57.849157095 CEST44349710188.114.96.3192.168.2.5
                              Oct 8, 2024 15:44:58.183765888 CEST44349710188.114.96.3192.168.2.5
                              Oct 8, 2024 15:44:58.183856010 CEST44349710188.114.96.3192.168.2.5
                              Oct 8, 2024 15:44:58.183937073 CEST49710443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:44:58.186583996 CEST49710443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:44:58.226495028 CEST4971180192.168.2.5132.226.8.169
                              Oct 8, 2024 15:44:58.231580019 CEST8049711132.226.8.169192.168.2.5
                              Oct 8, 2024 15:44:58.231718063 CEST4971180192.168.2.5132.226.8.169
                              Oct 8, 2024 15:44:58.233828068 CEST4971180192.168.2.5132.226.8.169
                              Oct 8, 2024 15:44:58.238779068 CEST8049711132.226.8.169192.168.2.5
                              Oct 8, 2024 15:44:59.284961939 CEST8049711132.226.8.169192.168.2.5
                              Oct 8, 2024 15:44:59.286740065 CEST49712443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:44:59.286799908 CEST44349712188.114.96.3192.168.2.5
                              Oct 8, 2024 15:44:59.286864042 CEST49712443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:44:59.287410975 CEST49712443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:44:59.287430048 CEST44349712188.114.96.3192.168.2.5
                              Oct 8, 2024 15:44:59.334121943 CEST4971180192.168.2.5132.226.8.169
                              Oct 8, 2024 15:44:59.765170097 CEST44349712188.114.96.3192.168.2.5
                              Oct 8, 2024 15:44:59.766735077 CEST49712443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:44:59.766752005 CEST44349712188.114.96.3192.168.2.5
                              Oct 8, 2024 15:44:59.917120934 CEST44349712188.114.96.3192.168.2.5
                              Oct 8, 2024 15:44:59.917233944 CEST44349712188.114.96.3192.168.2.5
                              Oct 8, 2024 15:44:59.917304039 CEST49712443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:44:59.917953968 CEST49712443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:44:59.921417952 CEST4971180192.168.2.5132.226.8.169
                              Oct 8, 2024 15:44:59.922030926 CEST4971380192.168.2.5132.226.8.169
                              Oct 8, 2024 15:44:59.927719116 CEST8049713132.226.8.169192.168.2.5
                              Oct 8, 2024 15:44:59.927820921 CEST4971380192.168.2.5132.226.8.169
                              Oct 8, 2024 15:44:59.928431988 CEST4971380192.168.2.5132.226.8.169
                              Oct 8, 2024 15:44:59.928586006 CEST8049711132.226.8.169192.168.2.5
                              Oct 8, 2024 15:44:59.928632975 CEST4971180192.168.2.5132.226.8.169
                              Oct 8, 2024 15:44:59.933713913 CEST8049713132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:05.034909010 CEST4971480192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:05.040167093 CEST8049714132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:05.040235996 CEST4971480192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:05.040615082 CEST4971480192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:05.045594931 CEST8049714132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:05.639525890 CEST8049713132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:05.640887976 CEST49715443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:05.640933037 CEST44349715188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:05.640999079 CEST49715443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:05.641289949 CEST49715443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:05.641303062 CEST44349715188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:05.693403959 CEST4971380192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:06.099740982 CEST44349715188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:06.101444006 CEST49715443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:06.101465940 CEST44349715188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:06.256815910 CEST44349715188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:06.256932974 CEST44349715188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:06.256983042 CEST49715443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:06.257555962 CEST49715443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:06.273960114 CEST4971380192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:06.276272058 CEST4971680192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:06.280222893 CEST8049713132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:06.280282021 CEST4971380192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:06.281780958 CEST8049716132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:06.281848907 CEST4971680192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:06.281928062 CEST4971680192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:06.287410021 CEST8049716132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:12.844172001 CEST8049714132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:12.845974922 CEST8049714132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:12.846014977 CEST4971480192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:12.850217104 CEST8049714132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:12.850259066 CEST4971480192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:12.852571011 CEST4971480192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:12.854732990 CEST8049714132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:12.854772091 CEST4971480192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:12.878036976 CEST8049714132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:13.167254925 CEST8049714132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:13.209011078 CEST4971480192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:13.215014935 CEST49739443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:13.215043068 CEST44349739188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:13.215110064 CEST49739443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:13.221627951 CEST49739443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:13.221641064 CEST44349739188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:13.789227962 CEST4974280192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:14.547528028 CEST8049716132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:14.548044920 CEST8049716132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:14.548084974 CEST8049716132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:14.548152924 CEST4971680192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:14.548152924 CEST4971680192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:14.548923969 CEST8049716132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:14.548953056 CEST49743443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:14.548984051 CEST44349743188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:14.549166918 CEST4971680192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:14.551119089 CEST49743443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:14.551119089 CEST49743443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:14.551155090 CEST44349743188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:14.553452015 CEST8049742132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:14.554025888 CEST4974280192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:14.554411888 CEST4974280192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:14.559943914 CEST8049742132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:14.560646057 CEST44349739188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:14.560760021 CEST49739443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:14.566234112 CEST49739443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:14.566241980 CEST44349739188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:14.566601992 CEST44349739188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:14.615772963 CEST49739443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:14.713650942 CEST49739443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:14.755398989 CEST44349739188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:14.829770088 CEST44349739188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:14.829868078 CEST44349739188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:14.831458092 CEST49739443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:14.887340069 CEST49739443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:14.962090015 CEST4971480192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:14.967591047 CEST8049714132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:15.037563086 CEST44349743188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:15.061846972 CEST49743443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:15.061872959 CEST44349743188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:16.214314938 CEST44349743188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:16.214456081 CEST44349743188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:16.214724064 CEST49743443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:16.214874029 CEST8049714132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:16.215204954 CEST49743443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:16.215837955 CEST8049714132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:16.215883017 CEST4971480192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:16.216104984 CEST8049714132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:16.216192007 CEST4971480192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:16.217010021 CEST8049714132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:16.217060089 CEST4971480192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:16.217303991 CEST49748443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:16.217340946 CEST44349748188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:16.217434883 CEST49748443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:16.217843056 CEST49748443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:16.217855930 CEST44349748188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:16.219491005 CEST4971680192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:16.220449924 CEST4974980192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:16.225770950 CEST8049749132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:16.226241112 CEST8049716132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:16.226300955 CEST4971680192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:16.226346016 CEST4974980192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:16.226411104 CEST4974980192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:16.231547117 CEST8049749132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:16.732198000 CEST44349748188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:16.735898972 CEST49748443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:16.735939980 CEST44349748188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:16.885121107 CEST44349748188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:16.885220051 CEST44349748188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:16.885453939 CEST49748443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:16.886679888 CEST49748443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:16.889324903 CEST4971480192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:16.890630007 CEST4975480192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:16.897615910 CEST8049754132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:16.898233891 CEST4975480192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:16.898340940 CEST4975480192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:16.904258966 CEST8049714132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:16.904333115 CEST4971480192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:16.905860901 CEST8049754132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:19.346615076 CEST8049742132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:19.350835085 CEST4974280192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:19.355732918 CEST8049742132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:21.787695885 CEST8049742132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:21.822101116 CEST8049749132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:21.823292971 CEST49785443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:21.823337078 CEST44349785188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:21.823410988 CEST49785443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:21.823647976 CEST49785443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:21.823664904 CEST44349785188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:21.825135946 CEST49786443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:21.825145960 CEST44349786188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:21.825205088 CEST49786443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:21.829355001 CEST49786443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:21.829365015 CEST44349786188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:21.834008932 CEST4974280192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:21.865480900 CEST4974980192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:22.526149035 CEST44349785188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:22.527648926 CEST49785443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:22.527682066 CEST44349785188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:22.528036118 CEST44349786188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:22.528111935 CEST49786443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:22.529421091 CEST49786443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:22.529433012 CEST44349786188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:22.529880047 CEST44349786188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:22.584060907 CEST49786443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:22.584662914 CEST49786443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:22.631400108 CEST44349786188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:22.678353071 CEST44349785188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:22.678462029 CEST44349785188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:22.678503990 CEST49785443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:22.678980112 CEST49785443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:22.714894056 CEST44349786188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:22.715012074 CEST44349786188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:22.715060949 CEST49786443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:22.717936993 CEST49786443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:22.723663092 CEST4974280192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:22.728818893 CEST8049742132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:22.853605032 CEST4970980192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:22.856106997 CEST4974980192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:23.084106922 CEST8049742132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:23.086924076 CEST49796443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:23.087019920 CEST44349796188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:23.087125063 CEST49796443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:23.087573051 CEST49796443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:23.087613106 CEST44349796188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:23.130919933 CEST4974280192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:23.618166924 CEST44349796188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:23.621099949 CEST49796443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:23.621121883 CEST44349796188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:23.775631905 CEST44349796188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:23.775712013 CEST44349796188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:23.775804996 CEST49796443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:23.776449919 CEST49796443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:23.779694080 CEST4974280192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:23.781202078 CEST4980180192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:23.785880089 CEST8049742132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:23.786184072 CEST8049801132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:23.786241055 CEST4974280192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:23.786286116 CEST4980180192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:23.786397934 CEST4980180192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:23.792021990 CEST8049801132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:25.331413031 CEST8049754132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:25.332925081 CEST49811443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:25.332974911 CEST44349811188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:25.333087921 CEST49811443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:25.333334923 CEST49811443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:25.333344936 CEST44349811188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:25.381016970 CEST4975480192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:25.815227985 CEST44349811188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:25.816870928 CEST49811443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:25.816894054 CEST44349811188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:25.964631081 CEST44349811188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:25.964723110 CEST44349811188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:25.964773893 CEST49811443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:25.965205908 CEST49811443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:25.970159054 CEST4981580192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:25.975394011 CEST8049815132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:25.975521088 CEST4981580192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:25.975568056 CEST4981580192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:25.980911016 CEST8049815132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:28.201869965 CEST8049801132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:28.203413963 CEST49829443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:28.203461885 CEST44349829188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:28.203552008 CEST49829443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:28.203819036 CEST49829443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:28.203830004 CEST44349829188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:28.255944967 CEST4980180192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:28.443628073 CEST8049815132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:28.444876909 CEST49832443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:28.444889069 CEST44349832188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:28.444951057 CEST49832443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:28.445153952 CEST49832443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:28.445163965 CEST44349832188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:28.490272999 CEST4981580192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:28.684390068 CEST44349829188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:28.686054945 CEST49829443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:28.686081886 CEST44349829188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:28.823422909 CEST44349829188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:28.823601007 CEST44349829188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:28.823648930 CEST49829443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:28.824112892 CEST49829443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:28.828617096 CEST4983580192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:28.834507942 CEST8049835132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:28.834575891 CEST4983580192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:28.834660053 CEST4983580192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:28.841098070 CEST8049835132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:28.915282011 CEST44349832188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:28.917062044 CEST49832443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:28.917082071 CEST44349832188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:29.063090086 CEST44349832188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:29.063338041 CEST44349832188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:29.063419104 CEST49832443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:29.063960075 CEST49832443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:29.067107916 CEST4981580192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:29.068319082 CEST4983780192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:29.073333979 CEST8049815132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:29.073844910 CEST8049837132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:29.073885918 CEST4981580192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:29.073940039 CEST4983780192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:29.074043989 CEST4983780192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:29.079518080 CEST8049837132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:29.685384989 CEST8049835132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:29.690615892 CEST49842443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:29.690666914 CEST44349842188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:29.690731049 CEST49842443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:29.690985918 CEST49842443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:29.690996885 CEST44349842188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:29.740259886 CEST4983580192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:30.158505917 CEST44349842188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:30.160399914 CEST49842443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:30.160437107 CEST44349842188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:30.300667048 CEST44349842188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:30.300760031 CEST44349842188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:30.300815105 CEST49842443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:30.301317930 CEST49842443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:30.306265116 CEST4983580192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:30.308265924 CEST4984780192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:30.311748028 CEST8049835132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:30.311829090 CEST4983580192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:30.313225031 CEST8049847132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:30.313304901 CEST4984780192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:30.313405991 CEST4984780192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:30.318613052 CEST8049847132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:30.968976021 CEST8049837132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:30.970314026 CEST49853443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:30.970364094 CEST44349853188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:30.970428944 CEST49853443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:30.970709085 CEST49853443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:30.970726967 CEST44349853188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:31.021517038 CEST4983780192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:31.159667969 CEST8049847132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:31.160967112 CEST49855443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:31.161027908 CEST44349855188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:31.161226988 CEST49855443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:31.161386967 CEST49855443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:31.161401987 CEST44349855188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:31.209018946 CEST4984780192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:31.447770119 CEST44349853188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:31.449348927 CEST49853443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:31.449376106 CEST44349853188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:31.637880087 CEST44349853188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:31.637979984 CEST44349853188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:31.638037920 CEST49853443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:31.638518095 CEST49853443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:31.641788960 CEST4983780192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:31.642335892 CEST4985780192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:31.647527933 CEST8049857132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:31.647543907 CEST8049837132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:31.647618055 CEST4983780192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:31.647627115 CEST4985780192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:31.647782087 CEST4985780192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:31.649962902 CEST44349855188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:31.651349068 CEST49855443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:31.651379108 CEST44349855188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:31.652913094 CEST8049857132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:31.812222958 CEST44349855188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:31.812397957 CEST44349855188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:31.812511921 CEST49855443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:31.842771053 CEST49855443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:31.873465061 CEST4984780192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:31.874068022 CEST4986180192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:31.878871918 CEST8049847132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:31.878942013 CEST4984780192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:31.879194021 CEST8049861132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:31.879257917 CEST4986180192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:31.879394054 CEST4986180192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:31.885078907 CEST8049861132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:35.274210930 CEST8049861132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:35.274285078 CEST8049861132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:35.274362087 CEST4986180192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:35.275669098 CEST49876443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:35.275696039 CEST44349876188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:35.275764942 CEST49876443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:35.276058912 CEST49876443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:35.276073933 CEST44349876188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:35.756402969 CEST44349876188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:35.758114100 CEST49876443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:35.758161068 CEST44349876188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:35.860723019 CEST8049857132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:35.862088919 CEST49882443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:35.862175941 CEST44349882188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:35.862257004 CEST49882443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:35.862498045 CEST49882443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:35.862530947 CEST44349882188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:35.899910927 CEST44349876188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:35.900001049 CEST44349876188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:35.900058985 CEST49876443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:35.900506020 CEST49876443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:35.903723955 CEST4986180192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:35.904850006 CEST4988380192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:35.909482002 CEST8049861132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:35.909563065 CEST4986180192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:35.909992933 CEST8049883132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:35.910053968 CEST4988380192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:35.910197020 CEST4988380192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:35.912156105 CEST4985780192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:35.916212082 CEST8049883132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:37.091499090 CEST44349882188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:37.093051910 CEST49882443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:37.093130112 CEST44349882188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:37.229465961 CEST44349882188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:37.229712963 CEST44349882188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:37.229937077 CEST49882443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:37.230452061 CEST49882443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:37.235472918 CEST5771680192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:37.235655069 CEST4985780192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:37.240458965 CEST8057716132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:37.240541935 CEST5771680192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:37.240701914 CEST5771680192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:37.241178989 CEST8049857132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:37.241247892 CEST4985780192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:37.245592117 CEST8057716132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:37.672913074 CEST8049883132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:37.674451113 CEST57721443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:37.674503088 CEST44357721188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:37.674609900 CEST57721443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:37.674899101 CEST57721443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:37.674911022 CEST44357721188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:37.724683046 CEST4988380192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:38.158637047 CEST44357721188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:38.161257982 CEST57721443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:38.161286116 CEST44357721188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:38.304255962 CEST44357721188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:38.304496050 CEST44357721188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:38.304563046 CEST57721443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:38.305082083 CEST57721443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:38.308373928 CEST4988380192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:38.309412003 CEST5772680192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:38.313731909 CEST8049883132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:38.313793898 CEST4988380192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:38.314367056 CEST8057726132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:38.314451933 CEST5772680192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:38.314529896 CEST5772680192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:38.319458008 CEST8057726132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:40.010390997 CEST8057716132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:40.011881113 CEST57737443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:40.011921883 CEST44357737188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:40.011995077 CEST57737443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:40.012254000 CEST57737443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:40.012265921 CEST44357737188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:40.052851915 CEST5771680192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:40.479788065 CEST44357737188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:40.481379032 CEST57737443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:40.481410027 CEST44357737188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:40.633162022 CEST44357737188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:40.633249044 CEST44357737188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:40.633306026 CEST57737443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:40.633687973 CEST57737443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:40.636811018 CEST5771680192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:40.637861967 CEST5773980192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:40.642669916 CEST8057716132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:40.642739058 CEST5771680192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:40.643116951 CEST8057739132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:40.643188000 CEST5773980192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:40.643275023 CEST5773980192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:40.648624897 CEST8057739132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:41.145297050 CEST8057726132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:41.146780968 CEST57744443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:41.146830082 CEST44357744188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:41.147020102 CEST57744443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:41.147357941 CEST57744443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:41.147376060 CEST44357744188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:41.193417072 CEST5772680192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:41.472799063 CEST8057739132.226.8.169192.168.2.5
                              Oct 8, 2024 15:45:41.474065065 CEST57746443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:41.474096060 CEST44357746188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:41.474179029 CEST57746443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:41.474458933 CEST57746443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:41.474467993 CEST44357746188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:41.521519899 CEST5773980192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:41.612525940 CEST44357744188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:41.614141941 CEST57744443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:41.614176035 CEST44357744188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:41.737226009 CEST44357744188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:41.737315893 CEST44357744188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:41.737374067 CEST57744443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:41.737874031 CEST57744443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:41.878973961 CEST5772680192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:41.879033089 CEST4980180192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:41.940109015 CEST44357746188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:41.941953897 CEST57746443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:41.941983938 CEST44357746188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:42.278331041 CEST44357746188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:42.278570890 CEST44357746188.114.96.3192.168.2.5
                              Oct 8, 2024 15:45:42.278628111 CEST57746443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:42.279135942 CEST57746443192.168.2.5188.114.96.3
                              Oct 8, 2024 15:45:42.470866919 CEST5773980192.168.2.5132.226.8.169
                              Oct 8, 2024 15:45:42.470925093 CEST4975480192.168.2.5132.226.8.169

                              UDP Packets

                              TimestampSource PortDest PortSource IPDest IP
                              Oct 8, 2024 15:44:51.801248074 CEST4975653192.168.2.51.1.1.1
                              Oct 8, 2024 15:44:51.808552027 CEST53497561.1.1.1192.168.2.5
                              Oct 8, 2024 15:44:53.257303953 CEST6529853192.168.2.51.1.1.1
                              Oct 8, 2024 15:44:53.265292883 CEST53652981.1.1.1192.168.2.5
                              Oct 8, 2024 15:45:35.920356035 CEST5363402162.159.36.2192.168.2.5
                              Oct 8, 2024 15:45:37.135909081 CEST53637891.1.1.1192.168.2.5

                              DNS Queries

                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                              Oct 8, 2024 15:44:51.801248074 CEST192.168.2.51.1.1.10x22acStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                              Oct 8, 2024 15:44:53.257303953 CEST192.168.2.51.1.1.10x2c18Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false

                              DNS Answers

                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                              Oct 8, 2024 15:44:51.808552027 CEST1.1.1.1192.168.2.50x22acNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                              Oct 8, 2024 15:44:51.808552027 CEST1.1.1.1192.168.2.50x22acNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                              Oct 8, 2024 15:44:51.808552027 CEST1.1.1.1192.168.2.50x22acNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                              Oct 8, 2024 15:44:51.808552027 CEST1.1.1.1192.168.2.50x22acNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                              Oct 8, 2024 15:44:51.808552027 CEST1.1.1.1192.168.2.50x22acNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                              Oct 8, 2024 15:44:51.808552027 CEST1.1.1.1192.168.2.50x22acNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                              Oct 8, 2024 15:44:53.265292883 CEST1.1.1.1192.168.2.50x2c18No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                              Oct 8, 2024 15:44:53.265292883 CEST1.1.1.1192.168.2.50x2c18No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false

                              HTTP Request Dependency Graph

                              • reallyfreegeoip.org
                              • checkip.dyndns.org

                              HTTP Packets

                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              0192.168.2.549704132.226.8.169802448C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                              TimestampBytes transferredDirectionData
                              Oct 8, 2024 15:44:51.835316896 CEST151OUTGET / HTTP/1.1
                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                              Host: checkip.dyndns.org
                              Connection: Keep-Alive
                              Oct 8, 2024 15:44:52.703668118 CEST272INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:44:52 GMT
                              Content-Type: text/html
                              Content-Length: 103
                              Connection: keep-alive
                              Cache-Control: no-cache
                              Pragma: no-cache
                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                              Oct 8, 2024 15:44:52.779891968 CEST127OUTGET / HTTP/1.1
                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                              Host: checkip.dyndns.org
                              Oct 8, 2024 15:44:53.219773054 CEST272INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:44:52 GMT
                              Content-Type: text/html
                              Content-Length: 103
                              Connection: keep-alive
                              Cache-Control: no-cache
                              Pragma: no-cache
                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                              Oct 8, 2024 15:44:54.057854891 CEST127OUTGET / HTTP/1.1
                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                              Host: checkip.dyndns.org
                              Oct 8, 2024 15:44:54.364952087 CEST272INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:44:54 GMT
                              Content-Type: text/html
                              Content-Length: 103
                              Connection: keep-alive
                              Cache-Control: no-cache
                              Pragma: no-cache
                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              1192.168.2.549707132.226.8.169802448C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                              TimestampBytes transferredDirectionData
                              Oct 8, 2024 15:44:54.988102913 CEST127OUTGET / HTTP/1.1
                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                              Host: checkip.dyndns.org
                              Oct 8, 2024 15:44:55.853249073 CEST272INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:44:55 GMT
                              Content-Type: text/html
                              Content-Length: 103
                              Connection: keep-alive
                              Cache-Control: no-cache
                              Pragma: no-cache
                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              2192.168.2.549709132.226.8.169802448C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                              TimestampBytes transferredDirectionData
                              Oct 8, 2024 15:44:56.488917112 CEST127OUTGET / HTTP/1.1
                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                              Host: checkip.dyndns.org
                              Oct 8, 2024 15:44:57.359774113 CEST272INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:44:57 GMT
                              Content-Type: text/html
                              Content-Length: 103
                              Connection: keep-alive
                              Cache-Control: no-cache
                              Pragma: no-cache
                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              3192.168.2.549711132.226.8.169802448C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                              TimestampBytes transferredDirectionData
                              Oct 8, 2024 15:44:58.233828068 CEST151OUTGET / HTTP/1.1
                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                              Host: checkip.dyndns.org
                              Connection: Keep-Alive
                              Oct 8, 2024 15:44:59.284961939 CEST272INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:44:59 GMT
                              Content-Type: text/html
                              Content-Length: 103
                              Connection: keep-alive
                              Cache-Control: no-cache
                              Pragma: no-cache
                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              4192.168.2.549713132.226.8.169802448C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                              TimestampBytes transferredDirectionData
                              Oct 8, 2024 15:44:59.928431988 CEST151OUTGET / HTTP/1.1
                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                              Host: checkip.dyndns.org
                              Connection: Keep-Alive
                              Oct 8, 2024 15:45:05.639525890 CEST272INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:45:05 GMT
                              Content-Type: text/html
                              Content-Length: 103
                              Connection: keep-alive
                              Cache-Control: no-cache
                              Pragma: no-cache
                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              5192.168.2.549714132.226.8.169806644C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                              TimestampBytes transferredDirectionData
                              Oct 8, 2024 15:45:05.040615082 CEST151OUTGET / HTTP/1.1
                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                              Host: checkip.dyndns.org
                              Connection: Keep-Alive
                              Oct 8, 2024 15:45:12.844172001 CEST272INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:45:11 GMT
                              Content-Type: text/html
                              Content-Length: 103
                              Connection: keep-alive
                              Cache-Control: no-cache
                              Pragma: no-cache
                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                              Oct 8, 2024 15:45:12.845974922 CEST272INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:45:11 GMT
                              Content-Type: text/html
                              Content-Length: 103
                              Connection: keep-alive
                              Cache-Control: no-cache
                              Pragma: no-cache
                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                              Oct 8, 2024 15:45:12.850217104 CEST272INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:45:11 GMT
                              Content-Type: text/html
                              Content-Length: 103
                              Connection: keep-alive
                              Cache-Control: no-cache
                              Pragma: no-cache
                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                              Oct 8, 2024 15:45:12.852571011 CEST127OUTGET / HTTP/1.1
                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                              Host: checkip.dyndns.org
                              Oct 8, 2024 15:45:12.854732990 CEST272INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:45:11 GMT
                              Content-Type: text/html
                              Content-Length: 103
                              Connection: keep-alive
                              Cache-Control: no-cache
                              Pragma: no-cache
                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                              Oct 8, 2024 15:45:13.167254925 CEST272INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:45:13 GMT
                              Content-Type: text/html
                              Content-Length: 103
                              Connection: keep-alive
                              Cache-Control: no-cache
                              Pragma: no-cache
                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                              Oct 8, 2024 15:45:14.962090015 CEST127OUTGET / HTTP/1.1
                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                              Host: checkip.dyndns.org
                              Oct 8, 2024 15:45:16.214874029 CEST272INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:45:15 GMT
                              Content-Type: text/html
                              Content-Length: 103
                              Connection: keep-alive
                              Cache-Control: no-cache
                              Pragma: no-cache
                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                              Oct 8, 2024 15:45:16.215837955 CEST272INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:45:15 GMT
                              Content-Type: text/html
                              Content-Length: 103
                              Connection: keep-alive
                              Cache-Control: no-cache
                              Pragma: no-cache
                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                              Oct 8, 2024 15:45:16.216104984 CEST272INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:45:15 GMT
                              Content-Type: text/html
                              Content-Length: 103
                              Connection: keep-alive
                              Cache-Control: no-cache
                              Pragma: no-cache
                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                              Oct 8, 2024 15:45:16.217010021 CEST272INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:45:15 GMT
                              Content-Type: text/html
                              Content-Length: 103
                              Connection: keep-alive
                              Cache-Control: no-cache
                              Pragma: no-cache
                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              6192.168.2.549716132.226.8.169802448C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                              TimestampBytes transferredDirectionData
                              Oct 8, 2024 15:45:06.281928062 CEST151OUTGET / HTTP/1.1
                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                              Host: checkip.dyndns.org
                              Connection: Keep-Alive
                              Oct 8, 2024 15:45:14.547528028 CEST272INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:45:13 GMT
                              Content-Type: text/html
                              Content-Length: 103
                              Connection: keep-alive
                              Cache-Control: no-cache
                              Pragma: no-cache
                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                              Oct 8, 2024 15:45:14.548044920 CEST272INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:45:13 GMT
                              Content-Type: text/html
                              Content-Length: 103
                              Connection: keep-alive
                              Cache-Control: no-cache
                              Pragma: no-cache
                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                              Oct 8, 2024 15:45:14.548084974 CEST272INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:45:13 GMT
                              Content-Type: text/html
                              Content-Length: 103
                              Connection: keep-alive
                              Cache-Control: no-cache
                              Pragma: no-cache
                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                              Oct 8, 2024 15:45:14.548923969 CEST272INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:45:13 GMT
                              Content-Type: text/html
                              Content-Length: 103
                              Connection: keep-alive
                              Cache-Control: no-cache
                              Pragma: no-cache
                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              7192.168.2.549742132.226.8.169805028C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                              TimestampBytes transferredDirectionData
                              Oct 8, 2024 15:45:14.554411888 CEST151OUTGET / HTTP/1.1
                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                              Host: checkip.dyndns.org
                              Connection: Keep-Alive
                              Oct 8, 2024 15:45:19.346615076 CEST272INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:45:19 GMT
                              Content-Type: text/html
                              Content-Length: 103
                              Connection: keep-alive
                              Cache-Control: no-cache
                              Pragma: no-cache
                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                              Oct 8, 2024 15:45:19.350835085 CEST127OUTGET / HTTP/1.1
                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                              Host: checkip.dyndns.org
                              Oct 8, 2024 15:45:21.787695885 CEST272INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:45:21 GMT
                              Content-Type: text/html
                              Content-Length: 103
                              Connection: keep-alive
                              Cache-Control: no-cache
                              Pragma: no-cache
                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                              Oct 8, 2024 15:45:22.723663092 CEST127OUTGET / HTTP/1.1
                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                              Host: checkip.dyndns.org
                              Oct 8, 2024 15:45:23.084106922 CEST272INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:45:22 GMT
                              Content-Type: text/html
                              Content-Length: 103
                              Connection: keep-alive
                              Cache-Control: no-cache
                              Pragma: no-cache
                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              8192.168.2.549749132.226.8.169802448C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                              TimestampBytes transferredDirectionData
                              Oct 8, 2024 15:45:16.226411104 CEST151OUTGET / HTTP/1.1
                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                              Host: checkip.dyndns.org
                              Connection: Keep-Alive
                              Oct 8, 2024 15:45:21.822101116 CEST272INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:45:21 GMT
                              Content-Type: text/html
                              Content-Length: 103
                              Connection: keep-alive
                              Cache-Control: no-cache
                              Pragma: no-cache
                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              9192.168.2.549754132.226.8.169806644C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                              TimestampBytes transferredDirectionData
                              Oct 8, 2024 15:45:16.898340940 CEST127OUTGET / HTTP/1.1
                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                              Host: checkip.dyndns.org
                              Oct 8, 2024 15:45:25.331413031 CEST272INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:45:25 GMT
                              Content-Type: text/html
                              Content-Length: 103
                              Connection: keep-alive
                              Cache-Control: no-cache
                              Pragma: no-cache
                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              10192.168.2.549801132.226.8.169805028C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                              TimestampBytes transferredDirectionData
                              Oct 8, 2024 15:45:23.786397934 CEST127OUTGET / HTTP/1.1
                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                              Host: checkip.dyndns.org
                              Oct 8, 2024 15:45:28.201869965 CEST272INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:45:28 GMT
                              Content-Type: text/html
                              Content-Length: 103
                              Connection: keep-alive
                              Cache-Control: no-cache
                              Pragma: no-cache
                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              11192.168.2.549815132.226.8.169806644C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                              TimestampBytes transferredDirectionData
                              Oct 8, 2024 15:45:25.975568056 CEST151OUTGET / HTTP/1.1
                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                              Host: checkip.dyndns.org
                              Connection: Keep-Alive
                              Oct 8, 2024 15:45:28.443628073 CEST272INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:45:28 GMT
                              Content-Type: text/html
                              Content-Length: 103
                              Connection: keep-alive
                              Cache-Control: no-cache
                              Pragma: no-cache
                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              12192.168.2.549835132.226.8.169805028C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                              TimestampBytes transferredDirectionData
                              Oct 8, 2024 15:45:28.834660053 CEST151OUTGET / HTTP/1.1
                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                              Host: checkip.dyndns.org
                              Connection: Keep-Alive
                              Oct 8, 2024 15:45:29.685384989 CEST272INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:45:29 GMT
                              Content-Type: text/html
                              Content-Length: 103
                              Connection: keep-alive
                              Cache-Control: no-cache
                              Pragma: no-cache
                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              13192.168.2.549837132.226.8.169806644C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                              TimestampBytes transferredDirectionData
                              Oct 8, 2024 15:45:29.074043989 CEST151OUTGET / HTTP/1.1
                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                              Host: checkip.dyndns.org
                              Connection: Keep-Alive
                              Oct 8, 2024 15:45:30.968976021 CEST272INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:45:30 GMT
                              Content-Type: text/html
                              Content-Length: 103
                              Connection: keep-alive
                              Cache-Control: no-cache
                              Pragma: no-cache
                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              14192.168.2.549847132.226.8.169805028C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                              TimestampBytes transferredDirectionData
                              Oct 8, 2024 15:45:30.313405991 CEST151OUTGET / HTTP/1.1
                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                              Host: checkip.dyndns.org
                              Connection: Keep-Alive
                              Oct 8, 2024 15:45:31.159667969 CEST272INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:45:31 GMT
                              Content-Type: text/html
                              Content-Length: 103
                              Connection: keep-alive
                              Cache-Control: no-cache
                              Pragma: no-cache
                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              15192.168.2.549857132.226.8.169806644C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                              TimestampBytes transferredDirectionData
                              Oct 8, 2024 15:45:31.647782087 CEST151OUTGET / HTTP/1.1
                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                              Host: checkip.dyndns.org
                              Connection: Keep-Alive
                              Oct 8, 2024 15:45:35.860723019 CEST272INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:45:35 GMT
                              Content-Type: text/html
                              Content-Length: 103
                              Connection: keep-alive
                              Cache-Control: no-cache
                              Pragma: no-cache
                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              16192.168.2.549861132.226.8.169805028C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                              TimestampBytes transferredDirectionData
                              Oct 8, 2024 15:45:31.879394054 CEST151OUTGET / HTTP/1.1
                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                              Host: checkip.dyndns.org
                              Connection: Keep-Alive
                              Oct 8, 2024 15:45:35.274210930 CEST272INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:45:34 GMT
                              Content-Type: text/html
                              Content-Length: 103
                              Connection: keep-alive
                              Cache-Control: no-cache
                              Pragma: no-cache
                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                              Oct 8, 2024 15:45:35.274285078 CEST272INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:45:34 GMT
                              Content-Type: text/html
                              Content-Length: 103
                              Connection: keep-alive
                              Cache-Control: no-cache
                              Pragma: no-cache
                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              17192.168.2.549883132.226.8.169805028C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                              TimestampBytes transferredDirectionData
                              Oct 8, 2024 15:45:35.910197020 CEST151OUTGET / HTTP/1.1
                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                              Host: checkip.dyndns.org
                              Connection: Keep-Alive
                              Oct 8, 2024 15:45:37.672913074 CEST272INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:45:37 GMT
                              Content-Type: text/html
                              Content-Length: 103
                              Connection: keep-alive
                              Cache-Control: no-cache
                              Pragma: no-cache
                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              18192.168.2.557716132.226.8.169806644C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                              TimestampBytes transferredDirectionData
                              Oct 8, 2024 15:45:37.240701914 CEST151OUTGET / HTTP/1.1
                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                              Host: checkip.dyndns.org
                              Connection: Keep-Alive
                              Oct 8, 2024 15:45:40.010390997 CEST272INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:45:39 GMT
                              Content-Type: text/html
                              Content-Length: 103
                              Connection: keep-alive
                              Cache-Control: no-cache
                              Pragma: no-cache
                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              19192.168.2.557726132.226.8.169805028C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                              TimestampBytes transferredDirectionData
                              Oct 8, 2024 15:45:38.314529896 CEST151OUTGET / HTTP/1.1
                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                              Host: checkip.dyndns.org
                              Connection: Keep-Alive
                              Oct 8, 2024 15:45:41.145297050 CEST272INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:45:41 GMT
                              Content-Type: text/html
                              Content-Length: 103
                              Connection: keep-alive
                              Cache-Control: no-cache
                              Pragma: no-cache
                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              20192.168.2.557739132.226.8.169806644C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                              TimestampBytes transferredDirectionData
                              Oct 8, 2024 15:45:40.643275023 CEST151OUTGET / HTTP/1.1
                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                              Host: checkip.dyndns.org
                              Connection: Keep-Alive
                              Oct 8, 2024 15:45:41.472799063 CEST272INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:45:41 GMT
                              Content-Type: text/html
                              Content-Length: 103
                              Connection: keep-alive
                              Cache-Control: no-cache
                              Pragma: no-cache
                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                              HTTPS Proxied Packets

                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              0192.168.2.549705188.114.96.34432448C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                              TimestampBytes transferredDirectionData
                              2024-10-08 13:44:53 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                              Host: reallyfreegeoip.org
                              Connection: Keep-Alive
                              2024-10-08 13:44:54 UTC682INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:44:53 GMT
                              Content-Type: application/xml
                              Transfer-Encoding: chunked
                              Connection: close
                              access-control-allow-origin: *
                              vary: Accept-Encoding
                              Cache-Control: max-age=86400
                              CF-Cache-Status: HIT
                              Age: 61425
                              Last-Modified: Mon, 07 Oct 2024 20:41:08 GMT
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zTEPlekGqPi0eTbbxuXsUH04McBd6sw%2FtP5Il%2FVvZEfrMMLvpH0nUDuGOozLCZpzx518UDyST9mKSTi%2BtuTq%2Bxkgkhgy8O0jLDSI6fwzXkd%2FbeG7A7x6Cyd%2BxtHDTQ0QvMVED49G"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              Server: cloudflare
                              CF-RAY: 8cf691793b6278e2-EWR
                              2024-10-08 13:44:54 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                              2024-10-08 13:44:54 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              1192.168.2.549706188.114.96.34432448C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                              TimestampBytes transferredDirectionData
                              2024-10-08 13:44:54 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                              Host: reallyfreegeoip.org
                              2024-10-08 13:44:54 UTC680INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:44:54 GMT
                              Content-Type: application/xml
                              Transfer-Encoding: chunked
                              Connection: close
                              access-control-allow-origin: *
                              vary: Accept-Encoding
                              Cache-Control: max-age=86400
                              CF-Cache-Status: HIT
                              Age: 61426
                              Last-Modified: Mon, 07 Oct 2024 20:41:08 GMT
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g30Kr7czaMcc%2Fi8h4X64BAZpnnxj6vMABa3%2BMSESvoYgvByu5vFkKe8XaJYPB2KNVaatHN346SK3vGr4e90F%2Bs73zHLG%2Fbf45bk2BEODP2GPKzov19B%2Fe5WgtkmSjDoXVmEIVbaS"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              Server: cloudflare
                              CF-RAY: 8cf6917f3d81434a-EWR
                              2024-10-08 13:44:54 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                              2024-10-08 13:44:54 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              2192.168.2.549708188.114.96.34432448C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                              TimestampBytes transferredDirectionData
                              2024-10-08 13:44:56 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                              Host: reallyfreegeoip.org
                              2024-10-08 13:44:56 UTC682INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:44:56 GMT
                              Content-Type: application/xml
                              Transfer-Encoding: chunked
                              Connection: close
                              access-control-allow-origin: *
                              vary: Accept-Encoding
                              Cache-Control: max-age=86400
                              CF-Cache-Status: HIT
                              Age: 61428
                              Last-Modified: Mon, 07 Oct 2024 20:41:08 GMT
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S3I2o1Hrrb%2BHCK66vIBG1zRYDX17OByzucDTUhk3K8hE1guFXGXpMtzezy%2FV0vZ28GY5%2FBFWllssfq0l9Otph%2BKJuKGy8btP%2Fe8Yv%2Bi2BSc6lD7IFPdsKTHEOsa6thnGIZeOKSqH"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              Server: cloudflare
                              CF-RAY: 8cf691889b224364-EWR
                              2024-10-08 13:44:56 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                              2024-10-08 13:44:56 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              3192.168.2.549710188.114.96.34432448C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                              TimestampBytes transferredDirectionData
                              2024-10-08 13:44:57 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                              Host: reallyfreegeoip.org
                              Connection: Keep-Alive
                              2024-10-08 13:44:58 UTC680INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:44:57 GMT
                              Content-Type: application/xml
                              Transfer-Encoding: chunked
                              Connection: close
                              access-control-allow-origin: *
                              vary: Accept-Encoding
                              Cache-Control: max-age=86400
                              CF-Cache-Status: HIT
                              Age: 61429
                              Last-Modified: Mon, 07 Oct 2024 20:41:08 GMT
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CxrLN%2BITRF1E34dSaA24ceI1YwtiDQj47qCHD3FK3Mz3JqUVJVqEXfpOqLeiKEoA%2FE4X5ElUrgU150lkocpmTaiGiO939SdtqLWKY%2BkTj0p1wLqqrF5V1wrtNKtZxG43m2Mz%2FsC%2F"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              Server: cloudflare
                              CF-RAY: 8cf691921af70f88-EWR
                              2024-10-08 13:44:58 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                              2024-10-08 13:44:58 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              4192.168.2.549712188.114.96.34432448C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                              TimestampBytes transferredDirectionData
                              2024-10-08 13:44:59 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                              Host: reallyfreegeoip.org
                              Connection: Keep-Alive
                              2024-10-08 13:44:59 UTC678INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:44:59 GMT
                              Content-Type: application/xml
                              Transfer-Encoding: chunked
                              Connection: close
                              access-control-allow-origin: *
                              vary: Accept-Encoding
                              Cache-Control: max-age=86400
                              CF-Cache-Status: HIT
                              Age: 61431
                              Last-Modified: Mon, 07 Oct 2024 20:41:08 GMT
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gBlXR2w4XEMwiHD1yk0FQIKqSRRv0tqnNSBdxg4tLtwnK6Lg80D1rf%2BGmlZCeeVn65RZ2teLZHXwcY3bnRnEgwWwjCZscBR6J8K%2FoOpk1dH6kTVDXSP6p%2Bd4%2Boxlwv9iaCypD0z7"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              Server: cloudflare
                              CF-RAY: 8cf6919e1d18335a-EWR
                              2024-10-08 13:44:59 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                              2024-10-08 13:44:59 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              5192.168.2.549715188.114.96.34432448C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                              TimestampBytes transferredDirectionData
                              2024-10-08 13:45:06 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                              Host: reallyfreegeoip.org
                              Connection: Keep-Alive
                              2024-10-08 13:45:06 UTC682INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:45:06 GMT
                              Content-Type: application/xml
                              Transfer-Encoding: chunked
                              Connection: close
                              access-control-allow-origin: *
                              vary: Accept-Encoding
                              Cache-Control: max-age=86400
                              CF-Cache-Status: HIT
                              Age: 61438
                              Last-Modified: Mon, 07 Oct 2024 20:41:08 GMT
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f7jRGD422PLmt77gYqSqy8hWVKeQsdaRzqB03njya59KC9CPJU1DYoId9ZK5LC5bma8bzDFD6qlRkbOehX6%2BmltpGIFZowzHaMfX4sd%2B3n%2Bfr%2ByzSEHb%2B2%2B6BWJmmjFVj7icddph"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              Server: cloudflare
                              CF-RAY: 8cf691c5be7a7cfa-EWR
                              2024-10-08 13:45:06 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                              2024-10-08 13:45:06 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              6192.168.2.549739188.114.96.34436644C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                              TimestampBytes transferredDirectionData
                              2024-10-08 13:45:14 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                              Host: reallyfreegeoip.org
                              Connection: Keep-Alive
                              2024-10-08 13:45:14 UTC678INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:45:14 GMT
                              Content-Type: application/xml
                              Transfer-Encoding: chunked
                              Connection: close
                              access-control-allow-origin: *
                              vary: Accept-Encoding
                              Cache-Control: max-age=86400
                              CF-Cache-Status: HIT
                              Age: 61446
                              Last-Modified: Mon, 07 Oct 2024 20:41:08 GMT
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QTXQSjviv3Y0bbQDQvjBmIbm5MhzVQyJARANlyzwrAaBHYPl6MSazTyjETMG8QXJ17t2lEGCn%2Fe0krQt6snm%2BRejKBV7qA0%2FBkZrAGBE7mI3pGFYgum%2BecKn1rtmb7eySdX9UQa3"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              Server: cloudflare
                              CF-RAY: 8cf691fb494a0f63-EWR
                              2024-10-08 13:45:14 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                              2024-10-08 13:45:14 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              7192.168.2.549743188.114.96.34432448C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                              TimestampBytes transferredDirectionData
                              2024-10-08 13:45:15 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                              Host: reallyfreegeoip.org
                              2024-10-08 13:45:16 UTC680INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:45:15 GMT
                              Content-Type: application/xml
                              Transfer-Encoding: chunked
                              Connection: close
                              access-control-allow-origin: *
                              vary: Accept-Encoding
                              Cache-Control: max-age=86400
                              CF-Cache-Status: HIT
                              Age: 61447
                              Last-Modified: Mon, 07 Oct 2024 20:41:08 GMT
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mWaZZctx2N7uvNFqqJaSZTN4Ud3Ailu2UAUcq7tx7OI5Ny6%2BexKs6%2F61U79oYn%2FjeIOPq6%2FgT7Gz9KzBBOYYPHSlUGBYBKsz%2FYodQcMwRPWH5A94ArZ5lshnVC1b4nNlzLGwMGGL"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              Server: cloudflare
                              CF-RAY: 8cf691fd8edac342-EWR
                              2024-10-08 13:45:16 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                              2024-10-08 13:45:16 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              8192.168.2.549748188.114.96.34436644C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                              TimestampBytes transferredDirectionData
                              2024-10-08 13:45:16 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                              Host: reallyfreegeoip.org
                              2024-10-08 13:45:16 UTC676INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:45:16 GMT
                              Content-Type: application/xml
                              Transfer-Encoding: chunked
                              Connection: close
                              access-control-allow-origin: *
                              vary: Accept-Encoding
                              Cache-Control: max-age=86400
                              CF-Cache-Status: HIT
                              Age: 61448
                              Last-Modified: Mon, 07 Oct 2024 20:41:08 GMT
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E%2F4IGvQmV31xNyIF4PlgN82RbuKSw0s9oWzA7xGvZOa7ZJHiq9tI3Le4JqAa42AH1FAMVdPPEH9w19GzD07F%2B8EW%2F52ySI3J1STQZAb6VYS7gWdG8To80dMS5W5JYONq6MXQDzc0"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              Server: cloudflare
                              CF-RAY: 8cf692080fe58c1d-EWR
                              2024-10-08 13:45:16 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                              2024-10-08 13:45:16 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              9192.168.2.549785188.114.96.34432448C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                              TimestampBytes transferredDirectionData
                              2024-10-08 13:45:22 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                              Host: reallyfreegeoip.org
                              2024-10-08 13:45:22 UTC678INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:45:22 GMT
                              Content-Type: application/xml
                              Transfer-Encoding: chunked
                              Connection: close
                              access-control-allow-origin: *
                              vary: Accept-Encoding
                              Cache-Control: max-age=86400
                              CF-Cache-Status: HIT
                              Age: 61454
                              Last-Modified: Mon, 07 Oct 2024 20:41:08 GMT
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W9yUvyhe6H%2FZp6EnzVtV%2FleEPv1SjfUVzLSTfZHxuyn7h52Ox5eZV4HBUYBMNMY%2BYRpoNNNpCKfbulsGB9Er5KDYe3MqqDLIo%2FKsIkoaxlqHUUy4uRj8LQxBCQDAwOtVJDxahBBY"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              Server: cloudflare
                              CF-RAY: 8cf6922c6ba742e3-EWR
                              2024-10-08 13:45:22 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                              2024-10-08 13:45:22 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              10192.168.2.549786188.114.96.34435028C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                              TimestampBytes transferredDirectionData
                              2024-10-08 13:45:22 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                              Host: reallyfreegeoip.org
                              Connection: Keep-Alive
                              2024-10-08 13:45:22 UTC680INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:45:22 GMT
                              Content-Type: application/xml
                              Transfer-Encoding: chunked
                              Connection: close
                              access-control-allow-origin: *
                              vary: Accept-Encoding
                              Cache-Control: max-age=86400
                              CF-Cache-Status: HIT
                              Age: 61454
                              Last-Modified: Mon, 07 Oct 2024 20:41:08 GMT
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5vR3fyOlgSQEudK07UCyWphV76k45K3u61xCmMQS5%2FpR5t8QTzxFY%2BJaes3sSxBo3%2FxZ2wgCHL0jyo7tnNC5%2BfdS99NHxhzUMTFN0EzWFCKQTcnz18DoZPJdWa%2FvsU4ZPlrxTpxG"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              Server: cloudflare
                              CF-RAY: 8cf6922c7e0c424f-EWR
                              2024-10-08 13:45:22 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                              2024-10-08 13:45:22 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              11192.168.2.549796188.114.96.34435028C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                              TimestampBytes transferredDirectionData
                              2024-10-08 13:45:23 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                              Host: reallyfreegeoip.org
                              2024-10-08 13:45:23 UTC676INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:45:23 GMT
                              Content-Type: application/xml
                              Transfer-Encoding: chunked
                              Connection: close
                              access-control-allow-origin: *
                              vary: Accept-Encoding
                              Cache-Control: max-age=86400
                              CF-Cache-Status: HIT
                              Age: 61455
                              Last-Modified: Mon, 07 Oct 2024 20:41:08 GMT
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p3PNcQmLrrp87kH9tqOTM2c3DbdP7sklitHFe04uNP1J2gQscxlbUVHQ09YEfQLmhcJ414HC%2F2q2MpuBxwsWvyfk58KmjdK0hKNK%2FnHydHtAO%2BwHJJXLrnKBl6YwIrUeFXvu7KMo"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              Server: cloudflare
                              CF-RAY: 8cf6923339874246-EWR
                              2024-10-08 13:45:23 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                              2024-10-08 13:45:23 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              12192.168.2.549811188.114.96.34436644C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                              TimestampBytes transferredDirectionData
                              2024-10-08 13:45:25 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                              Host: reallyfreegeoip.org
                              Connection: Keep-Alive
                              2024-10-08 13:45:25 UTC676INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:45:25 GMT
                              Content-Type: application/xml
                              Transfer-Encoding: chunked
                              Connection: close
                              access-control-allow-origin: *
                              vary: Accept-Encoding
                              Cache-Control: max-age=86400
                              CF-Cache-Status: HIT
                              Age: 61457
                              Last-Modified: Mon, 07 Oct 2024 20:41:08 GMT
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4IsRmuc1aZ%2Fp64bdemJadUUx5GBeqTerireVBOTNjUCyDg4ZWgCV7OkE2jcRnewU4rbtbR3Be8p%2FvJHjXHk2Y7XCLLUqxKkRObQvc%2Ffbe8SGkFaCPBDi1lt1IdZMG7P2JoUqSKiS"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              Server: cloudflare
                              CF-RAY: 8cf69240eb840f60-EWR
                              2024-10-08 13:45:25 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                              2024-10-08 13:45:25 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              13192.168.2.549829188.114.96.34435028C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                              TimestampBytes transferredDirectionData
                              2024-10-08 13:45:28 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                              Host: reallyfreegeoip.org
                              Connection: Keep-Alive
                              2024-10-08 13:45:28 UTC706INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:45:28 GMT
                              Content-Type: application/xml
                              Transfer-Encoding: chunked
                              Connection: close
                              access-control-allow-origin: *
                              vary: Accept-Encoding
                              Cache-Control: max-age=86400
                              CF-Cache-Status: HIT
                              Age: 61460
                              Last-Modified: Mon, 07 Oct 2024 20:41:08 GMT
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dtbS%2BERgu76yj1qa5A2JTSQ2ooSYW519SuQQp7dodCB9nOIoXJgYi2UaWsmiqqvsB2msHK8V0EbR05EIJZjdfoCE8r54hcGXENXpj6t7q6gRuale9JiRPA%2FTox9G4qys%2B0VIXgrl"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              Server: cloudflare
                              CF-RAY: 8cf69252c91242ce-EWR
                              alt-svc: h3=":443"; ma=86400
                              2024-10-08 13:45:28 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                              2024-10-08 13:45:28 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              14192.168.2.549832188.114.96.34436644C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                              TimestampBytes transferredDirectionData
                              2024-10-08 13:45:28 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                              Host: reallyfreegeoip.org
                              Connection: Keep-Alive
                              2024-10-08 13:45:29 UTC680INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:45:29 GMT
                              Content-Type: application/xml
                              Transfer-Encoding: chunked
                              Connection: close
                              access-control-allow-origin: *
                              vary: Accept-Encoding
                              Cache-Control: max-age=86400
                              CF-Cache-Status: HIT
                              Age: 61461
                              Last-Modified: Mon, 07 Oct 2024 20:41:08 GMT
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PAdg6RTaOgpflFTmMt7FZ7EX%2FOgNeHF16RwPnhc7lRM7l23koo07jCddFB6QnPaFAdRz6ct%2FeI45A8ZdhYUaL76ZvT%2F85c6JN4Te%2F2lrSCzsjMaHG6XMEgZ%2BNrgTj0wWtsMbgyz8"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              Server: cloudflare
                              CF-RAY: 8cf692543b87420b-EWR
                              2024-10-08 13:45:29 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                              2024-10-08 13:45:29 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              15192.168.2.549842188.114.96.34435028C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                              TimestampBytes transferredDirectionData
                              2024-10-08 13:45:30 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                              Host: reallyfreegeoip.org
                              Connection: Keep-Alive
                              2024-10-08 13:45:30 UTC674INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:45:30 GMT
                              Content-Type: application/xml
                              Transfer-Encoding: chunked
                              Connection: close
                              access-control-allow-origin: *
                              vary: Accept-Encoding
                              Cache-Control: max-age=86400
                              CF-Cache-Status: HIT
                              Age: 61462
                              Last-Modified: Mon, 07 Oct 2024 20:41:08 GMT
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CD34Cx4CqXO1Fpj5YLEgKz0MZq8mc13UQ59yT8U8azIlLbmCQae0raMfPJEhUPzC7tWfq%2BVtxYd9wU%2BfVy96StrnUTn94BWGPtoWZEMogy5H4nCFSkN7ePubHFhPXWKd72PmYgey"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              Server: cloudflare
                              CF-RAY: 8cf6925c0d550f3d-EWR
                              2024-10-08 13:45:30 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                              2024-10-08 13:45:30 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              16192.168.2.549853188.114.96.34436644C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                              TimestampBytes transferredDirectionData
                              2024-10-08 13:45:31 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                              Host: reallyfreegeoip.org
                              2024-10-08 13:45:31 UTC680INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:45:31 GMT
                              Content-Type: application/xml
                              Transfer-Encoding: chunked
                              Connection: close
                              access-control-allow-origin: *
                              vary: Accept-Encoding
                              Cache-Control: max-age=86400
                              CF-Cache-Status: HIT
                              Age: 61463
                              Last-Modified: Mon, 07 Oct 2024 20:41:08 GMT
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6U%2F7ajyc02SsuxYIzsEECQ%2B6iBqUJG9qVaufIbXmiimkrMwsuUbxgXNiQEvKgYhreTgK5RwP8iayAnBnyzLJXeTFV3C6wqGE%2BKPckkxslQAiMFvJVMn%2B9izpAUKxyUrCtvG3%2BR6D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              Server: cloudflare
                              CF-RAY: 8cf69264295e197c-EWR
                              2024-10-08 13:45:31 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                              2024-10-08 13:45:31 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              17192.168.2.549855188.114.96.34435028C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                              TimestampBytes transferredDirectionData
                              2024-10-08 13:45:31 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                              Host: reallyfreegeoip.org
                              2024-10-08 13:45:31 UTC672INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:45:31 GMT
                              Content-Type: application/xml
                              Transfer-Encoding: chunked
                              Connection: close
                              access-control-allow-origin: *
                              vary: Accept-Encoding
                              Cache-Control: max-age=86400
                              CF-Cache-Status: HIT
                              Age: 61463
                              Last-Modified: Mon, 07 Oct 2024 20:41:08 GMT
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Om7IYyiFfNmljgOz5vy0iwVLoXKzHB5sPBYZ1lx%2BZEOoc5fTWTJXc5NLSj2hPpRM55c0tqFDjmIalVP6ygtCbe8TA6jQ730znKlb3eHlMjyi1QrNXrwQHsI0wwN7QAIN2kp9cgD7"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              Server: cloudflare
                              CF-RAY: 8cf692656ede42c3-EWR
                              2024-10-08 13:45:31 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                              2024-10-08 13:45:31 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              18192.168.2.549876188.114.96.34435028C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                              TimestampBytes transferredDirectionData
                              2024-10-08 13:45:35 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                              Host: reallyfreegeoip.org
                              2024-10-08 13:45:35 UTC680INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:45:35 GMT
                              Content-Type: application/xml
                              Transfer-Encoding: chunked
                              Connection: close
                              access-control-allow-origin: *
                              vary: Accept-Encoding
                              Cache-Control: max-age=86400
                              CF-Cache-Status: HIT
                              Age: 61467
                              Last-Modified: Mon, 07 Oct 2024 20:41:08 GMT
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OL24dJieLfX6U%2FqFp6ek8igm7niBcg%2BqE2707kuRr0jkXZFiPjegXdFTb2MLQU2xUw%2BQb%2Bv8DdbDQvN4uQFV0zYMgyIXSmHm%2BULx31TbNnN8p3WajSXICBjBq2jm39f7a0ewTnVq"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              Server: cloudflare
                              CF-RAY: 8cf6927f086dc3ee-EWR
                              2024-10-08 13:45:35 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                              2024-10-08 13:45:35 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              19192.168.2.549882188.114.96.34436644C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                              TimestampBytes transferredDirectionData
                              2024-10-08 13:45:37 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                              Host: reallyfreegeoip.org
                              Connection: Keep-Alive
                              2024-10-08 13:45:37 UTC678INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:45:37 GMT
                              Content-Type: application/xml
                              Transfer-Encoding: chunked
                              Connection: close
                              access-control-allow-origin: *
                              vary: Accept-Encoding
                              Cache-Control: max-age=86400
                              CF-Cache-Status: HIT
                              Age: 61469
                              Last-Modified: Mon, 07 Oct 2024 20:41:08 GMT
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=swSVnOpe3R9ZD4jXdyBpWWMNlKO3XEpnob9Q4DIkj8EOkW9CJfHQ7rIJ%2BLXW4TViPC7sFp2qik4qkWtBUSICdWKZ6kuTFG%2BSRTnfhpHTDLt%2F0FzzfkyOd%2FqdcNZJO0Ccp6hMNmIE"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              Server: cloudflare
                              CF-RAY: 8cf692874f8d8c95-EWR
                              2024-10-08 13:45:37 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                              2024-10-08 13:45:37 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              20192.168.2.557721188.114.96.34435028C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                              TimestampBytes transferredDirectionData
                              2024-10-08 13:45:38 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                              Host: reallyfreegeoip.org
                              Connection: Keep-Alive
                              2024-10-08 13:45:38 UTC674INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:45:38 GMT
                              Content-Type: application/xml
                              Transfer-Encoding: chunked
                              Connection: close
                              access-control-allow-origin: *
                              vary: Accept-Encoding
                              Cache-Control: max-age=86400
                              CF-Cache-Status: HIT
                              Age: 61470
                              Last-Modified: Mon, 07 Oct 2024 20:41:08 GMT
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eH0H3r40Ijjq%2FBJar5xWVDhbk4nuioPKe07vYIxDsr9vaDiyUgUHFfwdOrfslITbcfJJoHazNFyhWKmm6KXQGQYixfETl7AVoE3fXm6vuev523jHXiyxP7E3ms%2BGq0aGpY7IeqC7"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              Server: cloudflare
                              CF-RAY: 8cf6928e0f567d13-EWR
                              2024-10-08 13:45:38 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                              2024-10-08 13:45:38 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              21192.168.2.557737188.114.96.34436644C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                              TimestampBytes transferredDirectionData
                              2024-10-08 13:45:40 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                              Host: reallyfreegeoip.org
                              Connection: Keep-Alive
                              2024-10-08 13:45:40 UTC674INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:45:40 GMT
                              Content-Type: application/xml
                              Transfer-Encoding: chunked
                              Connection: close
                              access-control-allow-origin: *
                              vary: Accept-Encoding
                              Cache-Control: max-age=86400
                              CF-Cache-Status: HIT
                              Age: 61472
                              Last-Modified: Mon, 07 Oct 2024 20:41:08 GMT
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t3YlMnvQiYMcJlS2YUBtqurqozPlRDpUxq8Fy1UxeJS%2FmPqR8Kj0eEPAg1Zoj0HHlJLRfxVH53XF6fU0ncSB6aQFl8hurrJxwkvtCkxDIrmUI%2Fz60FUhogXKveC1bvjgelEdWVd0"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              Server: cloudflare
                              CF-RAY: 8cf6929c9a4817e9-EWR
                              2024-10-08 13:45:40 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                              2024-10-08 13:45:40 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              22192.168.2.557744188.114.96.34435028C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                              TimestampBytes transferredDirectionData
                              2024-10-08 13:45:41 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                              Host: reallyfreegeoip.org
                              Connection: Keep-Alive
                              2024-10-08 13:45:41 UTC680INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:45:41 GMT
                              Content-Type: application/xml
                              Transfer-Encoding: chunked
                              Connection: close
                              access-control-allow-origin: *
                              vary: Accept-Encoding
                              Cache-Control: max-age=86400
                              CF-Cache-Status: HIT
                              Age: 61473
                              Last-Modified: Mon, 07 Oct 2024 20:41:08 GMT
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3g6%2Fai0ye%2BJEf1s66urTCSFqtgVd4zU3hkXvfXAjiYz5fYKyNzohULqk20BMSrKucjgivoainXlvfXg0FJIHHvTRHd%2FaI3%2BxEioAK5%2FOgVmyh5aJAdD7IfqKlyEvZeVco8IQf6Zg"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              Server: cloudflare
                              CF-RAY: 8cf692a38e4e43a9-EWR
                              2024-10-08 13:45:41 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                              2024-10-08 13:45:41 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              23192.168.2.557746188.114.96.34436644C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                              TimestampBytes transferredDirectionData
                              2024-10-08 13:45:41 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                              Host: reallyfreegeoip.org
                              Connection: Keep-Alive
                              2024-10-08 13:45:42 UTC674INHTTP/1.1 200 OK
                              Date: Tue, 08 Oct 2024 13:45:42 GMT
                              Content-Type: application/xml
                              Transfer-Encoding: chunked
                              Connection: close
                              access-control-allow-origin: *
                              vary: Accept-Encoding
                              Cache-Control: max-age=86400
                              CF-Cache-Status: HIT
                              Age: 61474
                              Last-Modified: Mon, 07 Oct 2024 20:41:08 GMT
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oFLrhWH1JPOuiWR4P2yMF2rzwMeLyGwroF%2BDuUyXl1T3Xlf3CpbGvil4bXmv9PQXCOPUafK0HnTjhv3WVoYx2wfXMRm6DEmn1eH3DZP1oE4hGtnR%2BrpnzH5Xio80FuiwXQObjtg0"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              Server: cloudflare
                              CF-RAY: 8cf692a5a9d7727d-EWR
                              2024-10-08 13:45:42 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                              2024-10-08 13:45:42 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Statistics

                              CPU Usage

                              Click to jump to process

                              Memory Usage

                              Click to jump to process

                              High Level Behavior Distribution

                              Click to dive into process behavior distribution

                              Behavior

                              Click to jump to process

                              System Behavior

                              General

                              Target ID:0
                              Start time:09:44:49
                              Start date:08/10/2024
                              Path:C:\Users\user\Desktop\rliquida____odefaturadepagamento.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\Users\user\Desktop\rliquida____odefaturadepagamento.exe"
                              Imagebase:0x9f0000
                              File size:2'386'432 bytes
                              MD5 hash:383574FCB2A1B030666CB7C3BE603445
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2060230016.000000000429E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000000.00000002.2060230016.000000000429E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.2060230016.000000000429E000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                              • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000000.00000002.2060230016.000000000429E000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2063013108.0000000005790000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2060230016.00000000041DA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000000.00000002.2060230016.00000000041DA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.2060230016.00000000041DA000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                              • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000000.00000002.2060230016.00000000041DA000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2060230016.0000000004029000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2044343749.0000000003021000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2044343749.0000000003021000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000000.00000002.2044343749.0000000003021000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000000.00000002.2044343749.0000000003021000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                              Reputation:low
                              Has exited:true

                              General

                              Target ID:2
                              Start time:09:44:50
                              Start date:08/10/2024
                              Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                              Imagebase:0x320000
                              File size:42'064 bytes
                              MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.2355015844.0000000000702000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000002.00000002.2355015844.0000000000702000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000002.00000002.2355015844.0000000000702000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                              • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000002.00000002.2355015844.0000000000702000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                              • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000002.00000002.2357847009.0000000002641000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              Reputation:moderate
                              Has exited:true

                              General

                              Target ID:3
                              Start time:09:45:03
                              Start date:08/10/2024
                              Path:C:\Users\user\AppData\Roaming\Koerxmxvkh.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\Users\user\AppData\Roaming\Koerxmxvkh.exe"
                              Imagebase:0xa50000
                              File size:2'386'432 bytes
                              MD5 hash:383574FCB2A1B030666CB7C3BE603445
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.2195287029.00000000041E8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000003.00000002.2195287029.00000000041E8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000003.00000002.2195287029.00000000041E8000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                              • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000003.00000002.2195287029.00000000041E8000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.2177753295.0000000003366000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000003.00000002.2177753295.0000000003366000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000003.00000002.2177753295.0000000003366000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.2195287029.0000000004024000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000003.00000002.2195287029.0000000004024000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000003.00000002.2195287029.0000000004024000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                              • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000003.00000002.2195287029.0000000004024000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000003.00000002.2177753295.0000000002F71000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              Antivirus matches:
                              • Detection: 100%, Joe Sandbox ML
                              • Detection: 26%, ReversingLabs
                              Reputation:low
                              Has exited:true

                              General

                              Target ID:4
                              Start time:09:45:04
                              Start date:08/10/2024
                              Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                              Imagebase:0x8e0000
                              File size:42'064 bytes
                              MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000004.00000002.2555666774.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              Reputation:moderate
                              Has exited:true

                              General

                              Target ID:6
                              Start time:09:45:11
                              Start date:08/10/2024
                              Path:C:\Users\user\AppData\Roaming\Koerxmxvkh.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\Users\user\AppData\Roaming\Koerxmxvkh.exe"
                              Imagebase:0xdf0000
                              File size:2'386'432 bytes
                              MD5 hash:383574FCB2A1B030666CB7C3BE603445
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000006.00000002.2266200449.0000000003499000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000002.2266200449.0000000003786000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000006.00000002.2266200449.0000000003786000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000006.00000002.2266200449.0000000003786000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000002.2290932961.00000000044B5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000006.00000002.2290932961.00000000044B5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000006.00000002.2290932961.00000000044B5000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                              • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000006.00000002.2290932961.00000000044B5000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                              Reputation:low
                              Has exited:true

                              General

                              Target ID:7
                              Start time:09:45:12
                              Start date:08/10/2024
                              Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                              Imagebase:0x80000
                              File size:42'064 bytes
                              MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000007.00000002.2548344456.0000000002391000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              Reputation:moderate
                              Has exited:true

                              General

                              Target ID:8
                              Start time:09:45:22
                              Start date:08/10/2024
                              Path:C:\Windows\SysWOW64\cmd.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                              Imagebase:0x790000
                              File size:236'544 bytes
                              MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:true

                              General

                              Target ID:9
                              Start time:09:45:22
                              Start date:08/10/2024
                              Path:C:\Windows\System32\conhost.exe
                              Wow64 process (32bit):false
                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Imagebase:0x7ff6d64d0000
                              File size:862'208 bytes
                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:true

                              General

                              Target ID:10
                              Start time:09:45:22
                              Start date:08/10/2024
                              Path:C:\Windows\SysWOW64\choice.exe
                              Wow64 process (32bit):true
                              Commandline:choice /C Y /N /D Y /T 3
                              Imagebase:0x9b0000
                              File size:28'160 bytes
                              MD5 hash:FCE0E41C87DC4ABBE976998AD26C27E4
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Reputation:moderate
                              Has exited:true

                              General

                              Target ID:12
                              Start time:09:45:41
                              Start date:08/10/2024
                              Path:C:\Windows\SysWOW64\cmd.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                              Imagebase:0x790000
                              File size:236'544 bytes
                              MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:true

                              General

                              Target ID:13
                              Start time:09:45:41
                              Start date:08/10/2024
                              Path:C:\Windows\System32\conhost.exe
                              Wow64 process (32bit):false
                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Imagebase:0x7ff6d64d0000
                              File size:862'208 bytes
                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:true

                              General

                              Target ID:14
                              Start time:09:45:41
                              Start date:08/10/2024
                              Path:C:\Windows\SysWOW64\choice.exe
                              Wow64 process (32bit):true
                              Commandline:choice /C Y /N /D Y /T 3
                              Imagebase:0x9b0000
                              File size:28'160 bytes
                              MD5 hash:FCE0E41C87DC4ABBE976998AD26C27E4
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Reputation:moderate
                              Has exited:true

                              General

                              Target ID:15
                              Start time:09:45:41
                              Start date:08/10/2024
                              Path:C:\Windows\SysWOW64\cmd.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                              Imagebase:0x790000
                              File size:236'544 bytes
                              MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:true

                              General

                              Target ID:16
                              Start time:09:45:41
                              Start date:08/10/2024
                              Path:C:\Windows\System32\conhost.exe
                              Wow64 process (32bit):false
                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Imagebase:0x7ff6d64d0000
                              File size:862'208 bytes
                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:true

                              General

                              Target ID:17
                              Start time:09:45:41
                              Start date:08/10/2024
                              Path:C:\Windows\SysWOW64\choice.exe
                              Wow64 process (32bit):true
                              Commandline:choice /C Y /N /D Y /T 3
                              Imagebase:0x9b0000
                              File size:28'160 bytes
                              MD5 hash:FCE0E41C87DC4ABBE976998AD26C27E4
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Has exited:true

                              Disassembly

                              Reset < >

                                Execution Graph

                                Execution Coverage:12.6%
                                Dynamic/Decrypted Code Coverage:100%
                                Signature Coverage:3.3%
                                Total number of Nodes:182
                                Total number of Limit Nodes:10
                                execution_graph 53663 5877084 53664 587708e 53663->53664 53684 5866cb0 53664->53684 53688 5866cc0 53664->53688 53665 5876f8f 53670 586abf8 53665->53670 53677 586abe9 53665->53677 53671 586ac0d 53670->53671 53672 586ac23 53671->53672 53692 586b8e6 53671->53692 53697 586b7ba 53671->53697 53702 586b8ff 53671->53702 53707 586b921 53671->53707 53672->53665 53678 586abf8 53677->53678 53679 586b8e6 2 API calls 53678->53679 53680 586ac23 53678->53680 53681 586b921 2 API calls 53678->53681 53682 586b8ff 2 API calls 53678->53682 53683 586b7ba 2 API calls 53678->53683 53679->53680 53680->53665 53681->53680 53682->53680 53683->53680 53685 5866cc0 53684->53685 53756 58671a2 53685->53756 53689 5866cd5 53688->53689 53691 58671a2 2 API calls 53689->53691 53690 5866ceb 53690->53665 53691->53690 53693 586b8ef 53692->53693 53694 586b786 53693->53694 53712 586ea68 53693->53712 53717 586ea58 53693->53717 53698 586b7f6 53697->53698 53730 58664fc 53698->53730 53734 5866508 53698->53734 53699 586b786 53703 586b903 53702->53703 53704 586b786 53703->53704 53705 586ea58 2 API calls 53703->53705 53706 586ea68 2 API calls 53703->53706 53705->53704 53706->53704 53708 586b927 53707->53708 53709 586b9e0 53708->53709 53738 586e900 53708->53738 53743 586e8f1 53708->53743 53713 586ea7d 53712->53713 53722 5866254 53713->53722 53726 5866260 53713->53726 53718 586ea68 53717->53718 53720 5866254 CopyFileA 53718->53720 53721 5866260 CopyFileA 53718->53721 53719 586ea9b 53719->53694 53720->53719 53721->53719 53725 58662bc CopyFileA 53722->53725 53724 58663ed 53725->53724 53728 58662bc CopyFileA 53726->53728 53729 58663ed 53728->53729 53731 5866567 RegOpenKeyExA 53730->53731 53733 5866642 53731->53733 53735 5866567 RegOpenKeyExA 53734->53735 53737 5866642 53735->53737 53739 586e915 53738->53739 53748 5866734 53739->53748 53752 5866740 53739->53752 53744 586e900 53743->53744 53746 5866734 RegSetValueExA 53744->53746 53747 5866740 RegSetValueExA 53744->53747 53745 586e93a 53745->53708 53746->53745 53747->53745 53749 58667a5 RegSetValueExA 53748->53749 53751 58668b2 53749->53751 53753 58667a5 RegSetValueExA 53752->53753 53755 58668b2 53753->53755 53758 58671c6 53756->53758 53757 5866ceb 53757->53665 53758->53757 53759 58649d0 VirtualProtect 53758->53759 53760 58649d8 VirtualProtect 53758->53760 53759->53758 53760->53758 53761 5877b84 53763 5876f8f 53761->53763 53762 5877b7b 53763->53762 53764 586abf8 6 API calls 53763->53764 53765 586abe9 6 API calls 53763->53765 53764->53763 53765->53763 53766 5864700 53767 5864749 NtResumeThread 53766->53767 53769 58647a0 53767->53769 53774 593e198 53775 593e1dc VirtualAlloc 53774->53775 53777 593e249 53775->53777 53778 5864388 53779 58643cc VirtualAllocEx 53778->53779 53781 5864444 53779->53781 53790 5863e28 53791 5863e71 Wow64SetThreadContext 53790->53791 53793 5863ee9 53791->53793 53831 58644e8 53832 5864534 WriteProcessMemory 53831->53832 53834 58645cd 53832->53834 53835 2e17c10 53836 2e17c2a 53835->53836 53837 2e17c3a 53836->53837 53842 593048b 53836->53842 53845 5932ed8 53836->53845 53849 593967b 53836->53849 53853 5931a4d 53836->53853 53844 593cad0 VirtualProtect 53842->53844 53843 59301d0 53844->53843 53846 5932ef7 53845->53846 53848 593cad0 VirtualProtect 53846->53848 53847 59301d0 53848->53847 53850 593969a 53849->53850 53852 593cad0 VirtualProtect 53850->53852 53851 59396bf 53852->53851 53855 593cad0 VirtualProtect 53853->53855 53854 59301d0 53855->53854 53856 5877575 53857 587757f 53856->53857 53863 585a7d8 53857->53863 53872 585a7e8 53857->53872 53858 5876f8f 53861 586abf8 6 API calls 53858->53861 53862 586abe9 6 API calls 53858->53862 53861->53858 53862->53858 53864 585a7e8 53863->53864 53881 585ad8d 53864->53881 53886 585aa6a 53864->53886 53891 585a8ba 53864->53891 53896 585a828 53864->53896 53901 585a818 53864->53901 53906 585a92c 53864->53906 53865 585a813 53865->53858 53873 585a7fd 53872->53873 53875 585ad8d 2 API calls 53873->53875 53876 585a92c 2 API calls 53873->53876 53877 585a818 2 API calls 53873->53877 53878 585a828 2 API calls 53873->53878 53879 585a8ba 2 API calls 53873->53879 53880 585aa6a 2 API calls 53873->53880 53874 585a813 53874->53858 53875->53874 53876->53874 53877->53874 53878->53874 53879->53874 53880->53874 53882 585a8a4 53881->53882 53883 585aa7f 53882->53883 53911 58649d0 53882->53911 53915 58649d8 53882->53915 53883->53865 53888 585aa70 53886->53888 53887 585aa7f 53887->53865 53888->53887 53889 58649d0 VirtualProtect 53888->53889 53890 58649d8 VirtualProtect 53888->53890 53889->53888 53890->53888 53892 585a8a4 53891->53892 53893 585aa7f 53892->53893 53894 58649d0 VirtualProtect 53892->53894 53895 58649d8 VirtualProtect 53892->53895 53893->53865 53894->53892 53895->53892 53898 585a852 53896->53898 53897 585aa7f 53897->53865 53898->53897 53899 58649d0 VirtualProtect 53898->53899 53900 58649d8 VirtualProtect 53898->53900 53899->53898 53900->53898 53903 585a828 53901->53903 53902 585aa7f 53902->53865 53903->53902 53904 58649d0 VirtualProtect 53903->53904 53905 58649d8 VirtualProtect 53903->53905 53904->53903 53905->53903 53907 585a8a4 53906->53907 53907->53906 53908 585aa7f 53907->53908 53909 58649d0 VirtualProtect 53907->53909 53910 58649d8 VirtualProtect 53907->53910 53908->53865 53909->53907 53910->53907 53912 58649d8 VirtualProtect 53911->53912 53914 5864a8e 53912->53914 53914->53882 53916 5864a21 VirtualProtect 53915->53916 53918 5864a8e 53916->53918 53918->53882 53794 5877231 53797 5876f8f 53794->53797 53795 586abf8 6 API calls 53795->53797 53796 586abe9 6 API calls 53796->53797 53797->53795 53797->53796 53798 5863250 53799 586329f NtProtectVirtualMemory 53798->53799 53801 5863317 53799->53801 53919 5863a70 53920 5863af0 CreateProcessA 53919->53920 53922 5863cec 53920->53922 53802 143d01c 53803 143d034 53802->53803 53804 143d08f 53803->53804 53806 593d6b8 53803->53806 53807 593d711 53806->53807 53810 593dc48 53807->53810 53808 593d746 53811 593dc75 53810->53811 53814 593de0b 53811->53814 53815 593cad0 53811->53815 53814->53808 53817 593caf7 53815->53817 53819 593cfd0 53817->53819 53820 593d019 VirtualProtect 53819->53820 53822 593cbb4 53820->53822 53822->53808

                                Executed Functions

                                Function 0587C530 Relevance: 16.2, Strings: 12, Instructions: 1175COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: ,aq$4$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q
                                • API String ID: 0-3443518476
                                • Opcode ID: 9d5bdfc128e86f136735b8d85c4bbffe1b1a0ae3aba4e4ae66bd6c3c96aa25ec
                                • Instruction ID: b857777fa8886edcbf753122cbec4da7e41b25a80f234bed9ea89b12629d4aa1
                                • Opcode Fuzzy Hash: 9d5bdfc128e86f136735b8d85c4bbffe1b1a0ae3aba4e4ae66bd6c3c96aa25ec
                                • Instruction Fuzzy Hash: 14B2F774A002188FDB14CFA8C984BADBBB6FF48700F158599E905EB3A5DB71ED85CB50
                                Function 0587C857 Relevance: 8.0, Strings: 6, Instructions: 495COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: ,aq$4$$]q$$]q$$]q$$]q
                                • API String ID: 0-324474496
                                • Opcode ID: 14f612e2dfec89a27386c8f6d019d318337aba6814d0871c6d114eb5b2f6ae92
                                • Instruction ID: 22d706c1187d9fd5d9cb6646a6d438fdc19533e0182eedaabae4ac8660b18d4d
                                • Opcode Fuzzy Hash: 14f612e2dfec89a27386c8f6d019d318337aba6814d0871c6d114eb5b2f6ae92
                                • Instruction Fuzzy Hash: 9722D874A00218CFDB24CFA4C984BA9B7B2FF48704F1481A9E909AB2A5DB71DD85CF50
                                Function 02E1C418 Relevance: 6.0, Strings: 4, Instructions: 983COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 673 2e1c418-2e1c439 674 2e1c440-2e1c527 673->674 675 2e1c43b 673->675 677 2e1cc29-2e1cc51 674->677 678 2e1c52d-2e1c66e call 2e186b8 674->678 675->674 681 2e1d357-2e1d360 677->681 724 2e1cbf2-2e1cc1c 678->724 725 2e1c674-2e1c6cf 678->725 683 2e1d366-2e1d37d 681->683 684 2e1cc5f-2e1cc69 681->684 685 2e1cc70-2e1cd64 call 2e186b8 684->685 686 2e1cc6b 684->686 706 2e1cd66-2e1cd72 685->706 707 2e1cd8e 685->707 686->685 709 2e1cd74-2e1cd7a 706->709 710 2e1cd7c-2e1cd82 706->710 711 2e1cd94-2e1cdb4 707->711 712 2e1cd8c 709->712 710->712 715 2e1ce14-2e1ce94 711->715 716 2e1cdb6-2e1ce0f 711->716 712->711 738 2e1ce96-2e1cee9 715->738 739 2e1ceeb-2e1cf2e call 2e186b8 715->739 728 2e1d354 716->728 735 2e1cc26 724->735 736 2e1cc1e 724->736 732 2e1c6d1 725->732 733 2e1c6d4-2e1c6df 725->733 728->681 732->733 737 2e1cb07-2e1cb0d 733->737 735->677 736->735 741 2e1cb13-2e1cb8f call 2e10420 737->741 742 2e1c6e4-2e1c702 737->742 763 2e1cf39-2e1cf42 738->763 739->763 784 2e1cbdc-2e1cbe2 741->784 744 2e1c704-2e1c708 742->744 745 2e1c759-2e1c76e 742->745 744->745 750 2e1c70a-2e1c715 744->750 748 2e1c770 745->748 749 2e1c775-2e1c78b 745->749 748->749 753 2e1c792-2e1c7a9 749->753 754 2e1c78d 749->754 755 2e1c74b-2e1c751 750->755 760 2e1c7b0-2e1c7c6 753->760 761 2e1c7ab 753->761 754->753 758 2e1c753-2e1c754 755->758 759 2e1c717-2e1c71b 755->759 762 2e1c7d7-2e1c842 758->762 764 2e1c721-2e1c739 759->764 765 2e1c71d 759->765 766 2e1c7c8 760->766 767 2e1c7cd-2e1c7d4 760->767 761->760 769 2e1c844-2e1c850 762->769 770 2e1c856-2e1ca0b 762->770 772 2e1cfa2-2e1cfb1 763->772 773 2e1c740-2e1c748 764->773 774 2e1c73b 764->774 765->764 766->767 767->762 769->770 782 2e1ca0d-2e1ca11 770->782 783 2e1ca6f-2e1ca84 770->783 775 2e1cfb3-2e1d03b 772->775 776 2e1cf44-2e1cf6c 772->776 773->755 774->773 811 2e1d1b4-2e1d1c0 775->811 779 2e1cf73-2e1cf9c 776->779 780 2e1cf6e 776->780 779->772 780->779 782->783 787 2e1ca13-2e1ca22 782->787 785 2e1ca86 783->785 786 2e1ca8b-2e1caac 783->786 789 2e1cb91-2e1cbd9 784->789 790 2e1cbe4-2e1cbea 784->790 785->786 791 2e1cab3-2e1cad2 786->791 792 2e1caae 786->792 794 2e1ca61-2e1ca67 787->794 789->784 790->724 795 2e1cad4 791->795 796 2e1cad9-2e1caf9 791->796 792->791 798 2e1ca24-2e1ca28 794->798 799 2e1ca69-2e1ca6a 794->799 795->796 804 2e1cb00 796->804 805 2e1cafb 796->805 802 2e1ca32-2e1ca53 798->802 803 2e1ca2a-2e1ca2e 798->803 806 2e1cb04 799->806 807 2e1ca55 802->807 808 2e1ca5a-2e1ca5e 802->808 803->802 804->806 805->804 806->737 807->808 808->794 813 2e1d040-2e1d049 811->813 814 2e1d1c6-2e1d221 811->814 815 2e1d052-2e1d1a8 813->815 816 2e1d04b 813->816 829 2e1d223-2e1d256 814->829 830 2e1d258-2e1d282 814->830 832 2e1d1ae 815->832 816->815 818 2e1d0e2-2e1d122 816->818 819 2e1d127-2e1d167 816->819 820 2e1d058-2e1d098 816->820 821 2e1d09d-2e1d0dd 816->821 818->832 819->832 820->832 821->832 838 2e1d28b-2e1d31e 829->838 830->838 832->811 842 2e1d325-2e1d345 838->842 842->728
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: TJbq$Te]q$paq$xb`q
                                • API String ID: 0-4160082283
                                • Opcode ID: b6eb06eb098582d287251013958a59e486b77ab18ac4c5c905e7ddedb399834f
                                • Instruction ID: e7ea384d4dc4e837fe0f04171ee35cd4a356f00adfc11fb31d22b32d1c38822c
                                • Opcode Fuzzy Hash: b6eb06eb098582d287251013958a59e486b77ab18ac4c5c905e7ddedb399834f
                                • Instruction Fuzzy Hash: 01A2D575A40228CFDB65CF69C980AD9BBB2FF89304F1491E9D509AB325DB319E81CF40
                                Function 05860040 Relevance: 3.0, Strings: 2, Instructions: 544COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1463 5860040-5860061 1464 5860063 1463->1464 1465 5860068-5860100 call 5860979 1463->1465 1464->1465 1469 5860106-586013d 1465->1469 1471 586013f-586014a 1469->1471 1472 586014c 1469->1472 1473 5860156-5860228 1471->1473 1472->1473 1482 586023a-5860265 1473->1482 1483 586022a-5860230 1473->1483 1484 58608dc-58608f8 1482->1484 1483->1482 1485 58608fe-5860919 1484->1485 1486 586026a-5860393 1484->1486 1495 58603a5-58604fe 1486->1495 1496 5860395-586039b 1486->1496 1504 5860557-586055e 1495->1504 1505 5860500-5860504 1495->1505 1496->1495 1508 5860709-5860725 1504->1508 1506 5860506-5860507 1505->1506 1507 586050c-5860552 1505->1507 1511 5860799-58607e8 1506->1511 1507->1511 1509 5860563-5860651 1508->1509 1510 586072b-586074f 1508->1510 1535 5860657-5860702 1509->1535 1536 5860705-5860706 1509->1536 1516 5860796-5860797 1510->1516 1517 5860751-5860793 1510->1517 1524 58607fa-5860845 1511->1524 1525 58607ea-58607f0 1511->1525 1516->1511 1517->1516 1528 5860847-58608bd 1524->1528 1529 58608be-58608d9 1524->1529 1525->1524 1528->1529 1529->1484 1535->1536 1536->1508
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063457909.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5860000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: fbq$8
                                • API String ID: 0-3186246319
                                • Opcode ID: 0a474d98d9687463bb6049353123984d848351c0a0fa7e49e053b105c4c6a2a2
                                • Instruction ID: 269b115aab7c0eea3cfd5b29d8a62196a44c0e6c804eb62cd969c52b33747311
                                • Opcode Fuzzy Hash: 0a474d98d9687463bb6049353123984d848351c0a0fa7e49e053b105c4c6a2a2
                                • Instruction Fuzzy Hash: ED42D475D01629CFDB64DF69C854AD9B7B2BF89314F1486EAD40DA7250EB30AE81CF80
                                Function 02E17D12 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 2130 2e17d12-2e17d3a 2131 2e17d41-2e17d48 2130->2131 2132 2e17d3c 2130->2132 2133 2e17d53-2e17fc6 2131->2133 2132->2131
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: 4']q$4']q
                                • API String ID: 0-3120983240
                                • Opcode ID: c88b1e3771ec84c333dcf4cba27a1df37d71fdad41d4fd4b412e1eaa3528cdaf
                                • Instruction ID: 08efeba649125984f7b7324bc50bd592582d782fd8e109fb5593014dc7085ac5
                                • Opcode Fuzzy Hash: c88b1e3771ec84c333dcf4cba27a1df37d71fdad41d4fd4b412e1eaa3528cdaf
                                • Instruction Fuzzy Hash: AD711B70A0064A8FD758DF6AE94069DBBF6FFC8300F24C63AD408A7278DB795806DB51
                                Function 05860007 Relevance: 2.7, Strings: 2, Instructions: 167COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 2163 5860007-5860061 2165 5860063 2163->2165 2166 5860068-5860100 call 5860979 2163->2166 2165->2166 2170 5860106-586013d 2166->2170 2172 586013f-586014a 2170->2172 2173 586014c 2170->2173 2174 5860156-5860228 2172->2174 2173->2174 2183 586023a-5860265 2174->2183 2184 586022a-5860230 2174->2184 2185 58608dc-58608f8 2183->2185 2184->2183 2186 58608fe-5860919 2185->2186 2187 586026a-5860393 2185->2187 2196 58603a5-58604fe 2187->2196 2197 5860395-586039b 2187->2197 2205 5860557-586055e 2196->2205 2206 5860500-5860504 2196->2206 2197->2196 2209 5860709-5860725 2205->2209 2207 5860506-5860507 2206->2207 2208 586050c-5860552 2206->2208 2212 5860799-58607e8 2207->2212 2208->2212 2210 5860563-5860651 2209->2210 2211 586072b-586074f 2209->2211 2236 5860657-5860702 2210->2236 2237 5860705-5860706 2210->2237 2217 5860796-5860797 2211->2217 2218 5860751-5860793 2211->2218 2225 58607fa-5860845 2212->2225 2226 58607ea-58607f0 2212->2226 2217->2212 2218->2217 2229 5860847-58608bd 2225->2229 2230 58608be-58608d9 2225->2230 2226->2225 2229->2230 2230->2185 2236->2237 2237->2209
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063457909.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5860000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: fbq$h
                                • API String ID: 0-3598783323
                                • Opcode ID: 47d4639abedce9caf685e4f0159533ebae6550f6938264dbd48a37dfdce127b9
                                • Instruction ID: 2180d7e99052ea78fa9db4309e269695ed32ac7328ebeb578d8125bcfd549e79
                                • Opcode Fuzzy Hash: 47d4639abedce9caf685e4f0159533ebae6550f6938264dbd48a37dfdce127b9
                                • Instruction Fuzzy Hash: 06710471D056698FDB65CF6AC8507C9BBB2BF89310F44C2EAC44CA7251EB305A85CF51
                                Function 02E17D20 Relevance: 2.7, Strings: 2, Instructions: 165COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: 4']q$4']q
                                • API String ID: 0-3120983240
                                • Opcode ID: aeaedb1bb0f25776dccf756a76a62d30352949f680bbf4b60b1ae58ba29569b9
                                • Instruction ID: 046168769196d96ca1d259a91c4231efadf52a255cabe7aa94b55771815f65c6
                                • Opcode Fuzzy Hash: aeaedb1bb0f25776dccf756a76a62d30352949f680bbf4b60b1ae58ba29569b9
                                • Instruction Fuzzy Hash: F8711B70A0064A8FD718DF6AE94069EBBF6FFC8300F24C539D408AB278DB795806CB51
                                Function 05780040 Relevance: 2.3, Strings: 1, Instructions: 1081COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: 2
                                • API String ID: 0-450215437
                                • Opcode ID: 4ebcec94cb25c98ca8f4f3a23e54cacf1fe0465b1edd137f3f3f5c2380cd0ccb
                                • Instruction ID: 1487df8e0167c0dcae6a8eab36aaa50c8d823478770b94a18b89c1e0d0edd665
                                • Opcode Fuzzy Hash: 4ebcec94cb25c98ca8f4f3a23e54cacf1fe0465b1edd137f3f3f5c2380cd0ccb
                                • Instruction Fuzzy Hash: 3EC2D2B4A012288FDB65DF69C984B9DBBB6FF89300F1081EAD509A7355DB349E85CF40
                                Function 05855B78 Relevance: 1.9, Strings: 1, Instructions: 601COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: (aq
                                • API String ID: 0-600464949
                                • Opcode ID: ee1bf2be1bed5af4082a25b3a5f329bf69592ab6d238027a516f45d27b452496
                                • Instruction ID: 641ee50c23609271488c1bd41df55578489ed8d134c8dcdfd85470140ae343dd
                                • Opcode Fuzzy Hash: ee1bf2be1bed5af4082a25b3a5f329bf69592ab6d238027a516f45d27b452496
                                • Instruction Fuzzy Hash: D4326870A002168FCB58DFA9C49466EFBF2FF88314F64852AD95AD7391DB34AD05CB90
                                Function 058787E0 Relevance: 1.6, Strings: 1, Instructions: 356COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: Te]q
                                • API String ID: 0-52440209
                                • Opcode ID: e3ef59e20b10e3d8a89d4c5435460c4ad2a948b4f1e00e37b8d4292d45127c1c
                                • Instruction ID: 756a8635fa7b7bd3dfdf80a6b2d6c27c16791dcd7951e00b0af42a35106801c6
                                • Opcode Fuzzy Hash: e3ef59e20b10e3d8a89d4c5435460c4ad2a948b4f1e00e37b8d4292d45127c1c
                                • Instruction Fuzzy Hash: 20F1A070E0521CCFDB64CF69D949BA9BBF2BB89304F1084AAE809E7255DB349D85CF11
                                Function 05863250 Relevance: 1.6, APIs: 1, Instructions: 105nativeCOMMON
                                Download Yara Rule
                                APIs
                                • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 05863305
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063457909.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5860000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID: MemoryProtectVirtual
                                • String ID:
                                • API String ID: 2706961497-0
                                • Opcode ID: 91047f937eea39d098b19339a4b46df9349da3391002f8aeda856cc189d079a9
                                • Instruction ID: d32e566f336279d7c4e28dca376ce9897fd384b370491ebfb5a166df93c229ea
                                • Opcode Fuzzy Hash: 91047f937eea39d098b19339a4b46df9349da3391002f8aeda856cc189d079a9
                                • Instruction Fuzzy Hash: 294179B4D042589FCF10DFAAD984ADEFBB5BF49310F10942AE819B7210DB35A945CF64
                                Function 05863249 Relevance: 1.6, APIs: 1, Instructions: 104nativeCOMMON
                                Download Yara Rule
                                APIs
                                • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 05863305
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063457909.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5860000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID: MemoryProtectVirtual
                                • String ID:
                                • API String ID: 2706961497-0
                                • Opcode ID: cad78e29daf38c44362fa44804691c61c4c057ca3b2308c1e19b9e3c1386c191
                                • Instruction ID: b0d7d6187cf419f12a709246abebe7ead872c156c36fd19d8a22a40076a8a8f0
                                • Opcode Fuzzy Hash: cad78e29daf38c44362fa44804691c61c4c057ca3b2308c1e19b9e3c1386c191
                                • Instruction Fuzzy Hash: 794178B9D042589FCF10CFA9D984AEEFBB1BF09310F14942AE919B7210DB35A945CF64
                                Function 058646F9 Relevance: 1.6, APIs: 1, Instructions: 84nativethreadCOMMON
                                Download Yara Rule
                                APIs
                                • NtResumeThread.NTDLL(?,?), ref: 0586478E
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063457909.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5860000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID: ResumeThread
                                • String ID:
                                • API String ID: 947044025-0
                                • Opcode ID: cac74097d72fb00a9ef77520dd569c828e8ecb318b0475364a892806a51a9ed4
                                • Instruction ID: 9b96762ea0a87d1a53b5cde8e65bc32a375dbbf60ac0aa8fb2c1e45f7d66d86c
                                • Opcode Fuzzy Hash: cac74097d72fb00a9ef77520dd569c828e8ecb318b0475364a892806a51a9ed4
                                • Instruction Fuzzy Hash: 8131BBB4D012189FCB10DFA9D980AAEFBF5BF49310F10942AE819B7200C775A945CFA4
                                Function 05864700 Relevance: 1.6, APIs: 1, Instructions: 82nativethreadCOMMON
                                Download Yara Rule
                                APIs
                                • NtResumeThread.NTDLL(?,?), ref: 0586478E
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063457909.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5860000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID: ResumeThread
                                • String ID:
                                • API String ID: 947044025-0
                                • Opcode ID: bec4d1bc2ab23faa99cc6203d7f3fb643680ff0c3b873ee46cb5d078c717fbbd
                                • Instruction ID: 87129881f1d36bf71ea59d3c9fd0c6a0af1a4424f70fd183b4b7983cf82be560
                                • Opcode Fuzzy Hash: bec4d1bc2ab23faa99cc6203d7f3fb643680ff0c3b873ee46cb5d078c717fbbd
                                • Instruction Fuzzy Hash: DB318AB4D012189FCB10DFA9D984AAEFBF5BF49310F10942AE819B7210D779A945CF94
                                Function 05878896 Relevance: 1.5, Strings: 1, Instructions: 292COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: Te]q
                                • API String ID: 0-52440209
                                • Opcode ID: 556baf390a2f2d315dcb5903f7323f08203dec090fadbf9996181c09c9d309f6
                                • Instruction ID: 886e803b112dd29c6ccbaa21fd246fe9fd83e02f5c00c5b3e0d5dac07b2303dd
                                • Opcode Fuzzy Hash: 556baf390a2f2d315dcb5903f7323f08203dec090fadbf9996181c09c9d309f6
                                • Instruction Fuzzy Hash: F9D1A170E0521DCFDB64CF69D989BA9BBF2BB49304F1085AAE809E7251DB349D85CF10
                                Function 0585B8D0 Relevance: 1.5, Strings: 1, Instructions: 280COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: PH]q
                                • API String ID: 0-3168235125
                                • Opcode ID: 81b80fd2ca79e3811919610793e7753353d59e390d84d1e886224e3721632736
                                • Instruction ID: 61c5bbff0a01ea8748222fdd6a8f4c99d8a2151f9b6ef29dc59bcd306347e2ae
                                • Opcode Fuzzy Hash: 81b80fd2ca79e3811919610793e7753353d59e390d84d1e886224e3721632736
                                • Instruction Fuzzy Hash: 43C1B170A05218CFDB24CFA9D584BADBBF2FB59316F2080A9D80AE7251DB755D85CF04
                                Function 0585B8E0 Relevance: 1.5, Strings: 1, Instructions: 278COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: PH]q
                                • API String ID: 0-3168235125
                                • Opcode ID: fc2760acc27f9e09beb38ac8f52f82381c998a6a6f845adbbde5414fbec5f1a0
                                • Instruction ID: a005c6ed2725dee3ff2bfef3a220497e75a0d2066c956eb28d48d436d0697414
                                • Opcode Fuzzy Hash: fc2760acc27f9e09beb38ac8f52f82381c998a6a6f845adbbde5414fbec5f1a0
                                • Instruction Fuzzy Hash: DEC1E170A0521CCFEB24CF69D484BADBBF2FB59316F2080A9D80AA7291DB755D84CF01
                                Function 0578CD58 Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: Te]q
                                • API String ID: 0-52440209
                                • Opcode ID: 020f654fa7e9abde256637ab3a5c266a85db985dece29f9fdf0b5ab451c52807
                                • Instruction ID: 621756c09ef939f16ba391a41d21d285918951a7750f86edd58e135b1beaf97c
                                • Opcode Fuzzy Hash: 020f654fa7e9abde256637ab3a5c266a85db985dece29f9fdf0b5ab451c52807
                                • Instruction Fuzzy Hash: 97B106B0E45218CFDB24DFA9D848BADBBF6FB49300F5080A9E409AB291DB745D85DF10
                                Function 058792C8 Relevance: 1.5, Strings: 1, Instructions: 250COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: Te]q
                                • API String ID: 0-52440209
                                • Opcode ID: 4cc8a10abe2b2f94cf7a7eadf4c3066eac797a6989e75e0789a72a4bb671bb25
                                • Instruction ID: 1fc9eb28ff8314755f3016afd4b06cb8383ee4347910b4429d2daefd9bdf1725
                                • Opcode Fuzzy Hash: 4cc8a10abe2b2f94cf7a7eadf4c3066eac797a6989e75e0789a72a4bb671bb25
                                • Instruction Fuzzy Hash: B7B18E70E0521CCFDB24CFA9D984BA9BBF2FB49304F1090A9E819A7295DB759D85CF04
                                Function 058792B8 Relevance: 1.5, Strings: 1, Instructions: 245COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: Te]q
                                • API String ID: 0-52440209
                                • Opcode ID: 1f31bcf73b2d8567d8617b1287dbf87609159787caec1bdb69921d8df029d5dd
                                • Instruction ID: 9a13b179caab262a42caa12de1705d8c994f1bd2819c535b731d19132d78ee4a
                                • Opcode Fuzzy Hash: 1f31bcf73b2d8567d8617b1287dbf87609159787caec1bdb69921d8df029d5dd
                                • Instruction Fuzzy Hash: C8B19D70E0521CCFDB24CFA9D984BA9BBF2FB49304F1090A9E819A7295DB759D85CF04
                                Function 02E17652 Relevance: 1.4, Strings: 1, Instructions: 155COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: Te]q
                                • API String ID: 0-52440209
                                • Opcode ID: 44e0209bf9eb6154a01d020c15dab34bd7f0e2198bc4dc676345bbfacd4ea65e
                                • Instruction ID: 4dad8a12c018ad2e080f4e3058fa97456d7f5bf36fada1caf827d62c6179a619
                                • Opcode Fuzzy Hash: 44e0209bf9eb6154a01d020c15dab34bd7f0e2198bc4dc676345bbfacd4ea65e
                                • Instruction Fuzzy Hash: 45516A30A80104CFE714DF69E548BA9B7F3FB88715F249078E906AB2A5CB7A9D45CF41
                                Function 0578142C Relevance: .5, Instructions: 471COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8a0c1e4b783fe21fd26b77c88dc798c7eea955eaaf1c36dfc2aeb3cb53a56b0b
                                • Instruction ID: 4fae7bf8896c8b49f99e7bf40e6870376c2571b674ea0d277932015e1cd3305d
                                • Opcode Fuzzy Hash: 8a0c1e4b783fe21fd26b77c88dc798c7eea955eaaf1c36dfc2aeb3cb53a56b0b
                                • Instruction Fuzzy Hash: 5732E474A452298FCB65DF28C984AA9B7B6FF48300F5081EAD50DA7361DB30AE85CF54
                                Function 0578C058 Relevance: .3, Instructions: 324COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b78f0f30528396fbb6bdf3e613d7e1ea6389e66132c6511e3613361d2a2ee5d0
                                • Instruction ID: d90786cf57ecf0873815ed9908b96306ca86376f76282ba5cb6675acb2823ff8
                                • Opcode Fuzzy Hash: b78f0f30528396fbb6bdf3e613d7e1ea6389e66132c6511e3613361d2a2ee5d0
                                • Instruction Fuzzy Hash: 44E12470D45218CFEB25DFA9E884BADBBF6FB49300F1080A9D409AB291DB745D85DF10
                                Function 0578C048 Relevance: .3, Instructions: 321COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 19dabf05e70a2157bb2e552a852cddbd9254b39176c0236780481c6fb0eed4b7
                                • Instruction ID: 5e9f258bf2556cdba039926acb38da5450e2ad62e2c0bc955aa8d672e4537dc1
                                • Opcode Fuzzy Hash: 19dabf05e70a2157bb2e552a852cddbd9254b39176c0236780481c6fb0eed4b7
                                • Instruction Fuzzy Hash: F1E13970D45218CFEB25DFA9D844BADBBF6FB49304F1080A9E409AB291DB745D85DF10
                                Function 0578C414 Relevance: .3, Instructions: 308COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a5d59e5318e93bd7dfc475a48e3d8d4b03d8a05502187ce33804b25a699eaadc
                                • Instruction ID: 4d4118db1cf84ece58c277029788987511df7c456c7841bb5a4dc08193a25348
                                • Opcode Fuzzy Hash: a5d59e5318e93bd7dfc475a48e3d8d4b03d8a05502187ce33804b25a699eaadc
                                • Instruction Fuzzy Hash: B5E14870D45218CFEB25DFA9E884BADBBF6FB49304F1080A9E409AB291DB345D85DF10
                                Function 02E149F0 Relevance: .3, Instructions: 289COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 867278b76732940ce196ff27ab2f388ec91b64809070fb23d012b346ed069c43
                                • Instruction ID: ea8c5c21433ab3403a52e7f2bd39373b7f4ab0e8bc50afcd96ba4e9b609edb31
                                • Opcode Fuzzy Hash: 867278b76732940ce196ff27ab2f388ec91b64809070fb23d012b346ed069c43
                                • Instruction Fuzzy Hash: 73B1AC70A44248CFDB24CF58C4447EABBB2AB89704F1AE4B6D005AB7D5E3789D45CBA1
                                Function 0585A828 Relevance: .3, Instructions: 276COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: bbb0b6bed29bc5bff8df31d4dcc1638392efeedefc81f2caef347915147d8736
                                • Instruction ID: c65eedcef1702bd6f672eef1da28e55ac47e6ee60f8ddfe5e817ff40716f119c
                                • Opcode Fuzzy Hash: bbb0b6bed29bc5bff8df31d4dcc1638392efeedefc81f2caef347915147d8736
                                • Instruction Fuzzy Hash: 6AC11974E04218CFDB58CF69D984BADBBF2FB49315F1081AAD80AA7290DB385D85CF11
                                Function 05780007 Relevance: .1, Instructions: 142COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9c862d1964a48bd9901213f20ba594c8af27c5d26933abf8a37ac328152729c4
                                • Instruction ID: 7662f495d80517525eb71a2c1b41ad610d45c36f0cfb1f54e2f01b7fa03f5697
                                • Opcode Fuzzy Hash: 9c862d1964a48bd9901213f20ba594c8af27c5d26933abf8a37ac328152729c4
                                • Instruction Fuzzy Hash: 43510CB1D446588BEB19CF6BC94469AFBF3AFC8300F18C1BAD508AA255DB345985CF10
                                Function 0578001F Relevance: .1, Instructions: 133COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4625009a538b4e6b9110622b1bd29fdea54caa3733d2b43b0a81af10b55a49b2
                                • Instruction ID: 1a1ff1cae042ba280b6e05ea9275b4353ff06c7c7cd739f614444dfa9ea780f1
                                • Opcode Fuzzy Hash: 4625009a538b4e6b9110622b1bd29fdea54caa3733d2b43b0a81af10b55a49b2
                                • Instruction Fuzzy Hash: F651FAB1E006598BEB19CF6BC94469EFBF3AFC8300F14C1BAD508AA255DB345985CF14
                                Function 0578DDA0 Relevance: 7.7, Strings: 6, Instructions: 151COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 630 578dda0-578ddec 634 578df6a-578dfa3 630->634 635 578ddf2-578de04 630->635 638 578de54-578de9d 635->638 639 578de06-578de52 635->639 655 578dea0-578dee0 638->655 639->655 660 578deea-578def4 655->660 661 578dee2-578dee8 655->661 662 578def7-578df10 660->662 661->662 665 578df17-578df3a 662->665 669 578df3c-578df58 665->669 670 578df60-578df67 665->670 669->670
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: (aq$4']q$4']q$4']q$4']q$paq
                                • API String ID: 0-463314800
                                • Opcode ID: 5b944c3e9367a2d7d6208308155734f469393165209724cc1d789453b300c855
                                • Instruction ID: c944436f6d0641abdffed984d481ada75ce2efc58a9aa4aa389615af4cde40fc
                                • Opcode Fuzzy Hash: 5b944c3e9367a2d7d6208308155734f469393165209724cc1d789453b300c855
                                • Instruction Fuzzy Hash: C551B170A402058FC718DF69D950AAFBBFBBFD8300F54486DC449972A9DF789906C7A1
                                Function 0578E798 Relevance: 4.1, Strings: 3, Instructions: 370COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 976 578e798-578e7d5 call 578eca1 978 578e7f7-578e80d call 578e5a0 976->978 979 578e7d7-578e7da 976->979 985 578eb83-578eb97 978->985 986 578e813-578e81f 978->986 1093 578e7dc call 578f108 979->1093 1094 578e7dc call 578f0a1 979->1094 981 578e7e2-578e7e4 981->978 983 578e7e6-578e7ee 981->983 983->978 993 578ebd7-578ebe0 985->993 987 578e950-578e957 986->987 988 578e825-578e828 986->988 990 578e95d-578e966 987->990 991 578ea86-578eac3 call 578dfa8 call 5befd68 987->991 992 578e82b-578e834 988->992 990->991 994 578e96c-578ea78 call 578dfa8 call 578e538 call 578dfa8 990->994 1034 578eac9-578eb7a call 578dfa8 991->1034 996 578ec78 992->996 997 578e83a-578e84e 992->997 998 578ebe2-578ebe9 993->998 999 578eba5-578ebae 993->999 1087 578ea7a 994->1087 1088 578ea83 994->1088 1006 578ec7d-578ec81 996->1006 1010 578e940-578e94a 997->1010 1011 578e854-578e8e9 call 578e5a0 * 2 call 578dfa8 call 578e538 call 578e5e0 call 578e688 call 578e6f0 997->1011 1004 578ebeb-578ec2e call 578dfa8 998->1004 1005 578ec37-578ec3e 998->1005 999->996 1002 578ebb4-578ebc6 999->1002 1022 578ebc8-578ebcd 1002->1022 1023 578ebd6 1002->1023 1004->1005 1012 578ec40-578ec50 1005->1012 1013 578ec63-578ec76 1005->1013 1008 578ec8c 1006->1008 1009 578ec83 1006->1009 1020 578ec8d 1008->1020 1009->1008 1010->987 1010->992 1066 578e908-578e93b call 578e6f0 1011->1066 1067 578e8eb-578e903 call 578e688 call 578dfa8 call 578e258 1011->1067 1012->1013 1026 578ec52-578ec5a 1012->1026 1013->1006 1020->1020 1091 578ebd0 call 58506d0 1022->1091 1092 578ebd0 call 58506c2 1022->1092 1023->993 1026->1013 1034->985 1066->1010 1067->1066 1087->1088 1088->991 1091->1023 1092->1023 1093->981 1094->981
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: 4']q$4']q$4']q
                                • API String ID: 0-705557208
                                • Opcode ID: 99e7b8b805488eb3e6844293873736bf24c42590c874621fc971a9628bbedba4
                                • Instruction ID: fb57b5cd8ea62301ecce5815159ffb726b44d70b9f6992d34ecd03aa9842ebf0
                                • Opcode Fuzzy Hash: 99e7b8b805488eb3e6844293873736bf24c42590c874621fc971a9628bbedba4
                                • Instruction Fuzzy Hash: 93F1DD34B50118CFCB14EFA4D998AADBBB6FF89310F118155E806AB3A5DB70EC46DB50
                                Function 05851D60 Relevance: 4.1, Strings: 3, Instructions: 357COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1095 5851d60-5851d70 1098 5851d76-5851d7a 1095->1098 1099 5851e89-5851eae 1095->1099 1100 5851eb5-5851eda 1098->1100 1101 5851d80-5851d89 1098->1101 1099->1100 1103 5851ee1-5851f17 1100->1103 1101->1103 1104 5851d8f-5851db6 1101->1104 1119 5851f1e-5851f74 1103->1119 1113 5851dbc-5851dbe 1104->1113 1114 5851e7e-5851e88 1104->1114 1116 5851dc0-5851dc3 1113->1116 1117 5851ddf-5851de1 1113->1117 1116->1119 1120 5851dc9-5851dd3 1116->1120 1121 5851de4-5851de8 1117->1121 1135 5851f76-5851f8a 1119->1135 1136 5851f98-5851faf 1119->1136 1120->1119 1123 5851dd9-5851ddd 1120->1123 1124 5851e49-5851e55 1121->1124 1125 5851dea-5851df9 1121->1125 1123->1117 1123->1121 1124->1119 1127 5851e5b-5851e62 1124->1127 1125->1119 1131 5851dff-5851e46 1125->1131 1197 5851e64 call 587c380 1127->1197 1198 5851e64 call 587c390 1127->1198 1130 5851e69-5851e78 1130->1113 1130->1114 1131->1124 1193 5851f8d call 58522f0 1135->1193 1194 5851f8d call 58522e2 1135->1194 1195 5851f8d call 58525d8 1135->1195 1196 5851f8d call 5852478 1135->1196 1144 5851fb5-585209b call 5850d98 1136->1144 1145 58520a0-58520b0 1136->1145 1142 5851f93 1146 58521c3-58521ce 1142->1146 1144->1145 1153 58520b6-5852190 1145->1153 1154 585219e-58521ba 1145->1154 1151 58521d0-58521e0 1146->1151 1152 58521fd-585221e 1146->1152 1160 58521f0-58521f6 1151->1160 1161 58521e2-58521e8 1151->1161 1190 5852192 1153->1190 1191 585219b 1153->1191 1154->1146 1160->1152 1161->1160 1190->1191 1191->1154 1193->1142 1194->1142 1195->1142 1196->1142 1197->1130 1198->1130
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: (aq$(aq$Haq
                                • API String ID: 0-2456560092
                                • Opcode ID: 349e063957d16a46091d0436a5d4d2fd906f7f6982c822e7b709bd3364de8fee
                                • Instruction ID: e31db1a66dcc2c767f4710595bab11d13d1dda8c71e4fa72edc402448b30af7b
                                • Opcode Fuzzy Hash: 349e063957d16a46091d0436a5d4d2fd906f7f6982c822e7b709bd3364de8fee
                                • Instruction Fuzzy Hash: ABE12034B002099FCB14EF64D4989AEBBB2FF89310F508569E806AB365DF34ED46CB51
                                Function 0585EC48 Relevance: 3.8, Strings: 3, Instructions: 40COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1199 585ec48-585ece9 call 585fa38 1204 585ecef-585ecf7 1199->1204 1205 585e109-585e10f 1199->1205 1204->1205 1206 585e111-585e600 1205->1206 1207 585e118-585f440 call 585fa38 1205->1207 1206->1205 1219 585e606-585e60e 1206->1219 1214 585f446-585f47c 1207->1214 1214->1205 1217 585f482-585f48a 1214->1217 1217->1205 1219->1205
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: #$)$@{w
                                • API String ID: 0-460873827
                                • Opcode ID: f3ea990e2da4b0f9a4807d55682a59bc6646fa4eba6f58c71f5e95c3ca06b55a
                                • Instruction ID: bede04fa269e4d9520f3a374c3223d402674b5df1677fa0643f345e1bbf19f1e
                                • Opcode Fuzzy Hash: f3ea990e2da4b0f9a4807d55682a59bc6646fa4eba6f58c71f5e95c3ca06b55a
                                • Instruction Fuzzy Hash: 9011EC70A4025A9FDB58DF18EA59AA977F2FB48308F1041F5D816E7294DB389D80CF40
                                Function 05500D98 Relevance: 3.1, Strings: 2, Instructions: 577COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2061984691.0000000005500000.00000040.00000800.00020000.00000000.sdmp, Offset: 05500000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5500000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: 4']q$4']q
                                • API String ID: 0-3120983240
                                • Opcode ID: 18cb81b8d27377d19272fdf0e741454a40728db243920bcb4f1d95e5516eae39
                                • Instruction ID: 9d1a080daab917b62c4d791c0cc1daf9f0a9ee3d31414894c29dd38e2a2a77c6
                                • Opcode Fuzzy Hash: 18cb81b8d27377d19272fdf0e741454a40728db243920bcb4f1d95e5516eae39
                                • Instruction Fuzzy Hash: 80421674E04619CFCB14CF94D899ABEBBB6FF49300F509429E816A73A4DB346846CF91
                                Function 0587EC28 Relevance: 3.0, Strings: 2, Instructions: 516COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1543 587ec28-587ec4e 1544 587ec50-587ec5d 1543->1544 1545 587ec5f-587ec68 1543->1545 1544->1545 1546 587ec6b-587ec78 1544->1546 1547 587ec83 1546->1547 1548 587ec7a-587ec81 1546->1548 1549 587ec8a-587ecb4 1547->1549 1548->1549 1551 587ecb6 1549->1551 1552 587ecbd-587ecd0 call 587e908 1549->1552 1551->1552 1555 587ecd6-587ece9 1552->1555 1556 587ee14-587ee1b 1552->1556 1562 587ecf7-587ed11 1555->1562 1563 587eceb-587ecf2 1555->1563 1557 587f0b5-587f0bc 1556->1557 1558 587ee21-587ee36 1556->1558 1560 587f0be-587f0c7 1557->1560 1561 587f12b-587f132 1557->1561 1569 587ee56-587ee5c 1558->1569 1570 587ee38-587ee3a 1558->1570 1560->1561 1567 587f0c9-587f0dc 1560->1567 1565 587f1ce-587f1d5 1561->1565 1566 587f138-587f141 1561->1566 1588 587ed13-587ed16 1562->1588 1589 587ed18-587ed25 1562->1589 1568 587ee0d 1563->1568 1572 587f1d7-587f1e8 1565->1572 1573 587f1f1-587f1f7 1565->1573 1566->1565 1571 587f147-587f15a 1566->1571 1567->1561 1583 587f0de-587f123 call 587bd90 1567->1583 1568->1556 1574 587ef24-587ef28 1569->1574 1575 587ee62-587ee64 1569->1575 1570->1569 1579 587ee3c-587ee53 1570->1579 1594 587f16d-587f171 1571->1594 1595 587f15c-587f16b 1571->1595 1572->1573 1591 587f1ea 1572->1591 1577 587f209-587f212 1573->1577 1578 587f1f9-587f1ff 1573->1578 1574->1557 1586 587ef2e-587ef30 1574->1586 1575->1574 1582 587ee6a-587eeeb call 587bd90 * 4 1575->1582 1584 587f215-587f247 1578->1584 1585 587f201-587f207 1578->1585 1579->1569 1655 587ef02-587ef21 call 587bd90 1582->1655 1656 587eeed-587eeff call 587bd90 1582->1656 1583->1561 1627 587f125-587f128 1583->1627 1628 587f24f-587f28a 1584->1628 1585->1577 1585->1584 1586->1557 1592 587ef36-587ef3f 1586->1592 1590 587ed27-587ed3b 1588->1590 1589->1590 1590->1568 1623 587ed41-587ed95 1590->1623 1591->1573 1601 587f092-587f098 1592->1601 1597 587f173-587f175 1594->1597 1598 587f191-587f193 1594->1598 1595->1594 1597->1598 1604 587f177-587f18e 1597->1604 1598->1565 1606 587f195-587f19b 1598->1606 1607 587f0ab 1601->1607 1608 587f09a-587f0a9 1601->1608 1604->1598 1606->1565 1612 587f19d-587f1cb 1606->1612 1609 587f0ad-587f0af 1607->1609 1608->1609 1609->1557 1618 587ef44-587ef52 call 587d560 1609->1618 1612->1565 1629 587ef54-587ef5a 1618->1629 1630 587ef6a-587ef84 1618->1630 1663 587ed97-587ed99 1623->1663 1664 587eda3-587eda7 1623->1664 1627->1561 1667 587f28c-587f296 1628->1667 1668 587f298 1628->1668 1634 587ef5e-587ef60 1629->1634 1635 587ef5c 1629->1635 1630->1601 1641 587ef8a-587ef8e 1630->1641 1634->1630 1635->1630 1644 587ef90-587ef99 1641->1644 1645 587efaf 1641->1645 1649 587efa0-587efa3 1644->1649 1650 587ef9b-587ef9e 1644->1650 1647 587efb2-587efcc 1645->1647 1647->1601 1670 587efd2-587f053 call 587bd90 * 4 1647->1670 1651 587efad 1649->1651 1650->1651 1651->1647 1655->1574 1656->1655 1663->1664 1664->1568 1669 587eda9-587edc1 1664->1669 1671 587f29d-587f29f 1667->1671 1668->1671 1669->1568 1677 587edc3-587edcf 1669->1677 1697 587f055-587f067 call 587bd90 1670->1697 1698 587f06a-587f090 call 587bd90 1670->1698 1672 587f2a6-587f2ab 1671->1672 1673 587f2a1-587f2a4 1671->1673 1676 587f2b1-587f2de 1672->1676 1673->1676 1679 587edd1-587edd4 1677->1679 1680 587edde-587ede4 1677->1680 1679->1680 1682 587ede6-587ede9 1680->1682 1683 587edec-587edf5 1680->1683 1682->1683 1686 587edf7-587edfa 1683->1686 1687 587ee04-587ee0a 1683->1687 1686->1687 1687->1568 1697->1698 1698->1557 1698->1601
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: $]q$$]q
                                • API String ID: 0-127220927
                                • Opcode ID: 11628706b7165bdfc95ca0fefb2ece2fd84bbc6d79b8142e7a2b98a0edcb680f
                                • Instruction ID: ab8494bce6e6ab0745a1f6aab3baac3d2b0a38eb35dda99f661af31df298791c
                                • Opcode Fuzzy Hash: 11628706b7165bdfc95ca0fefb2ece2fd84bbc6d79b8142e7a2b98a0edcb680f
                                • Instruction Fuzzy Hash: 6C226A30A006198FCB15DFA9D954AAEBBB6FF48300F148099E811E7394DB39DE45DF91
                                Function 055018C0 Relevance: 2.9, Strings: 2, Instructions: 362COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1703 55018c0-55018e8 1704 55018ea 1703->1704 1705 55018ef-5501918 1703->1705 1704->1705 1706 5501939 1705->1706 1707 550191a-5501923 1705->1707 1710 550193c-5501940 1706->1710 1708 5501925-5501928 1707->1708 1709 550192a-550192d 1707->1709 1711 5501937 1708->1711 1709->1711 1712 5501cf7-5501d0e 1710->1712 1711->1710 1714 5501d14-5501d18 1712->1714 1715 5501945-5501949 1712->1715 1718 5501d1a-5501d4a 1714->1718 1719 5501d4d-5501d51 1714->1719 1716 550194b-55019a8 1715->1716 1717 550194e-5501952 1715->1717 1729 55019aa-5501a1b 1716->1729 1730 55019ad-55019b1 1716->1730 1721 5501954-5501978 1717->1721 1722 550197b-550199f 1717->1722 1718->1719 1723 5501d72 1719->1723 1724 5501d53-5501d5c 1719->1724 1721->1722 1722->1712 1727 5501d75-5501d7b 1723->1727 1725 5501d63-5501d66 1724->1725 1726 5501d5e-5501d61 1724->1726 1735 5501d70 1725->1735 1726->1735 1737 5501a20-5501a24 1729->1737 1738 5501a1d-5501a7a 1729->1738 1732 55019b3-55019d7 1730->1732 1733 55019da-55019eb 1730->1733 1732->1733 1830 55019ee call 5856a50 1733->1830 1831 55019ee call 5856a60 1733->1831 1735->1727 1741 5501a26-5501a4a 1737->1741 1742 5501a4d-5501a71 1737->1742 1747 5501a7c-5501ad8 1738->1747 1748 5501a7f-5501a83 1738->1748 1741->1742 1742->1712 1760 5501ada-5501b3c 1747->1760 1761 5501add-5501ae1 1747->1761 1751 5501a85-5501aa9 1748->1751 1752 5501aac-5501acf 1748->1752 1751->1752 1752->1712 1757 55019f4-5501a01 1758 5501a11-5501a12 1757->1758 1759 5501a03-5501a09 1757->1759 1758->1712 1759->1758 1770 5501b41-5501b45 1760->1770 1771 5501b3e-5501ba0 1760->1771 1763 5501ae3-5501b07 1761->1763 1764 5501b0a-5501b0d 1761->1764 1763->1764 1828 5501b0f call 5856ed0 1764->1828 1829 5501b0f call 5856ec2 1764->1829 1773 5501b47-5501b6b 1770->1773 1774 5501b6e-5501b86 1770->1774 1782 5501ba2-5501c04 1771->1782 1783 5501ba5-5501ba9 1771->1783 1773->1774 1791 5501b96-5501b97 1774->1791 1792 5501b88-5501b8e 1774->1792 1778 5501b15-5501b22 1780 5501b32-5501b33 1778->1780 1781 5501b24-5501b2a 1778->1781 1780->1712 1781->1780 1793 5501c06-5501c68 1782->1793 1794 5501c09-5501c0d 1782->1794 1785 5501bd2-5501bea 1783->1785 1786 5501bab-5501bcf 1783->1786 1802 5501bfa-5501bfb 1785->1802 1803 5501bec-5501bf2 1785->1803 1786->1785 1791->1712 1792->1791 1804 5501c6a-5501cc3 1793->1804 1805 5501c6d-5501c71 1793->1805 1796 5501c36-5501c4e 1794->1796 1797 5501c0f-5501c33 1794->1797 1813 5501c50-5501c56 1796->1813 1814 5501c5e-5501c5f 1796->1814 1797->1796 1802->1712 1803->1802 1815 5501cc5-5501ce9 1804->1815 1816 5501cec-5501cef 1804->1816 1807 5501c73-5501c97 1805->1807 1808 5501c9a-5501cbd 1805->1808 1807->1808 1808->1712 1813->1814 1814->1712 1815->1816 1816->1712 1828->1778 1829->1778 1830->1757 1831->1757
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2061984691.0000000005500000.00000040.00000800.00020000.00000000.sdmp, Offset: 05500000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5500000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: 4']q$4']q
                                • API String ID: 0-3120983240
                                • Opcode ID: b9f40f7b29c47dbfd1db6e614905d24569607151c205f6ab368b022a6adf66e0
                                • Instruction ID: 75acc9703881ce8bc8774840e6a09c1219c884543ee59d3f519df3f56d96f3b3
                                • Opcode Fuzzy Hash: b9f40f7b29c47dbfd1db6e614905d24569607151c205f6ab368b022a6adf66e0
                                • Instruction Fuzzy Hash: 53F1F534E05618DFCB18DFA5E8996ECBBB2FF49311F60542AE40AA7394DB349885CF41
                                Function 05501598 Relevance: 2.7, Strings: 2, Instructions: 231COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1919 5501598-55015bd 1921 55015c4-55015e1 1919->1921 1922 55015bf 1919->1922 1923 5501602 1921->1923 1924 55015e3-55015ec 1921->1924 1922->1921 1925 5501605-5501609 1923->1925 1926 55015f3-55015f6 1924->1926 1927 55015ee-55015f1 1924->1927 1928 5501824-550183b 1925->1928 1929 5501600 1926->1929 1927->1929 1931 5501841-5501845 1928->1931 1932 550160e-5501612 1928->1932 1929->1925 1933 5501847-550186c 1931->1933 1934 550186f-5501873 1931->1934 1935 5501614-55016b2 1932->1935 1936 550161a-550161e 1932->1936 1933->1934 1940 5501894 1934->1940 1941 5501875-550187e 1934->1941 1942 55016b4-5501752 1935->1942 1943 55016ba-55016be 1935->1943 1938 5501620-5501645 1936->1938 1939 5501648-550166d 1936->1939 1938->1939 1966 550168e 1939->1966 1967 550166f-5501678 1939->1967 1945 5501897-550189d 1940->1945 1946 5501880-5501883 1941->1946 1947 5501885-5501888 1941->1947 1955 5501754-55017ef 1942->1955 1956 550175a-550175e 1942->1956 1949 55016c0-55016e5 1943->1949 1950 55016e8-550170d 1943->1950 1952 5501892 1946->1952 1947->1952 1949->1950 1981 550172e 1950->1981 1982 550170f-5501718 1950->1982 1952->1945 1964 55017f1-5501816 1955->1964 1965 5501819-550181c 1955->1965 1960 5501760-5501785 1956->1960 1961 5501788-55017ad 1956->1961 1960->1961 1993 55017ce 1961->1993 1994 55017af-55017b8 1961->1994 1964->1965 1965->1928 1974 5501691-5501698 1966->1974 1972 550167a-550167d 1967->1972 1973 550167f-5501682 1967->1973 1978 550168c 1972->1978 1973->1978 1979 55016a8-55016a9 1974->1979 1980 550169a-55016a0 1974->1980 1978->1974 1979->1928 1980->1979 1986 5501731-5501738 1981->1986 1984 550171a-550171d 1982->1984 1985 550171f-5501722 1982->1985 1989 550172c 1984->1989 1985->1989 1990 5501748-5501749 1986->1990 1991 550173a-5501740 1986->1991 1989->1986 1990->1928 1991->1990 1998 55017d1-55017d8 1993->1998 1996 55017ba-55017bd 1994->1996 1997 55017bf-55017c2 1994->1997 2000 55017cc 1996->2000 1997->2000 2001 55017e8-55017e9 1998->2001 2002 55017da-55017e0 1998->2002 2000->1998 2001->1928 2002->2001
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2061984691.0000000005500000.00000040.00000800.00020000.00000000.sdmp, Offset: 05500000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5500000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: 4']q$4']q
                                • API String ID: 0-3120983240
                                • Opcode ID: 25474dba3f3e7defbda5b5ef123255d5a6ba3217e4a3180218f6bfcb896b5963
                                • Instruction ID: 15e5337861c8d4b1c4aa615652f89ed57b98072475963ea37411ed2c5c79c8d9
                                • Opcode Fuzzy Hash: 25474dba3f3e7defbda5b5ef123255d5a6ba3217e4a3180218f6bfcb896b5963
                                • Instruction Fuzzy Hash: FDA11674E01219CFDB18DFA4D889ABDBBB6FF49301F54942AE80267390CB346945CF91
                                Function 0587E24A Relevance: 2.7, Strings: 2, Instructions: 178COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 2072 587e24a-587e255 2073 587e257-587e26a 2072->2073 2074 587e2aa-587e2bc 2072->2074 2075 587e270-587e272 2073->2075 2076 587e35e-587e383 2073->2076 2080 587e2c2-587e2c7 2074->2080 2081 587e3e0-587e465 call 587b6b8 2074->2081 2078 587e38a-587e3ae 2075->2078 2079 587e278-587e284 2075->2079 2076->2078 2097 587e3b5-587e3d9 2078->2097 2087 587e286-587e292 2079->2087 2088 587e298-587e2a8 2079->2088 2128 587e2c9 call 587e24a 2080->2128 2129 587e2c9 call 587e458 2080->2129 2121 587e46a-587e478 call 587d560 2081->2121 2085 587e2cf-587e318 2111 587e33b-587e35b call 587c360 2085->2111 2112 587e31a-587e333 2085->2112 2087->2088 2087->2097 2088->2074 2088->2097 2097->2081 2112->2111 2124 587e490-587e492 2121->2124 2125 587e47a-587e480 2121->2125 2126 587e484-587e486 2125->2126 2127 587e482 2125->2127 2126->2124 2127->2124 2128->2085 2129->2085
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: (aq$Haq
                                • API String ID: 0-3785302501
                                • Opcode ID: a684ffa4e4948ac5d00145197c56b2a32e613b043e7061295732647d89f0dddd
                                • Instruction ID: 37406532db30d933424a9bd7e03807d8e5d92034f6cfb9dc1538bea98c6a8f35
                                • Opcode Fuzzy Hash: a684ffa4e4948ac5d00145197c56b2a32e613b043e7061295732647d89f0dddd
                                • Instruction Fuzzy Hash: 6F51BE307042158FC719AF78C494A6E7BB6FF99200B5448ADD80ADB3A5DE35DC46CB91
                                Function 02E11C6A Relevance: 2.7, Strings: 2, Instructions: 157COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: $\s]q
                                • API String ID: 0-2102667761
                                • Opcode ID: fa1de8c6af2bee84294ed519e5193b8a7830c2b7883d7941fcd4e2b8e78589cc
                                • Instruction ID: 64846068c2b896b92740ccf867266e41a77aef89a9c473585808183794206cc7
                                • Opcode Fuzzy Hash: fa1de8c6af2bee84294ed519e5193b8a7830c2b7883d7941fcd4e2b8e78589cc
                                • Instruction Fuzzy Hash: 7671077094425ACFDF10CF94D8687EDBBF1FB08309F04A229D10ABA294C7B95945CF69
                                Function 02E11BE6 Relevance: 2.7, Strings: 2, Instructions: 152COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: $"
                                • API String ID: 0-3817095088
                                • Opcode ID: 667dc46bb12fdc71d4bc69e11e5d42f5441b0c41ef78da666552f85860062e5d
                                • Instruction ID: d65972996d26dccc9639a3439c825ca448904843be1feb06158fe00afcf889ba
                                • Opcode Fuzzy Hash: 667dc46bb12fdc71d4bc69e11e5d42f5441b0c41ef78da666552f85860062e5d
                                • Instruction Fuzzy Hash: 8A61F67094425ACFDF10CF94D4687EDBBF1FB0834AF04A229D10ABA294C7B95585CF69
                                Function 0578DD71 Relevance: 2.6, Strings: 2, Instructions: 130COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: 4']q$paq
                                • API String ID: 0-4101361271
                                • Opcode ID: 12ee51006e503068f7272c90de4b98db2bc73dea45760be9e8a8b8226a07bca5
                                • Instruction ID: 63b5c742357588198472b6959ac1a30ee216678789ea957e7a1bc72bf2eacb84
                                • Opcode Fuzzy Hash: 12ee51006e503068f7272c90de4b98db2bc73dea45760be9e8a8b8226a07bca5
                                • Instruction Fuzzy Hash: 7041F6706402059FC714DF69D980BAFBBFAFF98300F44882DC449972A9DB39A806C7A1
                                Function 05786C86 Relevance: 2.6, Strings: 2, Instructions: 56COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: W$y
                                • API String ID: 0-1317259545
                                • Opcode ID: 0c25445e7a5c914c756949a5b3a3766a2fab0431223f5811569790058489a501
                                • Instruction ID: 327133ddd5ccb9fd7e0d53649dc2b09942219a1edd2be13b318fe62d0b72bd73
                                • Opcode Fuzzy Hash: 0c25445e7a5c914c756949a5b3a3766a2fab0431223f5811569790058489a501
                                • Instruction Fuzzy Hash: 7521CF70984228CFDB65EF64C898BEDBBB2BF08308F1051EAC409B6251C7754AC5DF05
                                Function 05BEEEC0 Relevance: 1.9, Strings: 1, Instructions: 677COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2064640113.0000000005BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BD0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5bd0000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: ,aq
                                • API String ID: 0-3092978723
                                • Opcode ID: 1b2d9e2db325925f82364f1eef6bd19e6023398533544b444a7f2d3cac94dd58
                                • Instruction ID: 03d168573a62520b121d582c23970c49943c4d51f8d1b3d7832f9d3acbd46c0e
                                • Opcode Fuzzy Hash: 1b2d9e2db325925f82364f1eef6bd19e6023398533544b444a7f2d3cac94dd58
                                • Instruction Fuzzy Hash: FF520775A002288FDB24CF69C981BEDBBF6BF88300F1545D9E549A7361DA34AD80CF61
                                Function 0587F7F0 Relevance: 1.8, Strings: 1, Instructions: 543COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: (_]q
                                • API String ID: 0-188044275
                                • Opcode ID: 2b08e3748a8132b192c80aa70c8cd3c0f1967778d7059194e62cc98fa292420d
                                • Instruction ID: 9ed0da2a53b8e4ac8d95e2cc951f93f56577d5bb8417d347f0a89bb082e4b9a6
                                • Opcode Fuzzy Hash: 2b08e3748a8132b192c80aa70c8cd3c0f1967778d7059194e62cc98fa292420d
                                • Instruction Fuzzy Hash: 9A227A71B102199FDB14CFA9C490AADBBF2FF88304F148469E905EB3A5DA35ED81CB50
                                Function 05863A65 Relevance: 1.8, APIs: 1, Instructions: 262processCOMMON
                                Download Yara Rule
                                APIs
                                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 05863CD7
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063457909.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5860000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID: CreateProcess
                                • String ID:
                                • API String ID: 963392458-0
                                • Opcode ID: f59f1103416e41eeec1745913e0be43c0fd9e9db46a788ab62719bb2d0195c5d
                                • Instruction ID: 12a6b122c5eb8b80f7f2a1e3953823700b443766794daeb2b007656ef866858c
                                • Opcode Fuzzy Hash: f59f1103416e41eeec1745913e0be43c0fd9e9db46a788ab62719bb2d0195c5d
                                • Instruction Fuzzy Hash: 7DA10270D002589FDB10CFA9C885BEDBBB2FF09314F14956AE859E7280DB749985CF45
                                Function 05863A70 Relevance: 1.8, APIs: 1, Instructions: 261processCOMMON
                                Download Yara Rule
                                APIs
                                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 05863CD7
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063457909.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5860000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID: CreateProcess
                                • String ID:
                                • API String ID: 963392458-0
                                • Opcode ID: dd76a171c88c21b102bc19a280c6a32b373411faa547036edc4ed03e8f3dfc06
                                • Instruction ID: 3b835102344c961c3d7a6ec817bee6b7c019a6eecceb867198c9922a40345ba2
                                • Opcode Fuzzy Hash: dd76a171c88c21b102bc19a280c6a32b373411faa547036edc4ed03e8f3dfc06
                                • Instruction Fuzzy Hash: 4DA1E470D002189FDB20CFA9C885BEDBBB2FF49314F14956AE859E7280DB749985CF85
                                Function 05866254 Relevance: 1.7, APIs: 1, Instructions: 172fileCOMMON
                                Download Yara Rule
                                APIs
                                • CopyFileA.KERNEL32(?,?,?), ref: 058663DB
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063457909.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5860000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID: CopyFile
                                • String ID:
                                • API String ID: 1304948518-0
                                • Opcode ID: 404389a2b1eff8e3eea38e46b60bbdcaf5dfad3b7b7c79c2c587d3694972ea82
                                • Instruction ID: 6430305023c832275b06d093c6c99dda0ff303ba5238fefaa404426be6b58a3f
                                • Opcode Fuzzy Hash: 404389a2b1eff8e3eea38e46b60bbdcaf5dfad3b7b7c79c2c587d3694972ea82
                                • Instruction Fuzzy Hash: B76102B0D003589FDB10DFAAC9857EDBBB1BF49314F249129E859E7280EB789985CF41
                                Function 05866260 Relevance: 1.7, APIs: 1, Instructions: 169fileCOMMON
                                Download Yara Rule
                                APIs
                                • CopyFileA.KERNEL32(?,?,?), ref: 058663DB
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063457909.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5860000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID: CopyFile
                                • String ID:
                                • API String ID: 1304948518-0
                                • Opcode ID: 2b890f85d2525c719ad7b5d689adf4092cc4fb9063a252e1e3ae173b10bf7669
                                • Instruction ID: 0332557c721ef04663fa93bea51e49c836b6d76fd473cc716eed236347cda341
                                • Opcode Fuzzy Hash: 2b890f85d2525c719ad7b5d689adf4092cc4fb9063a252e1e3ae173b10bf7669
                                • Instruction Fuzzy Hash: BA610270D002589FDB10DFAAC9857EDBBB1BF09314F249129E819E7280EB789985CF85
                                Function 05866734 Relevance: 1.7, APIs: 1, Instructions: 160registryCOMMON
                                Download Yara Rule
                                APIs
                                • RegSetValueExA.KERNELBASE(?,?,?,?,?,?), ref: 058668A0
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063457909.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5860000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID: Value
                                • String ID:
                                • API String ID: 3702945584-0
                                • Opcode ID: 32ad69214a54f82f64af36fb7b2b72e0a9fdabf0bf1a794179126b7dde99dba5
                                • Instruction ID: a871f257e6adb3246f0fbe6b31fbcf8e92b31e7e87ae4f6801f02542414c3368
                                • Opcode Fuzzy Hash: 32ad69214a54f82f64af36fb7b2b72e0a9fdabf0bf1a794179126b7dde99dba5
                                • Instruction Fuzzy Hash: D451D0B4D002589FDF14CFAAD985BADBBB1FF09304F14912AE819B7240EB749945CF54
                                Function 05866740 Relevance: 1.7, APIs: 1, Instructions: 157registryCOMMON
                                Download Yara Rule
                                APIs
                                • RegSetValueExA.KERNELBASE(?,?,?,?,?,?), ref: 058668A0
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063457909.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5860000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID: Value
                                • String ID:
                                • API String ID: 3702945584-0
                                • Opcode ID: cea8c1c58c8e264e89660c0e20f4af40e64e3696d93ca6479c550066ecd1c7cc
                                • Instruction ID: 2513708dae76198842f080c03973c5e97bf713e7155bbd74931ffe0c3e019386
                                • Opcode Fuzzy Hash: cea8c1c58c8e264e89660c0e20f4af40e64e3696d93ca6479c550066ecd1c7cc
                                • Instruction Fuzzy Hash: 9C51CFB4D002589FDB14CFAAD985B9EBBB1FF09304F14912AE819A7240EB789945CF44
                                Function 058664FC Relevance: 1.6, APIs: 1, Instructions: 143registryCOMMON
                                Download Yara Rule
                                APIs
                                • RegOpenKeyExA.KERNELBASE(?,?,?,?,?), ref: 05866630
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063457909.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5860000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID: Open
                                • String ID:
                                • API String ID: 71445658-0
                                • Opcode ID: 7a541aab436a098cde6e8594258330e8e2ffec8e1834b1af6487aebdd33d67ca
                                • Instruction ID: ed928384dc050bf5de06b03a2774ff1cbac12818228fd878b6bebfc682d5ee4a
                                • Opcode Fuzzy Hash: 7a541aab436a098cde6e8594258330e8e2ffec8e1834b1af6487aebdd33d67ca
                                • Instruction Fuzzy Hash: E251E0B4D002499FDF10DFAAD985BAEBBB1BF09300F249129E819A7254DB749985CF44
                                Function 05866508 Relevance: 1.6, APIs: 1, Instructions: 140registryCOMMON
                                Download Yara Rule
                                APIs
                                • RegOpenKeyExA.KERNELBASE(?,?,?,?,?), ref: 05866630
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063457909.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5860000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID: Open
                                • String ID:
                                • API String ID: 71445658-0
                                • Opcode ID: e88f6b099e0a9d58eb97a1ae52ce2b4d38674cebf6b31260635a08f8c56e1d1e
                                • Instruction ID: d543a79fd64534596b32540ff9ccae71aeb00b1b8132168a1c34a7f2e1fe0aab
                                • Opcode Fuzzy Hash: e88f6b099e0a9d58eb97a1ae52ce2b4d38674cebf6b31260635a08f8c56e1d1e
                                • Instruction Fuzzy Hash: 5F51E0B4D002499FDF10DFAAD985B9EBBB1BF09300F249129E819B7254DB749985CF44
                                Function 05864339 Relevance: 1.6, APIs: 1, Instructions: 118memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05864432
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063457909.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5860000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID: AllocVirtual
                                • String ID:
                                • API String ID: 4275171209-0
                                • Opcode ID: d99e6bc16d573d5cee897fd3495462de7802784d20a31346e5277329b4fa73d9
                                • Instruction ID: 39c31d9717e3fe7489eb45795f05ecdd43960c4e900b11f4360b9131d0e6c075
                                • Opcode Fuzzy Hash: d99e6bc16d573d5cee897fd3495462de7802784d20a31346e5277329b4fa73d9
                                • Instruction Fuzzy Hash: 0141DBB4D01248DFCF10DFA9E985AAEBBB5BF49310F10942AE819B7250DB35A905CF64
                                Function 058644E0 Relevance: 1.6, APIs: 1, Instructions: 117injectionCOMMON
                                Download Yara Rule
                                APIs
                                • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 058645BB
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063457909.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5860000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID: MemoryProcessWrite
                                • String ID:
                                • API String ID: 3559483778-0
                                • Opcode ID: 3e2d8af7b5850fae620622b8f510e573d1758ff6c68cf4d7d80df621aac7af2e
                                • Instruction ID: c54c5c057424e8c5a8018fabb4eaf11066f9f1dfc00571fa710a077e6219cf47
                                • Opcode Fuzzy Hash: 3e2d8af7b5850fae620622b8f510e573d1758ff6c68cf4d7d80df621aac7af2e
                                • Instruction Fuzzy Hash: B741AAB5D012189FCF00CFA9D984AEEFBF1BF49310F14902AE819B7210D779AA45CB64
                                Function 058644E8 Relevance: 1.6, APIs: 1, Instructions: 116injectionCOMMON
                                Download Yara Rule
                                APIs
                                • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 058645BB
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063457909.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5860000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID: MemoryProcessWrite
                                • String ID:
                                • API String ID: 3559483778-0
                                • Opcode ID: cbd3189f9ed77a6b9732bf732c431dc905e803742fa93315eeb04976a8c28eb5
                                • Instruction ID: 6d45759d5725ea020132da49756dcf511fef16be60be1eeea7ea157a7a497081
                                • Opcode Fuzzy Hash: cbd3189f9ed77a6b9732bf732c431dc905e803742fa93315eeb04976a8c28eb5
                                • Instruction Fuzzy Hash: 10419AB4D012589FCF00CFA9D984AEEFBF1BF49310F10902AE819B7210D779AA45CB64
                                Function 05864381 Relevance: 1.6, APIs: 1, Instructions: 103memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05864432
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063457909.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5860000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID: AllocVirtual
                                • String ID:
                                • API String ID: 4275171209-0
                                • Opcode ID: ed5395e5db4ddb71bd12df17d218f189c64e1bd4524148d0986f6a2b0d131816
                                • Instruction ID: d52ffe820c70a24d176d54a12c9bf663e638f746ad29d49c7e66c85ef0ced2be
                                • Opcode Fuzzy Hash: ed5395e5db4ddb71bd12df17d218f189c64e1bd4524148d0986f6a2b0d131816
                                • Instruction Fuzzy Hash: E03198B8D012589FCF10CFA9D981ADEFBB5BF49310F10942AE819B7210D735A945CFA4
                                Function 058649D0 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualProtect.KERNELBASE(?,?,?,?), ref: 05864A7C
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063457909.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5860000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID: ProtectVirtual
                                • String ID:
                                • API String ID: 544645111-0
                                • Opcode ID: c30fae572329730ceec62632820ac378bdc121f94095803ab40e77cf1275547c
                                • Instruction ID: b1202173456dcd36e54eddb26801104cb78bb5057ecf0403ad303a153b504554
                                • Opcode Fuzzy Hash: c30fae572329730ceec62632820ac378bdc121f94095803ab40e77cf1275547c
                                • Instruction Fuzzy Hash: 3A31CBB8D002589FCF10DFA9D884AEEFBB1BF49310F14902AE815B7210D739A945CF64
                                Function 05864388 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05864432
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063457909.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5860000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID: AllocVirtual
                                • String ID:
                                • API String ID: 4275171209-0
                                • Opcode ID: 98213cc8e4e27c45306231e2ce3f8e0c97c372a406bb3a0b4313a52c0a7c659d
                                • Instruction ID: a602d466d51b0452ea0f71637eac2616293036607c5bb90799330027c7419628
                                • Opcode Fuzzy Hash: 98213cc8e4e27c45306231e2ce3f8e0c97c372a406bb3a0b4313a52c0a7c659d
                                • Instruction Fuzzy Hash: 1D3187B8D012589FCF10CFA9D985ADEFBB5BF49310F10942AE819B7210D735A946CFA4
                                Function 058649D8 Relevance: 1.6, APIs: 1, Instructions: 98memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualProtect.KERNELBASE(?,?,?,?), ref: 05864A7C
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063457909.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5860000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID: ProtectVirtual
                                • String ID:
                                • API String ID: 544645111-0
                                • Opcode ID: 7973b0ed7a3301d59c89478ba40354061f5ad9679d0d181e854ab758933a51de
                                • Instruction ID: b4c26b4a381f0a258964f3446fa9090e665109468be0849a5bd2093f6a002248
                                • Opcode Fuzzy Hash: 7973b0ed7a3301d59c89478ba40354061f5ad9679d0d181e854ab758933a51de
                                • Instruction Fuzzy Hash: B031AAB9D002589FCF10DFA9D984AEEFBB1BF49310F14942AE819B7210D739A945CF64
                                Function 0593CFD0 Relevance: 1.6, APIs: 1, Instructions: 96memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualProtect.KERNELBASE(?,?,?,?), ref: 0593D074
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063927578.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5930000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID: ProtectVirtual
                                • String ID:
                                • API String ID: 544645111-0
                                • Opcode ID: 7bc031fda8aa6f17dcdf97aedc087819773d0f9a6a362358aa2873317802b228
                                • Instruction ID: bc230f73ccbc5d86628aac5f67a0dba52b8a9b6bbd10dcc5aec5c73ff6fd8c64
                                • Opcode Fuzzy Hash: 7bc031fda8aa6f17dcdf97aedc087819773d0f9a6a362358aa2873317802b228
                                • Instruction Fuzzy Hash: 3831A8B8D012089FCB10DFA9D980A9EFBB1BF49310F10942AE819B7210D735A945CFA4
                                Function 05863E21 Relevance: 1.6, APIs: 1, Instructions: 96threadCOMMON
                                Download Yara Rule
                                APIs
                                • Wow64SetThreadContext.KERNEL32(?,?), ref: 05863ED7
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063457909.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5860000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID: ContextThreadWow64
                                • String ID:
                                • API String ID: 983334009-0
                                • Opcode ID: f7d9a2ca542ba65862f17d179cda86a54a8cde603b2cb5fe500de0dd036581cf
                                • Instruction ID: 0230bb49deb9e0e488aa98c96b6040a3f0338501a6f117443fd0d997f44b573c
                                • Opcode Fuzzy Hash: f7d9a2ca542ba65862f17d179cda86a54a8cde603b2cb5fe500de0dd036581cf
                                • Instruction Fuzzy Hash: 0941BDB4D012589FCB10DFAAD885AEEFBF1BF49310F14842AE419B7240DB78A945CF64
                                Function 05863E28 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON
                                Download Yara Rule
                                APIs
                                • Wow64SetThreadContext.KERNEL32(?,?), ref: 05863ED7
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063457909.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5860000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID: ContextThreadWow64
                                • String ID:
                                • API String ID: 983334009-0
                                • Opcode ID: 788e4ed9829bc8c6203100155acbb8386cc8bf915d734dee4bebf715f8e851d7
                                • Instruction ID: b096afc58a1e247f19ee43046c32463fbc68fcef6dc097b55deb20d15f197864
                                • Opcode Fuzzy Hash: 788e4ed9829bc8c6203100155acbb8386cc8bf915d734dee4bebf715f8e851d7
                                • Instruction Fuzzy Hash: 1E31ACB4D012589FCB10DFAAD985AEEFBF1BF49310F14842AE419B7240DB78A945CF64
                                Function 058522F0 Relevance: 1.5, Strings: 1, Instructions: 276COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: (aq
                                • API String ID: 0-600464949
                                • Opcode ID: 266412c0ec6878c18f4f47e7a3cc34e135f8ae6aeb2af6f1cb4ca1548af859af
                                • Instruction ID: 5e0d57dfbb100d84c04205f2f8dc7a9af060a3c120f88827e72a560f37fd943f
                                • Opcode Fuzzy Hash: 266412c0ec6878c18f4f47e7a3cc34e135f8ae6aeb2af6f1cb4ca1548af859af
                                • Instruction Fuzzy Hash: BDA162353042009FC7169F68D954A6A7BB3FF89314F1584A9EA0ACB3A2CF35EC46DB51
                                Function 0578E789 Relevance: 1.5, Strings: 1, Instructions: 226COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: 4']q
                                • API String ID: 0-1259897404
                                • Opcode ID: f5fdf05a5600222726176da54f9401b039b1b7bd32ec21005b854ba9d0f7552f
                                • Instruction ID: fb4720730c02a332d3e8411a5156ae3efee37e4699df95fa22aacb486583515f
                                • Opcode Fuzzy Hash: f5fdf05a5600222726176da54f9401b039b1b7bd32ec21005b854ba9d0f7552f
                                • Instruction Fuzzy Hash: 9AA1FC34B50218DFCB04EFA4D8989ADBBB6FF89310F558159E806AB364DB70EC46DB50
                                Function 05856A60 Relevance: 1.5, Strings: 1, Instructions: 217COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: (aq
                                • API String ID: 0-600464949
                                • Opcode ID: 04b87e853ebb3ccf7db48806cbae583d3b34e28ff0480b3e264d2d636c1a5cc2
                                • Instruction ID: 48d1385fc95ba8821d849c28bc20161b9963256d20a34a5daf1fc7b3ca8288fb
                                • Opcode Fuzzy Hash: 04b87e853ebb3ccf7db48806cbae583d3b34e28ff0480b3e264d2d636c1a5cc2
                                • Instruction Fuzzy Hash: 5B716F71F006098FDB14DFAAD58066EBBF2FF88320FA48569D949E7354EB34AD018B51
                                Function 02E11A98 Relevance: 1.5, Strings: 1, Instructions: 201COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: #
                                • API String ID: 0-1885708031
                                • Opcode ID: 7fff1ad405c69b8d4e8695319ba7bbaf9c5e502342c5f0eadf707759f469d7cd
                                • Instruction ID: 9628a854f4a791481c97d4d7a13a03958b36eab6cb6b68507f2256a8877e497a
                                • Opcode Fuzzy Hash: 7fff1ad405c69b8d4e8695319ba7bbaf9c5e502342c5f0eadf707759f469d7cd
                                • Instruction Fuzzy Hash: FF81167494025ACFEF10CF95D8587EDBBF2FB48349F00A229D10AAB294C7785945CF65
                                Function 02E11D47 Relevance: 1.4, Strings: 1, Instructions: 170COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID: 0-3916222277
                                • Opcode ID: 2fdaf58cb7d026783c9161842a5b63a1838513754b681589a64f203383673676
                                • Instruction ID: 16766d4bf2c9650f56822132dbec3280690226af2b2cb69618f9248ddfe217d5
                                • Opcode Fuzzy Hash: 2fdaf58cb7d026783c9161842a5b63a1838513754b681589a64f203383673676
                                • Instruction Fuzzy Hash: D971187494425ACFDF10CF94D4687EDBBF1FB0830AF14A229D10AAB290C7B95985CF69
                                Function 02E11A88 Relevance: 1.4, Strings: 1, Instructions: 159COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID: 0-3916222277
                                • Opcode ID: a9d0dbf26099029afa80468f585e96fa63f48e9d8ea65900e47536c8d7aa7c85
                                • Instruction ID: 487547977bdaf7638353fa7fa95cf3bc9adb084f3e9d4245dc630340258fa52a
                                • Opcode Fuzzy Hash: a9d0dbf26099029afa80468f585e96fa63f48e9d8ea65900e47536c8d7aa7c85
                                • Instruction Fuzzy Hash: E571037094424ACFDF10CF94D8687EDBBF1FB08309F04A229C10AAA290C7B95585CF69
                                Function 02E11E59 Relevance: 1.4, Strings: 1, Instructions: 159COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID: 0-3916222277
                                • Opcode ID: 07a971ad7754ed9b1f0ea7385eeec4b420ab2ff8d57860fd75d35bafc92e06e0
                                • Instruction ID: cc1676c47604cc6af4e86337ae99f57c83e281ee6fddf953e0afc393c2815185
                                • Opcode Fuzzy Hash: 07a971ad7754ed9b1f0ea7385eeec4b420ab2ff8d57860fd75d35bafc92e06e0
                                • Instruction Fuzzy Hash: AF611770944259CFEF10CF94D8587EDBBF1FB0834AF04A229D10ABA294C7B85945CF69
                                Function 02E11AD0 Relevance: 1.4, Strings: 1, Instructions: 154COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID: 0-3916222277
                                • Opcode ID: 2090827febc1e9582ac37eed8bde9ee84ce895d790ed3bf40dde131ca0897d2f
                                • Instruction ID: db451ab37acab7f96eb28441dfa525ba64b4c9f4d49cbccac56a004768b44435
                                • Opcode Fuzzy Hash: 2090827febc1e9582ac37eed8bde9ee84ce895d790ed3bf40dde131ca0897d2f
                                • Instruction Fuzzy Hash: 3961047094025ACFDF10CF95D8687EDBBF1FB08309F04A229D10ABA290C7B85585CF69
                                Function 02E11B43 Relevance: 1.4, Strings: 1, Instructions: 154COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: #
                                • API String ID: 0-1885708031
                                • Opcode ID: b3f2ef8f971862e6f7e5a2b770f5e323a84c87fce13900cbd89bb9499bacf889
                                • Instruction ID: 3314ab119c49d851319adefc36d493aed92239ab68d6c205a9c4f6c510d3c98a
                                • Opcode Fuzzy Hash: b3f2ef8f971862e6f7e5a2b770f5e323a84c87fce13900cbd89bb9499bacf889
                                • Instruction Fuzzy Hash: 6161F670944259CFDF10CF95D8687EDBBF1FB08309F04A229D10ABA294C7B85585CF69
                                Function 05879F88 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: paq
                                • API String ID: 0-3273118895
                                • Opcode ID: ef001ce22d9b936627d658b57e8df6bb3955830179591bf8f705979dc9427e6f
                                • Instruction ID: 40ce1d4034034a8dec7b49e1cadb4923b4077219caab8764089c3474141c9ee1
                                • Opcode Fuzzy Hash: ef001ce22d9b936627d658b57e8df6bb3955830179591bf8f705979dc9427e6f
                                • Instruction Fuzzy Hash: C8516D76600104AFCB499FA8C944D6A7BF7FF8D31471A84D8E2099B372DA36DC21EB51
                                Function 0587AF48 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: (aq
                                • API String ID: 0-600464949
                                • Opcode ID: 9a40e173c1f3d3a76da503193d658b98a834a9b8d89ca9fcd8b79b71b925d679
                                • Instruction ID: ede07cc072b2baeb05c633f4a8a25b619426269c8a2ed05e339fef793711f0ff
                                • Opcode Fuzzy Hash: 9a40e173c1f3d3a76da503193d658b98a834a9b8d89ca9fcd8b79b71b925d679
                                • Instruction Fuzzy Hash: 3B51D431A0061A8FCB10CF68C884A6AFBB6FF85321F158566E925EB251D730FC51CBD1
                                Function 02E11D79 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID: 0-3916222277
                                • Opcode ID: 5c406ac9a0cd5f356f5af08251bdaf76f8e1c96b1b3c10e21f4815255154c200
                                • Instruction ID: 299e3f42a0b47a62f3a4b628c64ad81851576f9afab86d1a70c0863b8735c49c
                                • Opcode Fuzzy Hash: 5c406ac9a0cd5f356f5af08251bdaf76f8e1c96b1b3c10e21f4815255154c200
                                • Instruction Fuzzy Hash: 8E61F47494425ACFDF10CF94D4687EDBBF1FB0830AF04A229D10ABA294C7B95985CF69
                                Function 05856ED0 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: fbq
                                • API String ID: 0-3185938239
                                • Opcode ID: 9a0a282989d0237707fe326b8f9b93226db1887df51480e2f57ae01395296253
                                • Instruction ID: dd6752f5486d749c0dbf201db9b76bc74f0a4639352476f4276955333bdaa19d
                                • Opcode Fuzzy Hash: 9a0a282989d0237707fe326b8f9b93226db1887df51480e2f57ae01395296253
                                • Instruction Fuzzy Hash: F341E331B042109FC714DA69E840A6FB7EAFFC4674B54446EE909C7780DE76EC028790
                                Function 02E11C25 Relevance: 1.4, Strings: 1, Instructions: 150COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID: 0-3916222277
                                • Opcode ID: b50890c82301d53af9e27f805e832d65f1ae3851c6823befdab6fb4d65a124a6
                                • Instruction ID: 63a389879d313c50e9c0474cb2dfaaf4be6902e9098dbe179cb416fe9e4818c2
                                • Opcode Fuzzy Hash: b50890c82301d53af9e27f805e832d65f1ae3851c6823befdab6fb4d65a124a6
                                • Instruction Fuzzy Hash: 3561057094425ACFEF10CF94D4687EDBBF1FB0830AF04A229D10ABA294C7B85585CF69
                                Function 02E11B92 Relevance: 1.4, Strings: 1, Instructions: 146COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID: 0-3916222277
                                • Opcode ID: 19c8d739ee04fdc98af538eac78a418944ab491fbdfe9cd55da9d0a0115669af
                                • Instruction ID: 0891eee30a2601249a237a6cb6bac59995d63fbd6bb08201ba781c41e1420865
                                • Opcode Fuzzy Hash: 19c8d739ee04fdc98af538eac78a418944ab491fbdfe9cd55da9d0a0115669af
                                • Instruction Fuzzy Hash: 6961F57094425ACFDF10CF94D8687EDBBF1FB0834AF04A229D10ABA294C7B95585CF69
                                Function 02E11ACE Relevance: 1.4, Strings: 1, Instructions: 144COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID: 0-3916222277
                                • Opcode ID: 10e76e7cfd4fdb64c2e611d9a15e7c303132fa69834aa2a9980fa0127d3d1eb3
                                • Instruction ID: 800fd66ff9ed16fe5334ec11adecb8319d6759b474e0e3d0128ff324c2f23a39
                                • Opcode Fuzzy Hash: 10e76e7cfd4fdb64c2e611d9a15e7c303132fa69834aa2a9980fa0127d3d1eb3
                                • Instruction Fuzzy Hash: 2E61087094425ACFDF10CF94D4687EDBBF1FB0830AF04A229D10ABA294C7B85585CF69
                                Function 05851428 Relevance: 1.4, Strings: 1, Instructions: 134COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: 4']q
                                • API String ID: 0-1259897404
                                • Opcode ID: 0d98bdc35598a3ac7fec6e26032553cfa1c7d11a782c94054ef9220664628118
                                • Instruction ID: b6c360063544df04598ade8109ab21bfa8c3aecc5a5ced802dc2e0eec94d1ddf
                                • Opcode Fuzzy Hash: 0d98bdc35598a3ac7fec6e26032553cfa1c7d11a782c94054ef9220664628118
                                • Instruction Fuzzy Hash: 6E416F307506148FCB14BB65C49CABDB7BBAFC9710F504429E806AB3A4DF749C46DB91
                                Function 05877F55 Relevance: 1.4, Strings: 1, Instructions: 125COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: 8aq
                                • API String ID: 0-538729646
                                • Opcode ID: 02bb64a672b4e441fb1e95fcffd2072d582b5bd7acf77fd837a4124005fcc34a
                                • Instruction ID: 7fc7b1b828c60963bcba32d4dd0545b98315b67b43d82972f7bf89a4aa3f0d31
                                • Opcode Fuzzy Hash: 02bb64a672b4e441fb1e95fcffd2072d582b5bd7acf77fd837a4124005fcc34a
                                • Instruction Fuzzy Hash: 2C51E27090520DCFDB04CFA9E644AADBBF6FB89304F149169E829E3290D7799A46CF40
                                Function 05782289 Relevance: 1.4, Strings: 1, Instructions: 120COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: TJbq
                                • API String ID: 0-1760495472
                                • Opcode ID: ff6c5dab1d8a430996b4fb984d2090ec2c60898477964e46c808a915f9ed28d7
                                • Instruction ID: 5c0b3e65618f3287ca2e962bd974e1155f2c2ab1221dc823b2a60618fe472fb3
                                • Opcode Fuzzy Hash: ff6c5dab1d8a430996b4fb984d2090ec2c60898477964e46c808a915f9ed28d7
                                • Instruction Fuzzy Hash: AC51E478E40208DFCB14EFA9D588AEDBBB2FF49301F11806AE415A7361DB345985DF51
                                Function 05782298 Relevance: 1.4, Strings: 1, Instructions: 116COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: TJbq
                                • API String ID: 0-1760495472
                                • Opcode ID: a0dc172c835cf1f9c41bc06cf1abfb22a191723a1ac5725f348c6ccdde43b6e3
                                • Instruction ID: fda584371329acac7c56a486cd67e4d1edd9548e0d1d38df5324783b1a2fd8c7
                                • Opcode Fuzzy Hash: a0dc172c835cf1f9c41bc06cf1abfb22a191723a1ac5725f348c6ccdde43b6e3
                                • Instruction Fuzzy Hash: D151D378D40208DFCB14EFA9E588AEDBBB2FF49301F11806AE415A3361DB345985DF51
                                Function 05850E20 Relevance: 1.4, Strings: 1, Instructions: 116COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: 4']q
                                • API String ID: 0-1259897404
                                • Opcode ID: d888ce6b29d5ea659a1dff58bc1a4a23b3b359af0d05e92a3292d0d3d17cc3bf
                                • Instruction ID: 0ed00dc893e6936aa26297fffd17d1bc44e6dd517ed1ef31387e1d0aae37a3c9
                                • Opcode Fuzzy Hash: d888ce6b29d5ea659a1dff58bc1a4a23b3b359af0d05e92a3292d0d3d17cc3bf
                                • Instruction Fuzzy Hash: 94416D713406109FD308DB69C959F2A7BEABFC8714F104568E90ACB3A5DE75EC02C7A1
                                Function 05850E30 Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: 4']q
                                • API String ID: 0-1259897404
                                • Opcode ID: fa53ef1d7a825771f1332e06c6e84db1ae5235a15e29666e9d1b30e71a68d91f
                                • Instruction ID: add97206e7dc2898da9e388846564e7ba0095487c8f031ad6301ca5bfe952e50
                                • Opcode Fuzzy Hash: fa53ef1d7a825771f1332e06c6e84db1ae5235a15e29666e9d1b30e71a68d91f
                                • Instruction Fuzzy Hash: 14313B753406109FD318DB69C999F2A77EABFC8B14F204568E90A8B3A5CE75EC02C791
                                Function 0578DC01 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: 4']q
                                • API String ID: 0-1259897404
                                • Opcode ID: c55a66efaf6393d93541c86cb0b4e6d2669c455ce913621e8d5aecab43bcaf39
                                • Instruction ID: d640a743361cbef42f9d2e1a085cadfff9958264d565c3c2469b081bde37669d
                                • Opcode Fuzzy Hash: c55a66efaf6393d93541c86cb0b4e6d2669c455ce913621e8d5aecab43bcaf39
                                • Instruction Fuzzy Hash: 9D31D2317401149FCF149F98D994DAA7BB6FF8C310B1540A9EA099B3B0CE72DC16DBA0
                                Function 0593E198 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualAlloc.KERNELBASE(?,?,?,?), ref: 0593E237
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063927578.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5930000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID: AllocVirtual
                                • String ID:
                                • API String ID: 4275171209-0
                                • Opcode ID: a6cbd4f91f8f8e6acda27593f5795f9cdce4220c60372bab4924260c43ab658b
                                • Instruction ID: 8ed386e7dec1e52cfd2a6324ba7203f12a760475183d7587262fa6138fe088a4
                                • Opcode Fuzzy Hash: a6cbd4f91f8f8e6acda27593f5795f9cdce4220c60372bab4924260c43ab658b
                                • Instruction Fuzzy Hash: EE3198B8D00258DFCF10CFA9D984AAEFBB5BF49310F10942AE819B7210D735A945CF94
                                Function 0585141A Relevance: 1.3, Strings: 1, Instructions: 84COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: 4']q
                                • API String ID: 0-1259897404
                                • Opcode ID: e69d9f8d3bcf4e0ac7aa58d329b400a95d27ebbf9a3f1c8044eefc5d9b357e3d
                                • Instruction ID: 38e88ee5def3c7ca040a67964fdb8ab0983078aac38e43a992449a26e3aac6d2
                                • Opcode Fuzzy Hash: e69d9f8d3bcf4e0ac7aa58d329b400a95d27ebbf9a3f1c8044eefc5d9b357e3d
                                • Instruction Fuzzy Hash: 93216F70B102188BDB14BB69C89CBBEBBABAFC9714F544429E846DB394CFB44C05D791
                                Function 05500D6A Relevance: 1.3, Strings: 1, Instructions: 83COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2061984691.0000000005500000.00000040.00000800.00020000.00000000.sdmp, Offset: 05500000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5500000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: 4']q
                                • API String ID: 0-1259897404
                                • Opcode ID: 94020d38a6e0447389f57a338d649fb8bf77bf2614b9b921c0ca90cdeaa80b67
                                • Instruction ID: 1d022774581e6ee3b5e420bdcf38704614bfe178d713e57b7e13c0d473b43613
                                • Opcode Fuzzy Hash: 94020d38a6e0447389f57a338d649fb8bf77bf2614b9b921c0ca90cdeaa80b67
                                • Instruction Fuzzy Hash: C9317A75D0820ACFCB15CFA9C8197FEBBB1BB45311F00946AD015AB2E1D7385946CFA1
                                Function 0587EB50 Relevance: 1.3, Strings: 1, Instructions: 77COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: p<]q
                                • API String ID: 0-1327301063
                                • Opcode ID: 4d539e6bc3cd780a77d4fae9742d9acab3837e53e94b2b99bf3297115a9cb086
                                • Instruction ID: d1a789555f36d9c51126b3748996014a6de026329ee7e26c93788160e931908a
                                • Opcode Fuzzy Hash: 4d539e6bc3cd780a77d4fae9742d9acab3837e53e94b2b99bf3297115a9cb086
                                • Instruction Fuzzy Hash: 81216D703442589FDB01CF29C884AAA7FEABF8A200B094095FC45CB261CA75DC50DB60
                                Function 02E11970 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: 8aq
                                • API String ID: 0-538729646
                                • Opcode ID: b3b03e95637a29855d9cc7b45043c376f2f9b401eaa911fecfdd089100b135a8
                                • Instruction ID: 60e73c6d69f63a7cd55d1a9ee3abc41edd02b7a99e24a4e48db0dde29690fe66
                                • Opcode Fuzzy Hash: b3b03e95637a29855d9cc7b45043c376f2f9b401eaa911fecfdd089100b135a8
                                • Instruction Fuzzy Hash: CA2192317402008FC755DF69E54465977E2EF8A325F25C076E60ACB2B8DB798C46CB51
                                Function 02E119C0 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: 8aq
                                • API String ID: 0-538729646
                                • Opcode ID: 1f82d2359b9ba672b498b3e4283de6c0c908a4eed25c21c7d36a335ed06f7fca
                                • Instruction ID: 3b5b8c42bd768bc5f211438257da36453b1bb95c1da3941c8473dad90ffd0318
                                • Opcode Fuzzy Hash: 1f82d2359b9ba672b498b3e4283de6c0c908a4eed25c21c7d36a335ed06f7fca
                                • Instruction Fuzzy Hash: 9611C6313442449FD711DF6AE944B5677A6EBCA310F14C076D20ECB2A9DB7D8C45CB61
                                Function 02E119D0 Relevance: 1.3, Strings: 1, Instructions: 50COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: 8aq
                                • API String ID: 0-538729646
                                • Opcode ID: a564e89fc828f70b48658e38ecef41421392628a456240e424b05fddfb7c3ce0
                                • Instruction ID: 8f8c0730a35dd455bc2d94fe051d892423038d2a281ff58bc685a2a8c668a494
                                • Opcode Fuzzy Hash: a564e89fc828f70b48658e38ecef41421392628a456240e424b05fddfb7c3ce0
                                • Instruction Fuzzy Hash: 200192313401049FD714DE2BE544B5A77A6EBCA325F14D075E20E8B2A8DB7D9C45CB51
                                Function 0585F6E2 Relevance: 1.3, Strings: 1, Instructions: 40COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: +tfa
                                • API String ID: 0-211659328
                                • Opcode ID: a8fca4f43c6a478d3baea41cb0ecb8835f92ce30b03013b867453ff3a12aed0d
                                • Instruction ID: 1e4b708708bbb76a42139f042f0b0e44c3f30f112f8c4e2d7ee248b649f86c1f
                                • Opcode Fuzzy Hash: a8fca4f43c6a478d3baea41cb0ecb8835f92ce30b03013b867453ff3a12aed0d
                                • Instruction Fuzzy Hash: 2311FE74A40218CFDB64DF28E949B9977F5FB48304F1081A5D806EB390DB799E81CF80
                                Function 05BD56F5 Relevance: 1.3, Strings: 1, Instructions: 40COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2064640113.0000000005BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BD0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5bd0000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: =
                                • API String ID: 0-2322244508
                                • Opcode ID: 719ba2aaa6a401ae956a9283fbb0c040cb07a2f0d93a88e19642816d5aa23e67
                                • Instruction ID: 219e0f58b59522333bd7c9c8e77d5ba00ae486064cb8350aca35fc3cde150470
                                • Opcode Fuzzy Hash: 719ba2aaa6a401ae956a9283fbb0c040cb07a2f0d93a88e19642816d5aa23e67
                                • Instruction Fuzzy Hash: 1D11F174A0222ACFDB28DF54C949B9AB7F1FB49300F1040F9E519A3654E7786E85CF11
                                Function 0585E4AF Relevance: 1.3, Strings: 1, Instructions: 38COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: $
                                • API String ID: 0-3993045852
                                • Opcode ID: 4c88f9287bed3da6a121e46fcc9ad763b782d3a2c8f6233f7948cc66ae2b325e
                                • Instruction ID: 501bc6e95dcb579d7147213b1841faf4e72dca5d22650c98e2e20c4697e884ef
                                • Opcode Fuzzy Hash: 4c88f9287bed3da6a121e46fcc9ad763b782d3a2c8f6233f7948cc66ae2b325e
                                • Instruction Fuzzy Hash: 14110970A44118CFDB64DF28E999BA977F1FB49304F5081E9D80AEB290DB399E81CF40
                                Function 058772A0 Relevance: 1.3, Strings: 1, Instructions: 37COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: Te]q
                                • API String ID: 0-52440209
                                • Opcode ID: b260e96fd5067aeced11e6d833e330f93d00f662df449ee2d3af83e1e270d6fb
                                • Instruction ID: 7c641d60e84168e667c1069e7c8f7ffb663c6fcc8a1fdb49ac85b011fcbd7019
                                • Opcode Fuzzy Hash: b260e96fd5067aeced11e6d833e330f93d00f662df449ee2d3af83e1e270d6fb
                                • Instruction Fuzzy Hash: 6111CE74A0121D8FCB24DF68E491B9DBBB2BB59300F6045AAE809A7290DB746E85CF51
                                Function 0585F0DE Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: #
                                • API String ID: 0-1885708031
                                • Opcode ID: 59b0309eb72b5bc16167adbaa3f8e16d8f5bb53bd4233b19c3147f259307d45f
                                • Instruction ID: cb3fc86f3cc8f2759c01e8fd8cdce4b1cbcff4bd52713bd3ffdf8218e8087e0d
                                • Opcode Fuzzy Hash: 59b0309eb72b5bc16167adbaa3f8e16d8f5bb53bd4233b19c3147f259307d45f
                                • Instruction Fuzzy Hash: 43013170A842588FC714EF24E99DB9977F1FB58304F2141A6981E97290DB785E40CF80
                                Function 0585EBBB Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: !
                                • API String ID: 0-2657877971
                                • Opcode ID: 68e01a0e7d13b6b10546ad19eaa93b69fc636e8182b35e038394d9b3daa3df10
                                • Instruction ID: 91c41a87e2635b68edc5a7cfa4c9361472a52fd40dffed6f83b1a78d272bcbe4
                                • Opcode Fuzzy Hash: 68e01a0e7d13b6b10546ad19eaa93b69fc636e8182b35e038394d9b3daa3df10
                                • Instruction Fuzzy Hash: 3B01EC70A04258CFC764DF68E959BA977F5FB48304F5041BA980ABB291DB389D40CF55
                                Function 05873CB4 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: o
                                • API String ID: 0-252678980
                                • Opcode ID: 1f4aec63ce6c5560ac8a2ee013b887e64fa604d534b7dbe9953980f02deb79d8
                                • Instruction ID: b3a9764030897baabc6a217f4678afc664fb4f6e53ed3e7cd791902a167555c2
                                • Opcode Fuzzy Hash: 1f4aec63ce6c5560ac8a2ee013b887e64fa604d534b7dbe9953980f02deb79d8
                                • Instruction Fuzzy Hash: 4FF06C74D107ACCFDBA1DF14C8587AABBB6BB08306F0485E9D819A6294DB358F848F11
                                Function 058734B5 Relevance: 1.3, Strings: 1, Instructions: 10COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: /
                                • API String ID: 0-2043925204
                                • Opcode ID: 8834fa0a996b723e3df73214ef7782364b7b8d502cf13ba3769d1b0641934e87
                                • Instruction ID: 472dca333881166c5ebd677bf4cc1fe784df291b8341cc3a5a15bba1466ddc1d
                                • Opcode Fuzzy Hash: 8834fa0a996b723e3df73214ef7782364b7b8d502cf13ba3769d1b0641934e87
                                • Instruction Fuzzy Hash: 76D0923080022DCFCB60DF24D998B997BB6EB04309F1046A5980AAB265DB799E88CF01
                                Function 057871D8 Relevance: 1.3, Strings: 1, Instructions: 10COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: Z
                                • API String ID: 0-1505515367
                                • Opcode ID: 3a6d1ab7c7e6b7dd38a56661d51bd4b1874df6ab415bca0e15f0a09f85309815
                                • Instruction ID: 5ed05e34feb21a2d99ab31b683a016e1937e159c4f767e6b23c016065ecd7878
                                • Opcode Fuzzy Hash: 3a6d1ab7c7e6b7dd38a56661d51bd4b1874df6ab415bca0e15f0a09f85309815
                                • Instruction Fuzzy Hash: E4D06C74A152288BEB25DB24D898B9DBBB1BB48340F1051DAD408B3350D330AF84CF08
                                Function 05854940 Relevance: .7, Instructions: 659COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e3717a9a5fe40154653dca9eace7cfcf134e81813172a97d33177342be5bacd9
                                • Instruction ID: 1eb945ad6e0c338c3101572bb1d6273883997fe6089a0e5035c4135abd5e5c21
                                • Opcode Fuzzy Hash: e3717a9a5fe40154653dca9eace7cfcf134e81813172a97d33177342be5bacd9
                                • Instruction Fuzzy Hash: FA420A35A00219DFCB14DF68C984E99BBB2FF89310F1585A9E909AB271DB31ED85DF40
                                Function 05851668 Relevance: .4, Instructions: 437COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5f61f0812f1dfe19c7907e9c46090c30fc1d0ba406a89a8265e9a044a5470d75
                                • Instruction ID: d47c19458608b69b2bada5b2315f3c67ef62e41d093c57cf262c41c3a4638a2b
                                • Opcode Fuzzy Hash: 5f61f0812f1dfe19c7907e9c46090c30fc1d0ba406a89a8265e9a044a5470d75
                                • Instruction Fuzzy Hash: 4E12EC34B102198FCB14EF64C998BADB7B2BF89310F5185A8D94AAB355DF30ED85CB50
                                Function 05855670 Relevance: .3, Instructions: 267COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 947d3e27e2bf4bdea18cacdf21dce9a9a46a1f76e4745c2d0f683e626690de24
                                • Instruction ID: e7a826783feb69a1307910c4006159107ba45fd84de4afaded9086d3c1e939aa
                                • Opcode Fuzzy Hash: 947d3e27e2bf4bdea18cacdf21dce9a9a46a1f76e4745c2d0f683e626690de24
                                • Instruction Fuzzy Hash: 82A1AE31A046549FCB25CB28C494A3ABBF2BF85324F19856DEC9ACB791DB34EC41CB51
                                Function 05851658 Relevance: .3, Instructions: 256COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7770065eba3ade950a82d2001d8c34f48a9be48980854c4afc0c8d895b08ceda
                                • Instruction ID: a5d9c9a2c517b98b284693fc73eafb156cae3a0d1ff7c18b374bfa54bae7e915
                                • Opcode Fuzzy Hash: 7770065eba3ade950a82d2001d8c34f48a9be48980854c4afc0c8d895b08ceda
                                • Instruction Fuzzy Hash: E2B12B34B002148FDB14DF68C998BA9B7B2BF89310F5085A8E94AAB355DF35DD85CF50
                                Function 05852610 Relevance: .2, Instructions: 221COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 20a2f35fd4ad75ac1fe04960e48734433a25617abf7592fe1629527271e9b2a8
                                • Instruction ID: 34c47227be9fe96fee791d053dc6be575660a09630cec17848265cf58229a7e4
                                • Opcode Fuzzy Hash: 20a2f35fd4ad75ac1fe04960e48734433a25617abf7592fe1629527271e9b2a8
                                • Instruction Fuzzy Hash: 83812B347502149FCB14EF68D898A6DBBB6BF89710F1441A9E906DB3A5CF34EC45CB90
                                Function 0587B6B8 Relevance: .2, Instructions: 219COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 87025752ebe526d50c1d15dbba43c1b640284f2a2ba8160fd01a8ecbcbd57290
                                • Instruction ID: 857ea6f2bdb0727f95f8f49dba8f02c0cd7170b2e788b8d80d31f77ab11833e1
                                • Opcode Fuzzy Hash: 87025752ebe526d50c1d15dbba43c1b640284f2a2ba8160fd01a8ecbcbd57290
                                • Instruction Fuzzy Hash: EA818B35B152088FCB14CFA8D489AADBBF2FF88252F10406AE816E7390EB35DD41DB50
                                Function 05788600 Relevance: .2, Instructions: 212COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 76493782bde7865ef6fab3cdc1f22385b2c9ce6df833cb4bc6c9e6d6a2016882
                                • Instruction ID: c216b3e781d1c7483c69dc6bd438dfd63618dafed8495eb9f6ad654a486a0d42
                                • Opcode Fuzzy Hash: 76493782bde7865ef6fab3cdc1f22385b2c9ce6df833cb4bc6c9e6d6a2016882
                                • Instruction Fuzzy Hash: 3B913674E45219DFCB10EFA8D544ABDBBB2FF49300FA0842AE406AB394DB345985DF52
                                Function 02E1F810 Relevance: .2, Instructions: 208COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 97ac296b0b168a78476628b5d439d930b94d54486315287cb06a1954db28e30f
                                • Instruction ID: 834983b180cfe2502e1b794f88677fd12dac02bca3f8eba4b310d26a117d9ec9
                                • Opcode Fuzzy Hash: 97ac296b0b168a78476628b5d439d930b94d54486315287cb06a1954db28e30f
                                • Instruction Fuzzy Hash: 5B813575A406188FCB14DFA8C48499EBBF5FF88314B1581AAE816DB774DB34ED42CB90
                                Function 02E116F4 Relevance: .2, Instructions: 186COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6bbb8ad601eb23860fedbb1e2ac5ab4294fe2a834ca9cb517d59bdc41e99cafd
                                • Instruction ID: 768df1deae441cf091c0198eef8ae3726bc52a31113a72eff884375443f1d298
                                • Opcode Fuzzy Hash: 6bbb8ad601eb23860fedbb1e2ac5ab4294fe2a834ca9cb517d59bdc41e99cafd
                                • Instruction Fuzzy Hash: DE510531B841448FD711CE35A5187AA3BE2EFC7314F28D0B5D6498F29AEB798847CB52
                                Function 0585AA6A Relevance: .2, Instructions: 175COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 03ba8ab494add6ef19aa65aaa60d1520409ff4f2b64e767ddc4a8e215d9d8e35
                                • Instruction ID: dc508ffe719689cf474a665aa067a83b87924748e9ad0153349885065dd5dd3b
                                • Opcode Fuzzy Hash: 03ba8ab494add6ef19aa65aaa60d1520409ff4f2b64e767ddc4a8e215d9d8e35
                                • Instruction Fuzzy Hash: 18810674E04218CFDB68CFA8D584BADBBF2FB48315F5041AAD80AA7291CB385D85CF11
                                Function 05852600 Relevance: .2, Instructions: 162COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0bd9227587d7746ca6cc391a9249425defda35084912dbc12e4d1bfea492bae1
                                • Instruction ID: 5b46f0aff021d84d831a238ba43a4173923658d3d41db1027f16e483758221d9
                                • Opcode Fuzzy Hash: 0bd9227587d7746ca6cc391a9249425defda35084912dbc12e4d1bfea492bae1
                                • Instruction Fuzzy Hash: FD611C34B10114DFCB14EF68C898A6DB7B6BF89710F148169E906EB3A5CB30EC45DB90
                                Function 05BEAD10 Relevance: .2, Instructions: 162COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2064640113.0000000005BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BD0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5bd0000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2685857a79188b38f9e2d7cc2c9eb13cb50110283a91764783c889deb8680806
                                • Instruction ID: 76e73cb1acc5bdb1652711ebc98fa35019dc6aa3a3ad5b8f61a77c4405c6a668
                                • Opcode Fuzzy Hash: 2685857a79188b38f9e2d7cc2c9eb13cb50110283a91764783c889deb8680806
                                • Instruction Fuzzy Hash: B9611874E14219DFCB04DFA8D889AEDBBBAFF89301F54806AE406A7394DB346945CF50
                                Function 0578E368 Relevance: .1, Instructions: 143COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c67904ab3f52ce0890a8fca1654e0b669cfcb282ccdb516c2f26c4056bde1817
                                • Instruction ID: 26f860913c4dcfa92eff7942f2e98b7d3a53cc18b36e6eed5ee0d9a0d6310fcd
                                • Opcode Fuzzy Hash: c67904ab3f52ce0890a8fca1654e0b669cfcb282ccdb516c2f26c4056bde1817
                                • Instruction Fuzzy Hash: CD519234B106099FCB04EF64E458AAD7BB6FFC8711F00811AF50A97364DF74A94ADB91
                                Function 02E14E08 Relevance: .1, Instructions: 143COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 89d58ef28d04c7bcb1768b9b78cdb084aaa3467037bc3e05b52f1a5c8161cec0
                                • Instruction ID: 5a2cd5aed90a2e2315ef2706b843fc7f29edbd19ee7721b9e5bffefc2d22f0a5
                                • Opcode Fuzzy Hash: 89d58ef28d04c7bcb1768b9b78cdb084aaa3467037bc3e05b52f1a5c8161cec0
                                • Instruction Fuzzy Hash: 2751AA71B801008FD715CF69E544BAAB7B2FB88318F24D1B6E4098B7A9D7359D41CB90
                                Function 05788D98 Relevance: .1, Instructions: 138COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0dff51054fd8bb2ed63ca8cdc97e329f952c6a9b4415bded73f03b3f7a8c60fb
                                • Instruction ID: 4f64f5057d60f38a4c227aec9fdf8f1ec66c37a1877a8d62bb8aa68c04d5d8d0
                                • Opcode Fuzzy Hash: 0dff51054fd8bb2ed63ca8cdc97e329f952c6a9b4415bded73f03b3f7a8c60fb
                                • Instruction Fuzzy Hash: 1B51BFB8E54259DFCB04EFA8D4849ADBBB2FF49300F50482AE806EB365DB345945DF21
                                Function 0585C057 Relevance: .1, Instructions: 138COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7a674927a473e21806b163c7675ce4b18831b1c73c94e75f9e812db8420cb2b0
                                • Instruction ID: 2ca62bd2ebbec4a3d7abb52380fb0954e8b1d61d4c448895e36008095f53704e
                                • Opcode Fuzzy Hash: 7a674927a473e21806b163c7675ce4b18831b1c73c94e75f9e812db8420cb2b0
                                • Instruction Fuzzy Hash: C851A674E002289FDBA4CF68D895BE9BBB1FB49314F5081E9D90DA7380DA755E84DF10
                                Function 05788DA8 Relevance: .1, Instructions: 137COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3fb2ee4a89e470eb48182e08f47606679ad9c276b132454d80b9a28ddc58c8f0
                                • Instruction ID: 82d6d3e23b035181fde2b2765142e704428fa446ca704c31ef5dee4dd7eded57
                                • Opcode Fuzzy Hash: 3fb2ee4a89e470eb48182e08f47606679ad9c276b132454d80b9a28ddc58c8f0
                                • Instruction Fuzzy Hash: 5451BEB8E54259DFCB04EFA8D4849ADBBB2FF49300F50482AE806EB365DB345941DF61
                                Function 0585C0DC Relevance: .1, Instructions: 127COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5bb059fd6ed610318578b8b9126470f74e1f80d13ca9cce1dd999aacda9ec497
                                • Instruction ID: c16eb2e6371590d0c8af94b6fdd8413855c6a3e258d877d9df8c40e15d43460b
                                • Opcode Fuzzy Hash: 5bb059fd6ed610318578b8b9126470f74e1f80d13ca9cce1dd999aacda9ec497
                                • Instruction Fuzzy Hash: B05190B4E002289FDBA8CF58CC94BEDBBB1BB48314F5085E9D90DA7280DA755E84DF00
                                Function 0585C619 Relevance: .1, Instructions: 127COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d8dd9fbb930f46f9cfa498279ce61e43551b07ea6d0dd1160ce6dec78e8306a1
                                • Instruction ID: d38cb9cd7e2920cf768b911ccde3e3c10cfbe60441bb9c58bf85f7d7c1789d15
                                • Opcode Fuzzy Hash: d8dd9fbb930f46f9cfa498279ce61e43551b07ea6d0dd1160ce6dec78e8306a1
                                • Instruction Fuzzy Hash: 945194B0E002289FDBA8CF58DC95BE9BBB1BB49310F5081E9D909A7380DA745E84CF00
                                Function 05855508 Relevance: .1, Instructions: 122COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: bbd95749c6d583e90e88f4e8612fa225a48349d2b77f4e49b5de87730f0dc693
                                • Instruction ID: 77667c66cf4951a86100e5becaf1bd24dacbaa216e453edbe668c9df8ba30313
                                • Opcode Fuzzy Hash: bbd95749c6d583e90e88f4e8612fa225a48349d2b77f4e49b5de87730f0dc693
                                • Instruction Fuzzy Hash: D641CE70B047548FCB60CB78D5442AFBBF2FF84620F44886ED85AC7A54DA34E945CB81
                                Function 0585C7EA Relevance: .1, Instructions: 122COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a28d5856e88cfcd47c5a229612452f4864a0bbee142fb21e924b3b187a7a926c
                                • Instruction ID: 751c5af24696ffb9ee2cea08fb8c335ff3589dd17717bc1888ef6f74dd2be591
                                • Opcode Fuzzy Hash: a28d5856e88cfcd47c5a229612452f4864a0bbee142fb21e924b3b187a7a926c
                                • Instruction Fuzzy Hash: AC519274E002289FDBA8CF58DC94BE9BBB1BB49311F5481A9D90DA7380DA755E84DF00
                                Function 05851D00 Relevance: .1, Instructions: 121COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f244fee24a7ba08b4eb30ea0ffa8db7c2382f3000e03fe57467b5135d657b129
                                • Instruction ID: 68ee19caeaa629f26d7d81fc01a32bcd6d62010e50eadec836c5248b1fc1432d
                                • Opcode Fuzzy Hash: f244fee24a7ba08b4eb30ea0ffa8db7c2382f3000e03fe57467b5135d657b129
                                • Instruction Fuzzy Hash: E3419D30A006158FCB15CF98D584A6ABBF5FF84310F49C979D849DB229D735EC85CBA0
                                Function 05855A7F Relevance: .1, Instructions: 118COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: bfb354a127f60bc7197bad11655df2abdf76184a426789a566f3a008d2b49b21
                                • Instruction ID: c61191b8ab23111ec9525623e9f20cbcf5e74b05c5a4e17d80ef4f1e151d138f
                                • Opcode Fuzzy Hash: bfb354a127f60bc7197bad11655df2abdf76184a426789a566f3a008d2b49b21
                                • Instruction Fuzzy Hash: 4241D231B04609AFCB15DF68C845B9EBBB6FF86710F10416AE95AEB390DB30A905CB51
                                Function 05855938 Relevance: .1, Instructions: 117COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: aad40ca2b4f6a64c87264ca01da78e61dc562626b9e26aebabd5f3d4ad1e14b9
                                • Instruction ID: 0769cab13369f4a9232dfbd9aeb7dfcd57964f5089c357a9037b0b55cc971a12
                                • Opcode Fuzzy Hash: aad40ca2b4f6a64c87264ca01da78e61dc562626b9e26aebabd5f3d4ad1e14b9
                                • Instruction Fuzzy Hash: C1418D75A04B449FCB21CF69C844A6ABBF2BF88310F18895ED986D7A51DB34F904CF61
                                Function 0578CAA6 Relevance: .1, Instructions: 114COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 18564c8d75d4a557cbc221f2ea7dd76726d9e6a18f9df963381ca5fc1d2f4bc3
                                • Instruction ID: 4518061bb3c1f7858a41271caa6eb0c766ac0c394e18deddf70d7f516b4c0f03
                                • Opcode Fuzzy Hash: 18564c8d75d4a557cbc221f2ea7dd76726d9e6a18f9df963381ca5fc1d2f4bc3
                                • Instruction Fuzzy Hash: E451D3B4E01208DFDB19DFB9D594AEDBBB2BF88304F24812AE409AB350DB359941CF50
                                Function 0585C5CE Relevance: .1, Instructions: 112COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4bcee1597d9a8dffd4b4edc3035f7a462192e9187091c401272d4237278302dc
                                • Instruction ID: e0cc1e951913f6e83f892069fcc8b17f45659cacc56b9a714607ab7b09f88069
                                • Opcode Fuzzy Hash: 4bcee1597d9a8dffd4b4edc3035f7a462192e9187091c401272d4237278302dc
                                • Instruction Fuzzy Hash: 2251C370E043289FDBA8CF58D894BE9BBB1FB49314F5441EAD909A7281DB705E84CF00
                                Function 0585C43F Relevance: .1, Instructions: 111COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 85c1201e31f62437aafb12d732d1ab5a5cca9914468bbfcfba374f9dde852f74
                                • Instruction ID: 9b06eb7961c2b137d43f04198f04871686f7396e51a70a1f963b654bae5650d7
                                • Opcode Fuzzy Hash: 85c1201e31f62437aafb12d732d1ab5a5cca9914468bbfcfba374f9dde852f74
                                • Instruction Fuzzy Hash: 7C519270E012289FDBA4CF98DC95BE9BBB1BB49314F5041EAD90DA7290DB745E84CF00
                                Function 0585C726 Relevance: .1, Instructions: 111COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 088bf02f02e0716533a4e5d4ab9f72742080084a62a8bf4cc0451cba72695b43
                                • Instruction ID: 4f63d794e7522392a3a2ecb943a598d55a05a614edefb6e55b478975d617de64
                                • Opcode Fuzzy Hash: 088bf02f02e0716533a4e5d4ab9f72742080084a62a8bf4cc0451cba72695b43
                                • Instruction Fuzzy Hash: 9A5191B0E002289FDBA8CF58DC94BE9BBB1BB49315F5081A9D90DE7380DA755E84DF00
                                Function 0585C93C Relevance: .1, Instructions: 107COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 62aea51e4706c66a576d2e493ce94d0b99d52154f3419c96f1e439640ded3f00
                                • Instruction ID: d1ae08d62c109326fe40bedaec431fd991166e42e7264599151b9fce199efb62
                                • Opcode Fuzzy Hash: 62aea51e4706c66a576d2e493ce94d0b99d52154f3419c96f1e439640ded3f00
                                • Instruction Fuzzy Hash: 3A51A571E002289FDBA8CF58D895BE9BBB1FB49314F5041E9D90DA7280DB745E84CF00
                                Function 0585C179 Relevance: .1, Instructions: 107COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 317429f0fb7e4e1213691ea69b38d6ec40c1ab38f00ef5caeae19d57902a2bcd
                                • Instruction ID: 889fa2b97f770c76b7ccab1abb7775b466d1581c9509f8df3d04a433e7e96ac5
                                • Opcode Fuzzy Hash: 317429f0fb7e4e1213691ea69b38d6ec40c1ab38f00ef5caeae19d57902a2bcd
                                • Instruction Fuzzy Hash: 1851A3B4E002289FDBA8CF58D895BE9BBB1FB49314F5081E9D90DA7280DB745E84CF00
                                Function 0585C8CA Relevance: .1, Instructions: 104COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 62221df09f4d7cdaed169548baa579fc74245960925b8c5709143313ecaff359
                                • Instruction ID: e6912274104d9c20082daff652b3412cd2c099cc06cb37d4f75867a20a1c50b8
                                • Opcode Fuzzy Hash: 62221df09f4d7cdaed169548baa579fc74245960925b8c5709143313ecaff359
                                • Instruction Fuzzy Hash: D34192B0E002289FDBA8CF58D895BE9BBB1FB49314F5081E9D90DE7280DA755E84CF00
                                Function 05BEFD68 Relevance: .1, Instructions: 103COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2064640113.0000000005BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BD0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5bd0000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 27212080641853028dedf12a9ec6f1d7ef7550863b3c8b9bc1c6b1ce13f45677
                                • Instruction ID: 03ce75f7190aa05fc18dde5642c987803c4aab5bcd0f7cf7f90d97a22d78e33b
                                • Opcode Fuzzy Hash: 27212080641853028dedf12a9ec6f1d7ef7550863b3c8b9bc1c6b1ce13f45677
                                • Instruction Fuzzy Hash: 2031F3366101049FCB05CF68D989EA9BBB2FF48320B1680A9FA099B372D731ED55DB40
                                Function 0587BB68 Relevance: .1, Instructions: 101COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7f876738d42a6e6a44c53183a084f0cc6bff426dd7ede25bfa1bcafb9986ada3
                                • Instruction ID: 5a5628470b02b9d4ad0baf9fa605061948ffd799005a87fdbfbf3d8fa56bbd3a
                                • Opcode Fuzzy Hash: 7f876738d42a6e6a44c53183a084f0cc6bff426dd7ede25bfa1bcafb9986ada3
                                • Instruction Fuzzy Hash: 64416B71A002198FDB14CFA5C944ABEBBB2FF88315F108479E91AE7291EB34DD45CB91
                                Function 0585C7A3 Relevance: .1, Instructions: 98COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e30e9126a72a2a8a8de81371e8736c653ba7c699ad948c64b87f552e30697bc1
                                • Instruction ID: bff4947283c3e43f1eaa40719d1bf1b09516c75dd55c88a3520239ea4d63f772
                                • Opcode Fuzzy Hash: e30e9126a72a2a8a8de81371e8736c653ba7c699ad948c64b87f552e30697bc1
                                • Instruction Fuzzy Hash: B2418475E002289FDBA8CF98DC95BE9BBB1BB49314F5081E9D90DA7280DA755E84DF00
                                Function 0585C238 Relevance: .1, Instructions: 96COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6ecb17e638b813fb5afd4df9bc023bcbd0f18e618260c1c71a54d5445860b54a
                                • Instruction ID: 327dcc1ac329c72f0c828d78273f945cb85f4c949adc539828d424c90054f013
                                • Opcode Fuzzy Hash: 6ecb17e638b813fb5afd4df9bc023bcbd0f18e618260c1c71a54d5445860b54a
                                • Instruction Fuzzy Hash: 3F41A2B4E002289FDBA8CF58CC95BE9BBB1BB49315F5081E9D90DA7280DA715E84DF00
                                Function 0587C522 Relevance: .1, Instructions: 95COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e7bb302621b2769ed0cdb2ed5e334caf567ef8ccee5d3f12402dd93ba816369d
                                • Instruction ID: 9becba6b76f34907ae9d38145a770ced9cabf45a5167c91de253674fd9b9ecfb
                                • Opcode Fuzzy Hash: e7bb302621b2769ed0cdb2ed5e334caf567ef8ccee5d3f12402dd93ba816369d
                                • Instruction Fuzzy Hash: 3C41F574A112288FEB24DB28CC95F99B7B1FB49710F1041D9EA09EB391DA31ED81CF54
                                Function 05877D40 Relevance: .1, Instructions: 95COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 57bb6694ac9cd645905a1393a89bce9e4aefae6ce771052bc370d132f6fa3dd2
                                • Instruction ID: 5d641d76c0fe6713680226c778e91067120f070ea0dd5d2224c848c04e87953e
                                • Opcode Fuzzy Hash: 57bb6694ac9cd645905a1393a89bce9e4aefae6ce771052bc370d132f6fa3dd2
                                • Instruction Fuzzy Hash: 0041F274E042099FDB04CFAAD940AAEBBF2FB88304F14846AD819E3254D7789E45CF50
                                Function 0585C0BB Relevance: .1, Instructions: 95COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e7bbd9d3e33f03cde5c7e5215710f56caeb94d74400d4e5c9fec99c8b70d6356
                                • Instruction ID: bde503b96b205bc0a99bb2c236e6b377802890f7ad183d13ca5d36a7a3defa1d
                                • Opcode Fuzzy Hash: e7bbd9d3e33f03cde5c7e5215710f56caeb94d74400d4e5c9fec99c8b70d6356
                                • Instruction Fuzzy Hash: 6E4182B4E002289FDBA8CF58DC95BE9BBB1BB49314F5081E9D90DA7290DA755E84CF00
                                Function 05852917 Relevance: .1, Instructions: 94COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5e7108f3cff5145d8a1cf750bfb582ffd7cba444df483ecef432c8f6fd23afc2
                                • Instruction ID: b251f1e21967e7566a73ba325bc0269fb4e2c8b71f85dcb90e101c42a86ad52c
                                • Opcode Fuzzy Hash: 5e7108f3cff5145d8a1cf750bfb582ffd7cba444df483ecef432c8f6fd23afc2
                                • Instruction Fuzzy Hash: 62313C39A002199BCF14DFA4D855AEEB7B6FF88310F148065ED02B7394DB359D15CBA0
                                Function 05853690 Relevance: .1, Instructions: 94COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0fb0aa0babab1e1d3bd00ff2601c0bf831d329de696fd529ee0c198177188cb6
                                • Instruction ID: d980c14a29bfd20b88c9dc67562fc19875d953ea6d8fe9f463b92467b1e2d4db
                                • Opcode Fuzzy Hash: 0fb0aa0babab1e1d3bd00ff2601c0bf831d329de696fd529ee0c198177188cb6
                                • Instruction Fuzzy Hash: E531D975B047458FC701EF74C8549AEBBB5EF4A300B0145AAD945D7361FB34AE0ACBA2
                                Function 05877D50 Relevance: .1, Instructions: 93COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ad962d7b3becd1506caf03f35290f7a83317f896b13b05037bd4bee968efdc30
                                • Instruction ID: 1fdda34915994342683d861de03e94e5f05c4e1cd2bdeedd8737c2fdab2481db
                                • Opcode Fuzzy Hash: ad962d7b3becd1506caf03f35290f7a83317f896b13b05037bd4bee968efdc30
                                • Instruction Fuzzy Hash: E231E174E042099FDB04CFAAD544AAEBBF2FB88304F14846AE819E7354D7799E45CF90
                                Function 0587AC60 Relevance: .1, Instructions: 93COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: aaf5724d9caf792b6938b585cbec1fa2767437dbdf1fc5c7110c1494ae082013
                                • Instruction ID: bb0918ebec9d86033b8c4e21df603bbe0bdfab1d0c2d8e07357eaa3ebeb7c5fb
                                • Opcode Fuzzy Hash: aaf5724d9caf792b6938b585cbec1fa2767437dbdf1fc5c7110c1494ae082013
                                • Instruction Fuzzy Hash: 6631E3766092849FC702CF28E8A6A997FB4EF56200B5444FED444CB3A2DA3ADD05CB61
                                Function 02E1506C Relevance: .1, Instructions: 91COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c9b8008a0b75431bb3c77f089d8f2b438175d1ebe0ee339355a5b7ff91ccaf74
                                • Instruction ID: 5d9af88b08cd54f5c376b0483bde6ce36d92cded1e648aedd79eec3421cd296a
                                • Opcode Fuzzy Hash: c9b8008a0b75431bb3c77f089d8f2b438175d1ebe0ee339355a5b7ff91ccaf74
                                • Instruction Fuzzy Hash: 7841C375A40208CBDB14CFA8D594BDDB7F2EB88310F649179D50AA7358C3799D81CFA1
                                Function 0585B702 Relevance: .1, Instructions: 91COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 938f50521d978e1da46f4c2210911544610a3a7b65471791660b4ac15eccf799
                                • Instruction ID: 10fe4b1db72b92e5b33720ffc4ade0c62c89829118dfd817a4b5dc6c7eb0f359
                                • Opcode Fuzzy Hash: 938f50521d978e1da46f4c2210911544610a3a7b65471791660b4ac15eccf799
                                • Instruction Fuzzy Hash: 0D310574D052199FDB04CFA9D485AEEBBF6FB98315F10802AE806F3290D7395A44CF90
                                Function 05876328 Relevance: .1, Instructions: 88COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: cacf8a0213b2d47e80182a019617a893c1643a6c7ca083737772e0cf0ea2550f
                                • Instruction ID: 1e2719087a32f06ec1c0a38ba4cc549a3e4451603dffab60d90ad939457900d6
                                • Opcode Fuzzy Hash: cacf8a0213b2d47e80182a019617a893c1643a6c7ca083737772e0cf0ea2550f
                                • Instruction Fuzzy Hash: 5631F070D0561D9BDB04CFAAD544BEEBBF2FB49318F10802AE805B7290E7759944CB61
                                Function 0585B710 Relevance: .1, Instructions: 88COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2a43c910f4e66ade37bb7c76894330cd75bc2f4d64451ba7b628fd46f8ffdb7a
                                • Instruction ID: f256b6ca536cbcacead60b02d881c31780477b0ab3a9540955f368904b50338f
                                • Opcode Fuzzy Hash: 2a43c910f4e66ade37bb7c76894330cd75bc2f4d64451ba7b628fd46f8ffdb7a
                                • Instruction Fuzzy Hash: 3B31F274E052199FDB44CFA9D445AEEBBF6FB98316F10802AE80AE3290D7395D44CF90
                                Function 0578F108 Relevance: .1, Instructions: 86COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 340df044047cb57af089080035c248138c0f886487e777b15525dbe417a3349e
                                • Instruction ID: 402467463da007637c923212e717132a0c651f9cbefecfae9a1a0f405dc5194d
                                • Opcode Fuzzy Hash: 340df044047cb57af089080035c248138c0f886487e777b15525dbe417a3349e
                                • Instruction Fuzzy Hash: B021B0327552005FC3249BA9E984A6ABBE9EFC1321B15807AE10EC7255DB34FC46CB60
                                Function 02E16F70 Relevance: .1, Instructions: 86COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8ac441da06050b3419e3a3f09152c3c332d00d0b66662952646384f815dd24e9
                                • Instruction ID: 02f6fe3a5a0359e8cf7983744e0f89944bf4481019676b96c3ed9d3732f0e661
                                • Opcode Fuzzy Hash: 8ac441da06050b3419e3a3f09152c3c332d00d0b66662952646384f815dd24e9
                                • Instruction Fuzzy Hash: 3E21BD3148D3C09FD312CB2598642A57FA6AB4B324F2A91FBC8968B1D3C3785846C712
                                Function 058770FE Relevance: .1, Instructions: 85COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 432f5152c25dd3a43e231048620958e38143d881feaf3ddc1d891aa753b66392
                                • Instruction ID: fd3e86eb1d4a5d396111811a21a4cee97a69e4fbc033dc41cd91d027bafbac5d
                                • Opcode Fuzzy Hash: 432f5152c25dd3a43e231048620958e38143d881feaf3ddc1d891aa753b66392
                                • Instruction Fuzzy Hash: AB31B37090525CCFDB20DF99D858BA9BBF2FB49305F1090A9E80AE7294D7749D85CF11
                                Function 05876326 Relevance: .1, Instructions: 85COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7bc899f47016d751d302a67eead43636024dc9de6672672b03294c593a8b8c56
                                • Instruction ID: d11ed1be4d0f9a467ebbf2a8c7e41f411909211c72aef65fccdfa8a34c36ed44
                                • Opcode Fuzzy Hash: 7bc899f47016d751d302a67eead43636024dc9de6672672b03294c593a8b8c56
                                • Instruction Fuzzy Hash: BD31F0B0D0520D8BDB04CFAAD544BEEBBF2FB49318F14802AE805B7290E7748A44CB60
                                Function 0585FA38 Relevance: .1, Instructions: 85COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 14c81e4b0498285479fbb6ffc827e988be0a6217313ce1842911a6df1b8e9fd0
                                • Instruction ID: d087c4c28e51436f24de8b54fde9f9fb12f485c89164b97d8e9069f4b2d24021
                                • Opcode Fuzzy Hash: 14c81e4b0498285479fbb6ffc827e988be0a6217313ce1842911a6df1b8e9fd0
                                • Instruction Fuzzy Hash: 6A31C374E052099FCB05CF99D594AEEBBF2BF48310F10806AE905A7360DB71A945CF91
                                Function 02E11768 Relevance: .1, Instructions: 84COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e86b411a13418f33b77dca752a4efc1b68cb9c833a76a4e32bc9c627a3ecadc0
                                • Instruction ID: cb64c16028cc0b7da20053db752a6a40e288bb4c165c946df968748a03f41177
                                • Opcode Fuzzy Hash: e86b411a13418f33b77dca752a4efc1b68cb9c833a76a4e32bc9c627a3ecadc0
                                • Instruction Fuzzy Hash: E121E134B842408FC7159B34A51876A37E3AFCA324F19C1B5D90ACF3A5DA7D8C468B62
                                Function 05876090 Relevance: .1, Instructions: 81COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 865418ac9805b80be0e626d6cad53d8c9abbb18069d9d3dbc70b9d14a79d6c86
                                • Instruction ID: bda26f3311e8b6070af78ffcf3cf4b3bf75db1597fa69445c61ca1ceb161afdd
                                • Opcode Fuzzy Hash: 865418ac9805b80be0e626d6cad53d8c9abbb18069d9d3dbc70b9d14a79d6c86
                                • Instruction Fuzzy Hash: 4D312474E002099FCB05DFA9E8556EEBBF6FF88310F14846AE805B72A4DB345845CF90
                                Function 02E1178F Relevance: .1, Instructions: 80COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ea1e43c777d269225683ba6495409a6c7cb7522a8f151ca3f5b6f2fd402f124e
                                • Instruction ID: b55017bd852fa7bedfe97a7d57eafcf0602d54104879e60660a31ee6be55deec
                                • Opcode Fuzzy Hash: ea1e43c777d269225683ba6495409a6c7cb7522a8f151ca3f5b6f2fd402f124e
                                • Instruction Fuzzy Hash: B6210631B402008FD7158B34A90876E3BE3AFC6314F1980B5D50ACF3A5DE798C46CB62
                                Function 058536E0 Relevance: .1, Instructions: 78COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ac3ce1ced20a4f61044756b2149ee3c75dfb6f60e9ce9356e6f19e91b4ef0690
                                • Instruction ID: 7071f17108a0340816e5465b8d171a49083c674cf61760b3bb2e62e76e5a7cab
                                • Opcode Fuzzy Hash: ac3ce1ced20a4f61044756b2149ee3c75dfb6f60e9ce9356e6f19e91b4ef0690
                                • Instruction Fuzzy Hash: D7217474B10A198FCB00FF79D5488AEB7B5FF89700B10456AD906A7364EF70AE46CB91
                                Function 05877B84 Relevance: .1, Instructions: 76COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0675e09d951dfaa6d455a6181b5ecd30c9f1cebe83d36d30174745846b929c4f
                                • Instruction ID: 6ce8a1437703504d87a3e857ba197ae4bec4f23f8cf7aec59a4a7dbc2a389a0c
                                • Opcode Fuzzy Hash: 0675e09d951dfaa6d455a6181b5ecd30c9f1cebe83d36d30174745846b929c4f
                                • Instruction Fuzzy Hash: F3219F7290950CCFEB11CF64D986AACBBB1FB10318F6801A4DE55D7251E634DD58DF81
                                Function 02E1C270 Relevance: .1, Instructions: 76COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3cf272f194d8dcd2d30b5d8a1ff364e881356008ee65e2cd155f8bdaa2a369bb
                                • Instruction ID: ce71d33c24edefc721c1c64d65535459da107800f9d6f04c3c03d41cf3ea2dc3
                                • Opcode Fuzzy Hash: 3cf272f194d8dcd2d30b5d8a1ff364e881356008ee65e2cd155f8bdaa2a369bb
                                • Instruction Fuzzy Hash: 6A212774D806098FDB08DFAAC4443EEBAB5BB88704F20E43AD519A3394D7744941CF92
                                Function 0587DFF0 Relevance: .1, Instructions: 75COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5030d5092acfe668e9bf596350328582f3b931c339bd6628c6a1f36a366c9403
                                • Instruction ID: 0c1e0086736f722efc50e692f8bf35ce1d4fbe3fc506b64dd0a922b38644f9eb
                                • Opcode Fuzzy Hash: 5030d5092acfe668e9bf596350328582f3b931c339bd6628c6a1f36a366c9403
                                • Instruction Fuzzy Hash: 52212A71A0020DDFDB10DEB8C904BAEBBFABB44344F1480A6D919DB290E635DE55CB92
                                Function 0142D508 Relevance: .1, Instructions: 75COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2042015454.000000000142D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0142D000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_142d000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b506bbaccc9d3f02bc5b8a295a168bca3903ec679d46c91efcc97b4b4f0b7f47
                                • Instruction ID: 20e50f0f5327e036d0c4e3efb71ffaa5cefe6dd6013f682861b24d88f7cf4c7b
                                • Opcode Fuzzy Hash: b506bbaccc9d3f02bc5b8a295a168bca3903ec679d46c91efcc97b4b4f0b7f47
                                • Instruction Fuzzy Hash: 5D213371904200DFCB05DF58D9C0F27BF65FB88318F60856AE90A0A36AC37AD4D6C6A1
                                Function 0142D5F4 Relevance: .1, Instructions: 75COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2042015454.000000000142D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0142D000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_142d000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 80b9c45ca59af71ac3dfe9c137ff59d599e6dcd4387d7bedd2899920dbc3cabb
                                • Instruction ID: 121d3fa63d8d8979db1dcc6c7111bfa3f2bf31a0c85d0cb05a98ae829033d498
                                • Opcode Fuzzy Hash: 80b9c45ca59af71ac3dfe9c137ff59d599e6dcd4387d7bedd2899920dbc3cabb
                                • Instruction Fuzzy Hash: C3213371904244DFDB25DF98D9C0F27BF65FB88310F60C56AE90D0A366C33AD496CAA1
                                Function 02E15478 Relevance: .1, Instructions: 75COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3016b0294e4ecc781ed550a5dae316d8aa747bf5a0674404017be2aec84da40f
                                • Instruction ID: c8e98d8caf12f3350c37bf335701021a226028570205bb69866af2f5fcc45835
                                • Opcode Fuzzy Hash: 3016b0294e4ecc781ed550a5dae316d8aa747bf5a0674404017be2aec84da40f
                                • Instruction Fuzzy Hash: 6031D271A40208CBDB14CFA8D584BDDB7F1EB88310FA4A178D506A7358D3B59D81CF61
                                Function 0143D01C Relevance: .1, Instructions: 74COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2042143641.000000000143D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0143D000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_143d000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f6e2cf22dee076dc6792ba3c164931736f5ffeee026090f6941cd1f756dc2895
                                • Instruction ID: b315982612c6c3ee6a12101d5f609b405f69996f6e9ede252d504e61120b2f34
                                • Opcode Fuzzy Hash: f6e2cf22dee076dc6792ba3c164931736f5ffeee026090f6941cd1f756dc2895
                                • Instruction Fuzzy Hash: 942124B1904200DFCB15DF58D984B17FF75EBC8718F60856AE9090B362C33AC407C6A2
                                Function 05851D50 Relevance: .1, Instructions: 74COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 87e586659f4b0f429386213fdc23a291a68efd6107250dccefd6ea4aa8db1826
                                • Instruction ID: 44a5e5cb95e29134ff71501626035176951d1ce698ef7db4b75f8794e11d38a3
                                • Opcode Fuzzy Hash: 87e586659f4b0f429386213fdc23a291a68efd6107250dccefd6ea4aa8db1826
                                • Instruction Fuzzy Hash: 6F316D31A00605DFCB15CF98C584A6ABBB6FF84310F19C569D8499B229D735FD85CBA0
                                Function 05783F79 Relevance: .1, Instructions: 73COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fe3376f8610ab9475854ea691b2d3eda82ab57bc54f8d0a260190b1945f729f6
                                • Instruction ID: 4ac2be40d7a09a538e97175e4f92160aaee7702c51ca5d82dda012ee00bf1d14
                                • Opcode Fuzzy Hash: fe3376f8610ab9475854ea691b2d3eda82ab57bc54f8d0a260190b1945f729f6
                                • Instruction Fuzzy Hash: 9F2139B0D45219CBDB04EFA9D8486FEBBB2EB88311F10882AD405B3250DB744A85DFA1
                                Function 05876061 Relevance: .1, Instructions: 72COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 670ff317aee6fa59740f266dd2729f7456d56a7ea0a43924634286bf6580246d
                                • Instruction ID: 2b42a6b813fede9c37cc61aaf779750502e4526521d25fd322fa936ec155e78b
                                • Opcode Fuzzy Hash: 670ff317aee6fa59740f266dd2729f7456d56a7ea0a43924634286bf6580246d
                                • Instruction Fuzzy Hash: 94212874E002499FCF04DFA9E9855EEBFF2FF88210F24846AE805B7260DB345845CB50
                                Function 0587A732 Relevance: .1, Instructions: 71COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 036d3db6376a3403c897f99db510b99c592b0a095741c68a5984be0e74762fef
                                • Instruction ID: 4fc95cdfe430c0dba03277ce45ad16216b89738ce3c8632157ca7aaae7adf9ac
                                • Opcode Fuzzy Hash: 036d3db6376a3403c897f99db510b99c592b0a095741c68a5984be0e74762fef
                                • Instruction Fuzzy Hash: F9214C35A14108AFCB148FA8D4459DE7FB6FF8C320F14812AE815A7394DE359C45DBA0
                                Function 05879CBA Relevance: .1, Instructions: 69COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d13ec33c2eac60da386b5fc3d004600a897e58059abbbb06aee6792b344d583b
                                • Instruction ID: 4e3270dcf05abe5e0784a44643fc1b8473c97c56cf66252d4c38f475337d4035
                                • Opcode Fuzzy Hash: d13ec33c2eac60da386b5fc3d004600a897e58059abbbb06aee6792b344d583b
                                • Instruction Fuzzy Hash: 122180316112059FC714DF68E84ABAEBBFAEF84301F404939E009D7754EE7999498BA4
                                Function 02E17C02 Relevance: .1, Instructions: 69COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 442805302004b0b18c0ec5e3c324f791ebf49f5d9b442804e2305547eff19e67
                                • Instruction ID: f784f3181676d4498462936d1d7521316e196d0f9dce34cd6ac1f41d70b67c3c
                                • Opcode Fuzzy Hash: 442805302004b0b18c0ec5e3c324f791ebf49f5d9b442804e2305547eff19e67
                                • Instruction Fuzzy Hash: 2221C3B0941209DFEB44DFA9D4487EEFBB2FB89704F50E5A9E406A3254E7385A85CF10
                                Function 0578ECA1 Relevance: .1, Instructions: 68COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 17b96feabde4342a99e6bc782b2c50d33e058156b139fb38cf86f9b41f325be4
                                • Instruction ID: e0f9a541c75e25c272dfd2d3e47c93b66deb7bd044702d6967618990b5a9cfd4
                                • Opcode Fuzzy Hash: 17b96feabde4342a99e6bc782b2c50d33e058156b139fb38cf86f9b41f325be4
                                • Instruction Fuzzy Hash: 3C1191313451504FD700AA29E8D9D7ABBAAEFC6724718807BE905CB362DF34CC09E760
                                Function 05783F88 Relevance: .1, Instructions: 68COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 449600d4068c5fb21327528656249ec56cf6ddf4c70f75a5ba1fcecc9236eff8
                                • Instruction ID: 81a6008baf7f048c1fd8ff370498f9feab021acc6f6c2ba9d757d59795583301
                                • Opcode Fuzzy Hash: 449600d4068c5fb21327528656249ec56cf6ddf4c70f75a5ba1fcecc9236eff8
                                • Instruction Fuzzy Hash: 1E2159B0D45219CFDB04DFA9D8086FEBBB2FB88311F10882AD409B3250DB744A49DFA1
                                Function 0578D240 Relevance: .1, Instructions: 68COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5714b300d909d20b63f3ef32fc44b03892a58bfce7cf80a358fd14852ca696dd
                                • Instruction ID: 3675a58c204396e564af3cc640c1dede4388dec537091bb80735f8af937adbb1
                                • Opcode Fuzzy Hash: 5714b300d909d20b63f3ef32fc44b03892a58bfce7cf80a358fd14852ca696dd
                                • Instruction Fuzzy Hash: 0F212670E44209DFCB24EFA9C144ABEBBB6FF48310F10856AD815A7295D7389981DF91
                                Function 05857F30 Relevance: .1, Instructions: 67COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d986000c83e3f788333c3be65ac89d0e4091a069d9096768d5599f38eaeaa98f
                                • Instruction ID: 938b9328b03f43aebe9ac91750a7fbc0595c6c4405ac2b22a3bcb265cebd7556
                                • Opcode Fuzzy Hash: d986000c83e3f788333c3be65ac89d0e4091a069d9096768d5599f38eaeaa98f
                                • Instruction Fuzzy Hash: B321FF30A092409FC719DF68D85166ABFF2FF85200F9444EED84ADB690DF31AD46CB55
                                Function 02E17C10 Relevance: .1, Instructions: 65COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d1886da1010f116eec2a1f657c0db4ba489ae36619c693b5fa72c43afeea44f8
                                • Instruction ID: 84391f262ec41fee18167fb64f5b3fde1f80e7b40ba47945d18763859ade50b8
                                • Opcode Fuzzy Hash: d1886da1010f116eec2a1f657c0db4ba489ae36619c693b5fa72c43afeea44f8
                                • Instruction Fuzzy Hash: EF21E3B0945209DFE744DFA9D4482EDFBF2FB89705F50E5A9E406A3254E7384A84CF11
                                Function 02E16208 Relevance: .1, Instructions: 64COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3576026ff88fb3db905fa8139134554080944062da314b108fdabc82c18c24a7
                                • Instruction ID: 2c718232af4ce62c1f8fc6bb251ffb945124896bc289514ec227918b7e66221e
                                • Opcode Fuzzy Hash: 3576026ff88fb3db905fa8139134554080944062da314b108fdabc82c18c24a7
                                • Instruction Fuzzy Hash: 601128B5B802109FCB44EB78D958D5A3BEAEF8D26031145AAE10ACB375DE38DC00CB60
                                Function 0143D006 Relevance: .1, Instructions: 64COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2042143641.000000000143D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0143D000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_143d000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d9579f458f60c0eb6f58367a63653554b09dca7f29d731068ab30728a426a482
                                • Instruction ID: 0e4bb9caeb85cedd5a6f628f360a9749b1c73343fd226c15a9ea29761acb67db
                                • Opcode Fuzzy Hash: d9579f458f60c0eb6f58367a63653554b09dca7f29d731068ab30728a426a482
                                • Instruction Fuzzy Hash: D621B0754093808FCB03CF64D994716BF71FB8A614F2881DBD8458B663C33AD80ACB62
                                Function 02E16041 Relevance: .1, Instructions: 63COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 035575251d32e8dce905dd93182f24ae3bad4d220649adc19e31988c857f0931
                                • Instruction ID: 4fe13b3aa68ea2caf4edac3d1eb6d326dbedfffce681f52756783c77765ec6bb
                                • Opcode Fuzzy Hash: 035575251d32e8dce905dd93182f24ae3bad4d220649adc19e31988c857f0931
                                • Instruction Fuzzy Hash: F4115175B802105FCB44AB7CD55895D3BEAAFCE25031244A9E10ACF375EE39DD01CB60
                                Function 02E12160 Relevance: .1, Instructions: 62COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3ada2ac27096b243c701ec0cae640fe59d40c5d6fef2f8025702df542c703418
                                • Instruction ID: 37f45bfe0291e37205f51f1784c6287f6d179635b284791fa5b5e227b8deaf41
                                • Opcode Fuzzy Hash: 3ada2ac27096b243c701ec0cae640fe59d40c5d6fef2f8025702df542c703418
                                • Instruction Fuzzy Hash: 56118231B44165CFDB54CE64EC007DE77F6E789325F2080BADA09E7284D73658418B64
                                Function 02E14930 Relevance: .1, Instructions: 61COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b75621e9db6e1a5b95d3453d540ca561c5b1d90e1a92f9fad00b9ed77cc8a241
                                • Instruction ID: e2d7525b9fbf83631c1643720c24ea1e99375f08676fc47d2e22343a1c03768c
                                • Opcode Fuzzy Hash: b75621e9db6e1a5b95d3453d540ca561c5b1d90e1a92f9fad00b9ed77cc8a241
                                • Instruction Fuzzy Hash: 4C119A30A44284DFCB15CE24E5417A877F2EB85319F24D4BAD4069B3E9D77AAA46CB01
                                Function 0585E0C8 Relevance: .1, Instructions: 60COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8290412bebed4742e484b89e4e237526c9af09cf88a358c3165ca7682903c8c7
                                • Instruction ID: 8fc17bbaeb08a37d521253e55844e5a43db7c659eeda76f37d5ce588814acfa6
                                • Opcode Fuzzy Hash: 8290412bebed4742e484b89e4e237526c9af09cf88a358c3165ca7682903c8c7
                                • Instruction Fuzzy Hash: 43213C70A4021C9FDB50DF28E999BA9B7F5FB48315F1081E5D809EB291DB799E81CF40
                                Function 0587ADB1 Relevance: .1, Instructions: 59COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fd4684e490c36b62f181787babcff30e2ca107a71016c5f9e9fc0c073cb2cab9
                                • Instruction ID: 52b01b258ec4a57298078316104dce9cf04cf8e646fe3b672a55a74c76db6637
                                • Opcode Fuzzy Hash: fd4684e490c36b62f181787babcff30e2ca107a71016c5f9e9fc0c073cb2cab9
                                • Instruction Fuzzy Hash: 0A115971A0120DEFCB08DBA8E985AAEBBF2AF48710F144126E815E7360DB31DD018B90
                                Function 02E1D600 Relevance: .1, Instructions: 58COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4210a1f39c2ea54c7bc93d20086df88264722d1c9ff05ef8a7e34c947cc1c783
                                • Instruction ID: 1a604e42c0348597cd382744210fb24680c832231ee3db792efde17ba7b28de5
                                • Opcode Fuzzy Hash: 4210a1f39c2ea54c7bc93d20086df88264722d1c9ff05ef8a7e34c947cc1c783
                                • Instruction Fuzzy Hash: AA1120B0D00209DBCB14CFAAC8446EEBBB6FB88311F10E03AD509B2254DB705A85CBA0
                                Function 02E12F0D Relevance: .1, Instructions: 58COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6396fe31440099105452479e0f2c666c39b2a87b6baefaca246adce0e86a5c57
                                • Instruction ID: 5a8ff2361838299ae78f9426f6fd810edbf94986b8c6b80e91568c2cfc264e95
                                • Opcode Fuzzy Hash: 6396fe31440099105452479e0f2c666c39b2a87b6baefaca246adce0e86a5c57
                                • Instruction Fuzzy Hash: 8A21F531A80129CBDB60CF25EC487AD73B1EB08309F54A479DA0AEA2D0C7765995CF15
                                Function 0587B0E6 Relevance: .1, Instructions: 57COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8b49155227175a122844115a5be752e9cdd36079855ead14247e7cfa8ddf8889
                                • Instruction ID: b1e9f4367cc927357e56428ef6fdce9ef684af909677f2b8bf5f88dd6fa8328e
                                • Opcode Fuzzy Hash: 8b49155227175a122844115a5be752e9cdd36079855ead14247e7cfa8ddf8889
                                • Instruction Fuzzy Hash: B7115471B142099FCB54DF689856BAE7BF6FF88211F144425E90AD7380EA74C901DBA1
                                Function 05879B6A Relevance: .1, Instructions: 56COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6996df2e9fe3468374a5ddb1f5bab50d59483de350a584046aceada4be6b4126
                                • Instruction ID: 719c69ba1df766e2a55b4a14c1dc6157c4f81b9cdba995e3c642e2260f4fa762
                                • Opcode Fuzzy Hash: 6996df2e9fe3468374a5ddb1f5bab50d59483de350a584046aceada4be6b4126
                                • Instruction Fuzzy Hash: 7501263A690A6C9ADB11FFACD550AD87B65FF41310F000166DD148B242DAB9CE09C7D4
                                Function 0142D503 Relevance: .1, Instructions: 56COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2042015454.000000000142D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0142D000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_142d000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                • Instruction ID: 93374658f6a94288904d4a761357535ed614d443fc492f4bb399c3067e6acdda
                                • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                • Instruction Fuzzy Hash: A911E172904280CFCB02CF44D5C4B16BF72FB84314F24C5AAD9094B267C336D49ACBA2
                                Function 0142D5EF Relevance: .1, Instructions: 56COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2042015454.000000000142D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0142D000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_142d000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                • Instruction ID: b4a7089c8d74acac2217308e8b9f293b97b4b2f4bc7b7bb2c36eab3eba09e124
                                • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                • Instruction Fuzzy Hash: 4511DF72804280CFCB12CF44D5C4B16BF71FB88314F24C5AAD9490B266C336D45ACBA2
                                Function 05BD7494 Relevance: .1, Instructions: 56COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2064640113.0000000005BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BD0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5bd0000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7d217b2031b1dfc4a0b78078098fd8dbb5177518b6a7edba82025d712cebd507
                                • Instruction ID: 406b2abef6768388bf566b58722a2d094da96e5764616caceec712e0e4e2229f
                                • Opcode Fuzzy Hash: 7d217b2031b1dfc4a0b78078098fd8dbb5177518b6a7edba82025d712cebd507
                                • Instruction Fuzzy Hash: 6F314FB8A05229DFDB64CF29D9849D9B7F1BB49300F1081EAE818A7794D634AF81CF50
                                Function 05877EF8 Relevance: .1, Instructions: 55COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5f2f0d310a5f6427f0967eb674cc29e8dc8000d33423a061d17fcb3f103a562e
                                • Instruction ID: 8d2eb29e32ee18968127f313c14d6db33cf47a0f86d148bb1d605894d3afa733
                                • Opcode Fuzzy Hash: 5f2f0d310a5f6427f0967eb674cc29e8dc8000d33423a061d17fcb3f103a562e
                                • Instruction Fuzzy Hash: 5501B53191A208BFC751DBA8DD46BDEBFF9EB05204F1440E5E848D3291EB719D40DBA6
                                Function 0587AE61 Relevance: .1, Instructions: 55COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e89077c294f767644d892f9ec92fcbbd5a2b1f9507c3c6965f07d6fe66282e90
                                • Instruction ID: 3d4b43b9ab05173f4ae1d4a444790d74d7827a4e9e7c3f1b3ac6540f1d925ca1
                                • Opcode Fuzzy Hash: e89077c294f767644d892f9ec92fcbbd5a2b1f9507c3c6965f07d6fe66282e90
                                • Instruction Fuzzy Hash: 01218079A422599FCB08CF58D594EADBBF2BF49304F104059F806EB360CB34AD41CB50
                                Function 05879C8F Relevance: .1, Instructions: 54COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 81f40c3c1050e270fdac3e5ecef2c42162ac77a223fe5db8f7bb48736c67981c
                                • Instruction ID: 2aa1675fa18c96447c17a1cd92c21cc372eec5c5e279c72f3e1b94a92c53e1bd
                                • Opcode Fuzzy Hash: 81f40c3c1050e270fdac3e5ecef2c42162ac77a223fe5db8f7bb48736c67981c
                                • Instruction Fuzzy Hash: D11106722102019FD7109B24D85A7ADBF6AFF80305F14887AD40A87685DF79D94ADB90
                                Function 0587C390 Relevance: .1, Instructions: 52COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3323275ee2f7afbf8edfb296dc17ea674f43c353f45762d73367e67629800b03
                                • Instruction ID: 36fa82b46f38ac760071553998d269854b8542442241549a3b9f153dbf240c7b
                                • Opcode Fuzzy Hash: 3323275ee2f7afbf8edfb296dc17ea674f43c353f45762d73367e67629800b03
                                • Instruction Fuzzy Hash: 99113071E0011E9BCB04DF9AD4809AEFBB6FF89204B24852AD519E7354DB31ED4587D1
                                Function 0587AD40 Relevance: .1, Instructions: 51COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 359fe830fe90cd00b90692fc65a8173f8162cbdc44fb64544afcfdeca89ab534
                                • Instruction ID: a3c0798d18cf7f32bd406be5f7c5afdf211236334fc10630f1ba89493f3da1e7
                                • Opcode Fuzzy Hash: 359fe830fe90cd00b90692fc65a8173f8162cbdc44fb64544afcfdeca89ab534
                                • Instruction Fuzzy Hash: 35018436340214AFDB048E59EC84FAEBBE9FF88721F108026FA04CB390CAB1DD008790
                                Function 0587C420 Relevance: .1, Instructions: 51COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 23c4ea720639f9b32cbdeb0496ecaf43340de8714b1ebb44cffd21ee984d62de
                                • Instruction ID: 61b91b3b50b7e042af58f60eabaa2cd41bc3742ee0075d5dc8263cadcf4b44c8
                                • Opcode Fuzzy Hash: 23c4ea720639f9b32cbdeb0496ecaf43340de8714b1ebb44cffd21ee984d62de
                                • Instruction Fuzzy Hash: 2B01B971A1820D9FCB15CAA4E4496BD7FF7AF44116F0588AAEC0AD7240EB34CD84C754
                                Function 02E15F60 Relevance: .0, Instructions: 50COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0f092b135a9f12bec76ef57d5a238178d95c0e69b045a4906a7cf0298240297d
                                • Instruction ID: 3a29e1034791419ab42558306ee74e1d429626777d50c0200bdc0fa5ada42c41
                                • Opcode Fuzzy Hash: 0f092b135a9f12bec76ef57d5a238178d95c0e69b045a4906a7cf0298240297d
                                • Instruction Fuzzy Hash: 33018C75B802115FC704EB78D45C8193BFAAFCD21030244AAE40ACF375EE39DD418B60
                                Function 0587AD30 Relevance: .0, Instructions: 49COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 39a5cc69e81a24e49378c6d68298a9ca08e36e903ef1fd4b448a518bd77de764
                                • Instruction ID: ee046159cdb1bfbd8ae88a2b8a2c0649e7bda14972750b783ee40f743af698e5
                                • Opcode Fuzzy Hash: 39a5cc69e81a24e49378c6d68298a9ca08e36e903ef1fd4b448a518bd77de764
                                • Instruction Fuzzy Hash: EC016277300214AFD7058E59E885FAEBBE9EBD8622F15807AFA09CB351CA71DD148750
                                Function 05854930 Relevance: .0, Instructions: 49COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1d88ed6b2ebf239337470d91c4f6bc1f513a791365a937fa8058e5911170d9ff
                                • Instruction ID: 65f3a739d2f9eb81518ff9eaadfd0aabd54f3d780a694909bec5bbf0f8b78590
                                • Opcode Fuzzy Hash: 1d88ed6b2ebf239337470d91c4f6bc1f513a791365a937fa8058e5911170d9ff
                                • Instruction Fuzzy Hash: 30019E32700218AFCB14DB58DD95B9EB7F6EF89310F1041A9E949E7361EE71AC448B91
                                Function 0585C43D Relevance: .0, Instructions: 49COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ec9eb528e41a72f13b77aed2f08b724b321d97ab5a1990d115d4c805dc410027
                                • Instruction ID: e4d53d39dd5f6aeafcdc955bd6b990885ec6f3a23ba405612eaf6644ff358a14
                                • Opcode Fuzzy Hash: ec9eb528e41a72f13b77aed2f08b724b321d97ab5a1990d115d4c805dc410027
                                • Instruction Fuzzy Hash: 041194B4E0022C9FDB68CF98CC95AEDBBB1BB88310F4481A9D90DE7350DA705E849F40
                                Function 02E16179 Relevance: .0, Instructions: 48COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8aafa7df3f4ba03999ad2b3b6531106be3cbe70d427ba1f1a34f03b884f3fce0
                                • Instruction ID: 638214a5d01502e03bbe0ddef88dac48840c31d9651ac08202e03d9804ec9948
                                • Opcode Fuzzy Hash: 8aafa7df3f4ba03999ad2b3b6531106be3cbe70d427ba1f1a34f03b884f3fce0
                                • Instruction Fuzzy Hash: 9D01BC75B901108FC754DB7CD41896E3BEAAFCD22031205AAE006CB375EE29DC06CBA0
                                Function 05876F40 Relevance: .0, Instructions: 47COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: aee8eef6e4de50f32d1cef0c4cd47f0c19fdeb9b060b54a23889884c13cbd1aa
                                • Instruction ID: b4c8807dc88aa0f6c09c2642ecfdd7f9b568d03c1376d05568a224027be200eb
                                • Opcode Fuzzy Hash: aee8eef6e4de50f32d1cef0c4cd47f0c19fdeb9b060b54a23889884c13cbd1aa
                                • Instruction Fuzzy Hash: CE11397090960CCFE714CF5AE4847A9BBF6EB89351F5480BAE819E7290EB359C84CF01
                                Function 05852A5A Relevance: .0, Instructions: 47COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0f1b3917cec292c5341501bcfb377acd2e1000f9b065c818a1e3fbce95751638
                                • Instruction ID: 3baca5912ad355795b2dfe4c8470b4e24032ca15aac484496160db30912d99af
                                • Opcode Fuzzy Hash: 0f1b3917cec292c5341501bcfb377acd2e1000f9b065c818a1e3fbce95751638
                                • Instruction Fuzzy Hash: BC0180353006009FC7269624C558B7A3BA2EF85320F188A6CDD568B790CB79EC42D790
                                Function 0578D230 Relevance: .0, Instructions: 46COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 770c034c620dab2053485816cf2bcd9d0f34fdeb029abe61cdb0561c6aff1c7a
                                • Instruction ID: c768f326594fe2b09fbb3842dab4ba0cab71502995a2f54810223000a01d2453
                                • Opcode Fuzzy Hash: 770c034c620dab2053485816cf2bcd9d0f34fdeb029abe61cdb0561c6aff1c7a
                                • Instruction Fuzzy Hash: E90169B0D0520A9FCB64DFA9C442AAEBFF6FB49310F14816AC408E2294D3348541DB91
                                Function 05BEE120 Relevance: .0, Instructions: 46COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2064640113.0000000005BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BD0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5bd0000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7291de57185988c6303f7d7fbb32bea2e7649f287b5618c44faec09868dee496
                                • Instruction ID: cbd36ee125ffc3bc1a96aad20f5b1ac52d8c97f538ee376d22d074c3f870c3c3
                                • Opcode Fuzzy Hash: 7291de57185988c6303f7d7fbb32bea2e7649f287b5618c44faec09868dee496
                                • Instruction Fuzzy Hash: 1411B7B0E0021A9FCB44DFA9D9456AEFBF5FF88300F24846AD418A7354DB349A41CB95
                                Function 0587C380 Relevance: .0, Instructions: 45COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2b27ca56063c7a192eb86db258f2c541532738b4bbf3fa531836f25e7b1a63dd
                                • Instruction ID: dfce5ed709ee4b2ec30d23c8c4ed401593625b833904c74cc3c28d03861acd80
                                • Opcode Fuzzy Hash: 2b27ca56063c7a192eb86db258f2c541532738b4bbf3fa531836f25e7b1a63dd
                                • Instruction Fuzzy Hash: F5017171A0010AAFCB04DE95D885AEFFBB9FF84204F144429E519E7310DB31ED0587E1
                                Function 02E15F70 Relevance: .0, Instructions: 45COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: df6aedcdde7f8ba3b75ea200f89f5d4ed411113453938c90b42e46c3b4cafa08
                                • Instruction ID: cf2b552b397bfd8bef5ad20589b483ea5381291ad355956426e07da4f6abbaab
                                • Opcode Fuzzy Hash: df6aedcdde7f8ba3b75ea200f89f5d4ed411113453938c90b42e46c3b4cafa08
                                • Instruction Fuzzy Hash: 26016275B802115FC704AB7CD51CC1A3BEAEFCD22131244A9E50ACB374DE78DD4187A0
                                Function 0585BEB7 Relevance: .0, Instructions: 45COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 39cf5cc0f87ee9895009e7a402410b13fb3e85c8b9fe2705267ecadb327830a6
                                • Instruction ID: efba12b8fb7070075e096487b827cd8a0b1e0570498a75747e9e290a596d261c
                                • Opcode Fuzzy Hash: 39cf5cc0f87ee9895009e7a402410b13fb3e85c8b9fe2705267ecadb327830a6
                                • Instruction Fuzzy Hash: 8B019E75905108EFCB81DFA8D915AADBBF0EB48312F1080AAAC8993250D6318E11EF91
                                Function 02E160F8 Relevance: .0, Instructions: 44COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 258fe967b9e8c3bfb3ec1d395a20466f96e102931bdbc0212d34f408ebefe1e1
                                • Instruction ID: 93a5b92d95ea186f9b4e476e55e46d6dec674ab7108ab5b35580bd703df07df9
                                • Opcode Fuzzy Hash: 258fe967b9e8c3bfb3ec1d395a20466f96e102931bdbc0212d34f408ebefe1e1
                                • Instruction Fuzzy Hash: 6C018135B802505FC715AB78D4289693BEA9FDE31130644AAE50ACB375DE39CD05C760
                                Function 05852A68 Relevance: .0, Instructions: 44COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 78ba3012050d2aa1e98ddba39311cf2340255928fc09feddb72785df8cfc8f12
                                • Instruction ID: 00f1c71cb5b341ddf3df91aa90b81f86171e072ee768d5bb29aff056b170342e
                                • Opcode Fuzzy Hash: 78ba3012050d2aa1e98ddba39311cf2340255928fc09feddb72785df8cfc8f12
                                • Instruction Fuzzy Hash: EA015E35300604AFC3259A28D448A3A7BA3FFC5360F148A6CD9568B790CF79EC42CB90
                                Function 05850962 Relevance: .0, Instructions: 43COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 644d601384ee266a44f97ba05e7445f007d2b46d82dbfce91b03e92d78e1c493
                                • Instruction ID: 80dd14d0ae2be62d0dffd483751cfadee0f04aa20e79cd7121da764f25bfd8e4
                                • Opcode Fuzzy Hash: 644d601384ee266a44f97ba05e7445f007d2b46d82dbfce91b03e92d78e1c493
                                • Instruction Fuzzy Hash: 5801AD393005109FC3099B28D459A6ABBA6FFC8711B108129E90A87794DF79EC42CBD1
                                Function 02E120E1 Relevance: .0, Instructions: 42COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 02a819a3ddf4f351b6166aa6d25302429ed52c6c678da86b8e5a49982c00f6e7
                                • Instruction ID: 5d8633b4723baa36f7710be0fdcbfdc397ded7dd746feca9ce262ad91e26a137
                                • Opcode Fuzzy Hash: 02a819a3ddf4f351b6166aa6d25302429ed52c6c678da86b8e5a49982c00f6e7
                                • Instruction Fuzzy Hash: CE01F931B481508FC714CF78A8047E97BF6DB8A325F24C0BADE09C7165D6365941CB10
                                Function 02E118B0 Relevance: .0, Instructions: 42COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8e05bd260273f621e5ae2ee2d755ce755eb23ca4473c56edb38ba1d666eff35f
                                • Instruction ID: 61d3e39d6979aab0af9fe4b1c672e6f4cdf0bd2d5ffbac6acdda94f1a684d3ce
                                • Opcode Fuzzy Hash: 8e05bd260273f621e5ae2ee2d755ce755eb23ca4473c56edb38ba1d666eff35f
                                • Instruction Fuzzy Hash: 1901B130A4010ADFDB10CF26E5087AA73B7FB85306F55D074D6195B2ACD7795A46CF41
                                Function 0578E358 Relevance: .0, Instructions: 41COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3c839ee8664ae0179a45d49a89e757cc0302d0c0929f170802c70498a0c2e7a7
                                • Instruction ID: c84a8593de8b5824fc53ef155b8139751bc077eabe44d5ce3d8422edaf2e8219
                                • Opcode Fuzzy Hash: 3c839ee8664ae0179a45d49a89e757cc0302d0c0929f170802c70498a0c2e7a7
                                • Instruction Fuzzy Hash: CCF0F6367000186BC718DA19D8849BBB7AEEFC4220B048066FD19D7361EF70AC1A8790
                                Function 05854830 Relevance: .0, Instructions: 41COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fbd9959c6371ccedf3f95d36462f4986f621732d67737dfa7c861284ce2fa362
                                • Instruction ID: acf4a3bc2a82b9daf0ddf70ba7fda235afea061c467a41f9d39b8d6a70d94e6a
                                • Opcode Fuzzy Hash: fbd9959c6371ccedf3f95d36462f4986f621732d67737dfa7c861284ce2fa362
                                • Instruction Fuzzy Hash: AAF0FC313402549FC715D678D859B6A3BA6EF85714F548069E90ACF3A0CF76DC51CBD0
                                Function 0587A160 Relevance: .0, Instructions: 40COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: df0f5b992495b6774353c479396573212768be1065ab4e4a480ba8e697d7a9e5
                                • Instruction ID: 1615de4f263405ae222db57f8ee8fcf302847b554b6df5f66999a56d2f94f1e3
                                • Opcode Fuzzy Hash: df0f5b992495b6774353c479396573212768be1065ab4e4a480ba8e697d7a9e5
                                • Instruction Fuzzy Hash: 45F0F636B441155FE3198658984576FB7A9EB88320F144436E80AEB350CA7ADC41C7B0
                                Function 058778D4 Relevance: .0, Instructions: 40COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3d7ba8d16856c041c1113464febf7971c59c8256128b4519fc2aa519b3b5487e
                                • Instruction ID: f9530e6d536a74ca6a5414c226318e81699ab47a3f8c2dd4a08f5ea448d2f66b
                                • Opcode Fuzzy Hash: 3d7ba8d16856c041c1113464febf7971c59c8256128b4519fc2aa519b3b5487e
                                • Instruction Fuzzy Hash: E811F838A042288FDB64DF64D9947DABBB1FB99300F5041EBA409B3394DB395E85CF50
                                Function 0585ED8E Relevance: .0, Instructions: 40COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 06fa61ba68ff61b358ded1e4af2997112e18dacaa192b64cf5b655bfce179517
                                • Instruction ID: f8239d46b8788b340a0e1ad50669a2827494e2c6e4b85ad735abfd003dda1bee
                                • Opcode Fuzzy Hash: 06fa61ba68ff61b358ded1e4af2997112e18dacaa192b64cf5b655bfce179517
                                • Instruction Fuzzy Hash: 1D112A34A002189FDB64DF28E959B9977F1FB49304F1081E5D80AEB394DB79AE84CF40
                                Function 05850970 Relevance: .0, Instructions: 39COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a6c75ea7970954a2c78d0c61de864179ca12758dbe988dab7aacdf01b24e168f
                                • Instruction ID: 98fe0fb331f395a1bedfb77ac647330ba9951004509451fe1de664718201b246
                                • Opcode Fuzzy Hash: a6c75ea7970954a2c78d0c61de864179ca12758dbe988dab7aacdf01b24e168f
                                • Instruction Fuzzy Hash: E301AF393006109FC3099B24D01892EBBA6FFCC711B10816AE90A8B794DF7AEC13CBD1
                                Function 0585F2AB Relevance: .0, Instructions: 39COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: cc37ab627fcd2210af92146f7a6acc0c701700816e77751917cb7e782165466b
                                • Instruction ID: 12c9f751a411966fc3599059245fff496939e0e76fe7a66b206e36fa46f9f13a
                                • Opcode Fuzzy Hash: cc37ab627fcd2210af92146f7a6acc0c701700816e77751917cb7e782165466b
                                • Instruction Fuzzy Hash: 8B11E570E44248CFCB54DFA9E599AA9B7F2FB48304F2081B6D806EB254DB38AD45CF40
                                Function 0587A1C8 Relevance: .0, Instructions: 38COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: babd1d91d30796ebaac58304ade6c719c59f0a25b49fecaa8d4af977e60aa37b
                                • Instruction ID: efbe8b3b5271ad9767d66509cebe2bee035d7945172e3e82f66cd5593ba5e241
                                • Opcode Fuzzy Hash: babd1d91d30796ebaac58304ade6c719c59f0a25b49fecaa8d4af977e60aa37b
                                • Instruction Fuzzy Hash: 58F02462B0D2C45FF32B52285C6132D6FA1DBD7205F0884EBC443CF2A6DA9ACC02C361
                                Function 02E11937 Relevance: .0, Instructions: 38COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9417bb756c07bb5d10ab41fe81db920b878c13a4ca99f7d79ccd596145a175f5
                                • Instruction ID: 788681efceea79f4b87be773c18b6da91246ec969cb66531ac10dc50e16a7d7d
                                • Opcode Fuzzy Hash: 9417bb756c07bb5d10ab41fe81db920b878c13a4ca99f7d79ccd596145a175f5
                                • Instruction Fuzzy Hash: 66015A30A8010ADFDB20CF26E5087E973A7FB85316F25E074D6195A1ACC7785A45CF01
                                Function 02E16108 Relevance: .0, Instructions: 38COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 937e7602dc6880e10a6c8b30988d17c199ffd8b63c411d64a8c04ac1986896d5
                                • Instruction ID: 12c0f3e73ddf3b804480c4b14b65500b6705f82ebcc2e172fd0d5b936d85ce6b
                                • Opcode Fuzzy Hash: 937e7602dc6880e10a6c8b30988d17c199ffd8b63c411d64a8c04ac1986896d5
                                • Instruction Fuzzy Hash: 71F06D35B802105FCB14AB78D41C91A37EA9FCD261312446AE50ACB334EE39DD058BA0
                                Function 0585E36D Relevance: .0, Instructions: 38COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2107512d9110313c78dddbc32f59034951b1a2f27b06c24247b89726f74ce742
                                • Instruction ID: b9990fa5ebfb7409a128658af7206d75bec302ae6d6ce0987b974764f48592a5
                                • Opcode Fuzzy Hash: 2107512d9110313c78dddbc32f59034951b1a2f27b06c24247b89726f74ce742
                                • Instruction Fuzzy Hash: 9411FA34A402588FDB54DF28E999BAD77F1FB49304F2041E5D80AEB291DB39AE80CF41
                                Function 0585D29E Relevance: .0, Instructions: 38COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 625e167de84488e6d3b7b11cd289f2f0c9604a46f51622e03b96cd0be05f2df3
                                • Instruction ID: a34857e2ecd5297a4ccf29a5d049bbacda5c03b8930dd451e56654db01a28234
                                • Opcode Fuzzy Hash: 625e167de84488e6d3b7b11cd289f2f0c9604a46f51622e03b96cd0be05f2df3
                                • Instruction Fuzzy Hash: 85119370D09258CFDB10CF99E458BA8BBF2FB09318F5040A9E859EB281D3795D81CF11
                                Function 058506E8 Relevance: .0, Instructions: 38COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b560c419c187676041c8567808eb1d9fd2a7269f0364bf8bdabe1c133cf46244
                                • Instruction ID: 3cc3f335e45bf06ffcd6aaebbe70238e39c8da8d5ae34bcffba8b3f374f6d6ce
                                • Opcode Fuzzy Hash: b560c419c187676041c8567808eb1d9fd2a7269f0364bf8bdabe1c133cf46244
                                • Instruction Fuzzy Hash: 87F062353107109FD304DB29D895F6B77AAEF89721F15406AF95A8B360CA31EC42DB90
                                Function 0587A170 Relevance: .0, Instructions: 37COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: be730b1a9795dc42abeeeeb39147a23eb8bd44867daea266f14ddaf301c346f0
                                • Instruction ID: 7e16f47dbc3e481cdb769e68609dda05725c58919a647f6d8a5f9593865fc0a3
                                • Opcode Fuzzy Hash: be730b1a9795dc42abeeeeb39147a23eb8bd44867daea266f14ddaf301c346f0
                                • Instruction Fuzzy Hash: 49F02431B082155FE31996089800B2EF7A9EBC8310F10443AE80AAB390CA76EC41C3A0
                                Function 05877B5B Relevance: .0, Instructions: 37COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: aa456801178c97a7e30cd406294a3ce8c9ffe7102f60ee44a0590f52aeca310d
                                • Instruction ID: a06ab9c1dae8b16eabfaa69031af5ff0685199d71b54edebd097f7e37f0f7a40
                                • Opcode Fuzzy Hash: aa456801178c97a7e30cd406294a3ce8c9ffe7102f60ee44a0590f52aeca310d
                                • Instruction Fuzzy Hash: 14011A7190924DDFE721CF59D495B98BBB1FB25304F6401A5E909D7251E738DD48CF10
                                Function 02E120F0 Relevance: .0, Instructions: 37COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1e9242c604aa8b6d6bf8824a9a2ae9696eba90383aa70ac5a08c4de879ecb884
                                • Instruction ID: fc23d35d2889a3b10428f35fc144c10907ad7fb1c9169635dabc69f0183acf97
                                • Opcode Fuzzy Hash: 1e9242c604aa8b6d6bf8824a9a2ae9696eba90383aa70ac5a08c4de879ecb884
                                • Instruction Fuzzy Hash: DEF0B4317441249FD714CBA9E8047DA77EAE789335F24C076DF0DC3698DB7698818B60
                                Function 05870378 Relevance: .0, Instructions: 35COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3f6b29df0e0d89f7f5c81afc47c432dd676748fcb4e3b2d5d53404dda1b14f0c
                                • Instruction ID: 8a1482140d762522d5f93033fb7a47105fa221c9cba3932c1106a33eca68d41c
                                • Opcode Fuzzy Hash: 3f6b29df0e0d89f7f5c81afc47c432dd676748fcb4e3b2d5d53404dda1b14f0c
                                • Instruction Fuzzy Hash: 37119374A012288FCB65DF24D894A9DB7F5BF48304F4094EAD409A72A0EB749F80CF00
                                Function 0578CCE9 Relevance: .0, Instructions: 35COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 08f3b608bca4572d407e417cd0adbec3ad28ef17534c756abafa3972acdca701
                                • Instruction ID: 39e5cefd6c666e862ddcafa1683e4fbb37e2cbcc3c83772091999e43802f8903
                                • Opcode Fuzzy Hash: 08f3b608bca4572d407e417cd0adbec3ad28ef17534c756abafa3972acdca701
                                • Instruction Fuzzy Hash: 28012870C05208EFCB45EFA8D5456AEBFF8BF09305F5080AA9409E7242D7305A00DB62
                                Function 05788590 Relevance: .0, Instructions: 34COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a716eb5138116c09799c4fd8c7f778f97a0b6844711ff1c93fdd6469927adfc2
                                • Instruction ID: 23c122c6ca41f878a5d58a3698bb5d454424e80423ccb3547fd87beab570ab64
                                • Opcode Fuzzy Hash: a716eb5138116c09799c4fd8c7f778f97a0b6844711ff1c93fdd6469927adfc2
                                • Instruction Fuzzy Hash: B8F06270909248AFCB41DFA8C851AADBFF4EB49310F54C4DAE858D7342C2359A12EF61
                                Function 0578CCF8 Relevance: .0, Instructions: 34COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1b2f64231729fcb37713574d02412cc1add0bc27c2b3f027d4389c9d68673c04
                                • Instruction ID: 1852cfc06c5c074d6c59966aed2dec55a7f6d13f438795a11b7ba4a280d4c5ef
                                • Opcode Fuzzy Hash: 1b2f64231729fcb37713574d02412cc1add0bc27c2b3f027d4389c9d68673c04
                                • Instruction Fuzzy Hash: 65F0C4B0D15218DFCB55EFA8D5456AEBBF8BB08305F6045AA9809E7240E7315E40DBA1
                                Function 0585F03D Relevance: .0, Instructions: 34COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c50f0728cfac402ab2f513def6caa3a21db5ef2da92af17f875cdc6dd2e2dcc3
                                • Instruction ID: 203836b43c32f899399c1606cfd6ad170c7bae68d8bb9a1749838d1ea790efbc
                                • Opcode Fuzzy Hash: c50f0728cfac402ab2f513def6caa3a21db5ef2da92af17f875cdc6dd2e2dcc3
                                • Instruction Fuzzy Hash: 1401BC71904248CFE790DF28ED89B9977B5FF05304F2042EA8846AB3A5DB346D45CF56
                                Function 0587738D Relevance: .0, Instructions: 32COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: be2ebbb6d1f8fe652f7a69b669223e91625d92d8072366cd48baf2f6c83c4f93
                                • Instruction ID: c2c56d7dce1a17d0aff957e6dd387226c0863903557c396fc23c7856b8159d06
                                • Opcode Fuzzy Hash: be2ebbb6d1f8fe652f7a69b669223e91625d92d8072366cd48baf2f6c83c4f93
                                • Instruction Fuzzy Hash: 5B014F74905259DFC750CF18D899BAC7BB6FB19301F5400EAE859E3291DB38AD89CF01
                                Function 058506F8 Relevance: .0, Instructions: 32COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7ed2a33f46245c6535a498859c774240ded473a2ea3a792de9991dc2e0243a5b
                                • Instruction ID: c541d4cded605e79c513256b50e2bc043306e3f3fa5a69cdac93ec6eb21769ba
                                • Opcode Fuzzy Hash: 7ed2a33f46245c6535a498859c774240ded473a2ea3a792de9991dc2e0243a5b
                                • Instruction Fuzzy Hash: 8FF0FE353507009FC714DB29D498D3A77AAFFC9721B1580AAF95A8B770CA71EC42DB90
                                Function 0578D758 Relevance: .0, Instructions: 31COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 66985a8be5027e00001fb5340e94280b0782ce2225bdc002168938a5d4680b81
                                • Instruction ID: f18b99deb407626f92179ee3fce4e904902f6e8016e0f29659b62948321f84dd
                                • Opcode Fuzzy Hash: 66985a8be5027e00001fb5340e94280b0782ce2225bdc002168938a5d4680b81
                                • Instruction Fuzzy Hash: 92E068A930A4615BD720281EAC81B6A8BE9FFC8B10F54013DF849CB344CC15CC0252F4
                                Function 0578DBB0 Relevance: .0, Instructions: 31COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6363a09ab04546ecce6f0fbaf95dd1358bbfce45d9026cc528cfc5c9d76c99d2
                                • Instruction ID: 87d42c1a6d78317244531724c64bab709b82deabc1d82ab5755e19b707813fb5
                                • Opcode Fuzzy Hash: 6363a09ab04546ecce6f0fbaf95dd1358bbfce45d9026cc528cfc5c9d76c99d2
                                • Instruction Fuzzy Hash: 93E065312042155BC7149A1AFC85E8BBB9EEFC0355B14C636F14A87325DEB4DC0D86D0
                                Function 02E14979 Relevance: .0, Instructions: 31COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: eb70a646d1a32b33e89af0b448eaacc261cacb81a53c51524aebb36039cf8e35
                                • Instruction ID: 646a2446d61f2a9066bf1f35a2beb098e173ba92344cb8eaa0c593deae96d791
                                • Opcode Fuzzy Hash: eb70a646d1a32b33e89af0b448eaacc261cacb81a53c51524aebb36039cf8e35
                                • Instruction Fuzzy Hash: 3EF027312441429FE3248E25F40879137E2BB86318F64C0B2E9004B2D9C7B61D82CF83
                                Function 0587AF38 Relevance: .0, Instructions: 30COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 59c314b222a4d2ecc4bc0ba45129efe0475d718dcab86a8eb198fd3c401b011c
                                • Instruction ID: 1ee10b7a081a520767b0ea6ad7608ff56d066f8623a7cc9aa1e6ad533918176e
                                • Opcode Fuzzy Hash: 59c314b222a4d2ecc4bc0ba45129efe0475d718dcab86a8eb198fd3c401b011c
                                • Instruction Fuzzy Hash: C0F0E53260051297C7199A0CD845F9B7BAADB81310F068026FD08E7242CB71FC8586D5
                                Function 05788D40 Relevance: .0, Instructions: 30COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a7c2cfa1207b4578e22df8b80118988991bf97d4e14fd7418aff41a0c7c3f8de
                                • Instruction ID: 0aa2a47d393251a34b670ce2bd40df170fcf9c17d138402f65db94e6dc208cea
                                • Opcode Fuzzy Hash: a7c2cfa1207b4578e22df8b80118988991bf97d4e14fd7418aff41a0c7c3f8de
                                • Instruction Fuzzy Hash: A0F058B4D44208AFC754DFA8D841BADBBF8AB48310F24C1A9A848D3340D6399A02DF51
                                Function 02E16FE0 Relevance: .0, Instructions: 30COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1834a7b6dbf6090b91336c64f3c59ee2617be259179589ed262e5df6b774f0ec
                                • Instruction ID: 93c743bd9eea329277d2c53a1f8f98042978e2a2a2847a60a4dc1fc8ac810a48
                                • Opcode Fuzzy Hash: 1834a7b6dbf6090b91336c64f3c59ee2617be259179589ed262e5df6b774f0ec
                                • Instruction Fuzzy Hash: 6EF0E930180208CBE320CE16E108BA276ABF788325F15D175D51B436D4C775D9C2CB40
                                Function 05857FB0 Relevance: .0, Instructions: 30COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 47f5b68107292d1859b5b5882fb656a8796caf492e8d1abdc0dcd5d03d64396c
                                • Instruction ID: a43a38fd96f608ca5a2b79d44369dae9e09e87b055a4838b82d2480224345594
                                • Opcode Fuzzy Hash: 47f5b68107292d1859b5b5882fb656a8796caf492e8d1abdc0dcd5d03d64396c
                                • Instruction Fuzzy Hash: 8EF05E32511B009BC32CCF26D445652BBE6FF49211B48852EE84BC2A60DB31E405CA44
                                Function 05879BED Relevance: .0, Instructions: 29COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8881c72a217d0523fe1436a700f1c5543d7fdf8a22efaf3cdb726a884ec3778b
                                • Instruction ID: 0ca247af3ebd481dbb08c0cbfcac1211a03ec5f987b97a1d8ddd9806e0433407
                                • Opcode Fuzzy Hash: 8881c72a217d0523fe1436a700f1c5543d7fdf8a22efaf3cdb726a884ec3778b
                                • Instruction Fuzzy Hash: E5F0586190A385AFC702DB689A617893FB4EF02208F5504EBD848E7292E93D5E089762
                                Function 0585E41F Relevance: .0, Instructions: 29COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 29962a0f12cca2e8204ab1bf5fdf870032b0e9fe27d22945169f778e503737d2
                                • Instruction ID: 5643cbf576c429f5491df14f42922ce506704d476ea57218abb7a2db135ff5b2
                                • Opcode Fuzzy Hash: 29962a0f12cca2e8204ab1bf5fdf870032b0e9fe27d22945169f778e503737d2
                                • Instruction Fuzzy Hash: 53013134A002588FD754DF28EE58A9A77F1FB88304F1085B5940AEB350C73AAD41CF81
                                Function 05879198 Relevance: .0, Instructions: 28COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7ee3a99f955e50221acb68ebbac845349b5ee9462b7a42e1c4410dd4cfc758ac
                                • Instruction ID: efbd0a9353da6416649857126a3deaa7409e64f11fafa19c145b68bc1d6440cc
                                • Opcode Fuzzy Hash: 7ee3a99f955e50221acb68ebbac845349b5ee9462b7a42e1c4410dd4cfc758ac
                                • Instruction Fuzzy Hash: 17F01C74D05208AFCBA4DFA8D9457DDBBF4EB49304F10C4A9DC08E3341D6359A12DB55
                                Function 0585CD98 Relevance: .0, Instructions: 28COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 27e5ed5f361d1a235c8be67ba869986e65b3908cb7fcd28bd5fb60d8de1c9d58
                                • Instruction ID: 3ee25599bc627dccbc1de13c35863f974c912b3556501ae88a0e8fc62d0742e2
                                • Opcode Fuzzy Hash: 27e5ed5f361d1a235c8be67ba869986e65b3908cb7fcd28bd5fb60d8de1c9d58
                                • Instruction Fuzzy Hash: 1FF01C75905108ABC744DE98D4457ADBFF8EB49325F1480A9AC48D3391DA359E42DF50
                                Function 05877575 Relevance: .0, Instructions: 27COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 03d73e707bf75a9a5a845f20e294f9ee839c7d35c9d919abfb3c610ef399559e
                                • Instruction ID: a74ab57c978840bc8c7723a1ece8eba98ca6004ad75c4e18fee7870b9001b818
                                • Opcode Fuzzy Hash: 03d73e707bf75a9a5a845f20e294f9ee839c7d35c9d919abfb3c610ef399559e
                                • Instruction Fuzzy Hash: 2701C4709015598FDB60CF69E585BACBBF2FB59310F5084AAE50AE3250DB349D84CF51
                                Function 05877414 Relevance: .0, Instructions: 27COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 575fb0311c1fe54e9979900b377ee76aa7663e72ad63d62e9b047f492f16c06b
                                • Instruction ID: d4087eec74bb75e4e71c47d4c5bd5dab6d713010a13917318d585c9ed0e56958
                                • Opcode Fuzzy Hash: 575fb0311c1fe54e9979900b377ee76aa7663e72ad63d62e9b047f492f16c06b
                                • Instruction Fuzzy Hash: 70F0A47090551A9FD724DF29D484BACBBB1FB58345F5540AAE419E3650EB389D85CF00
                                Function 05877084 Relevance: .0, Instructions: 27COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0a7b49cc979be7ad89cb69f3023f65ccd4532605378bab69dc436a956fa34070
                                • Instruction ID: 92d95f6fdaa65465a5fe269fa16cc2e23ce7285d01d7b7979aec29b924b78fc7
                                • Opcode Fuzzy Hash: 0a7b49cc979be7ad89cb69f3023f65ccd4532605378bab69dc436a956fa34070
                                • Instruction Fuzzy Hash: 99011934A015198FCB14CF55D585B9CBBF2FF59300F4040AAE909E3290DB349D84CF12
                                Function 05876280 Relevance: .0, Instructions: 27COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 28f29fb45eda1172dfcf3f50be44dfad3879a3ef48382be6d62ebe10a560a7d2
                                • Instruction ID: 1164bfac02c7f187aa1a1a8b109625dffb0baae8814331bf69fc1b319e52b7ba
                                • Opcode Fuzzy Hash: 28f29fb45eda1172dfcf3f50be44dfad3879a3ef48382be6d62ebe10a560a7d2
                                • Instruction Fuzzy Hash: 4CF08270C1924CEFCB61DFA8D4555EDBFB5EB05304F1484EADC4893242E2358950DB41
                                Function 057885A0 Relevance: .0, Instructions: 27COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 18c496597678bd8fde87aa908f9466c72e858d95e9e4aad91523342c31835a89
                                • Instruction ID: 3d23abcd8b18289b137e600a0f7d812e64c73290400ab1eea9a75aa74ecaa423
                                • Opcode Fuzzy Hash: 18c496597678bd8fde87aa908f9466c72e858d95e9e4aad91523342c31835a89
                                • Instruction Fuzzy Hash: F5F01C74D04248EFCB80DFA9D850AADBFF9AB48311F14C49AAC58D3341D6359A11EF51
                                Function 057842B9 Relevance: .0, Instructions: 27COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 91e73c0992deb2267038da1dc0d21d5345d74760fc1ba3d7ac105e3fdb0e1dc5
                                • Instruction ID: c7dd9446d1605ab6e47bb505fec8301239ba99e3091e02504b2324205c874cc3
                                • Opcode Fuzzy Hash: 91e73c0992deb2267038da1dc0d21d5345d74760fc1ba3d7ac105e3fdb0e1dc5
                                • Instruction Fuzzy Hash: 3EF03A30A44129CFDF60EF69C8447A9B7B6BB88305F5081E9A00DA3644DF744E84EF20
                                Function 058547B9 Relevance: .0, Instructions: 27COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f1e3d6df340452b37292462d9903f9f0952e822b13f58fd3d3a16ad733a3bcc5
                                • Instruction ID: b5670b539bdd7aced213e1b457eaeece26e79047cfcadaf89f3996581af12ea8
                                • Opcode Fuzzy Hash: f1e3d6df340452b37292462d9903f9f0952e822b13f58fd3d3a16ad733a3bcc5
                                • Instruction Fuzzy Hash: 30F02BB51497C05FC32343206C656E73F35EB53366B48009AE985C7193D52E5826C7B1
                                Function 058764AF Relevance: .0, Instructions: 26COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3caae8c63ce629d1cad334a0e3ba205f9b784a14dec53cf104fed9f5e7bf4f57
                                • Instruction ID: c68d6e5f63553b9749c5a1c33ca29ec825e27fc6046e07fa951972aa9cb66a04
                                • Opcode Fuzzy Hash: 3caae8c63ce629d1cad334a0e3ba205f9b784a14dec53cf104fed9f5e7bf4f57
                                • Instruction Fuzzy Hash: 58E0ED35518108AFC701CB58C800A9D7FB5AF0A22AF10C0C4E90987372D232CD96CB00
                                Function 05876FA5 Relevance: .0, Instructions: 26COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7934ccdf3b0e4dd99fa38dd0dee5e604b99daef5c50fc9ee44ad3b99f4b85e75
                                • Instruction ID: 74e3b0538bab01fd8e5780ac4dced3f08314318172c7e17cfd13a281d367e155
                                • Opcode Fuzzy Hash: 7934ccdf3b0e4dd99fa38dd0dee5e604b99daef5c50fc9ee44ad3b99f4b85e75
                                • Instruction Fuzzy Hash: 80F0B2749001188FDB60DFA5E594BACBBF1FB58300F5040AAE819A3681DB389D84DF25
                                Function 05877658 Relevance: .0, Instructions: 26COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1c3176255b51d7aa18e5595fcdb907c738e3800128f81d03eb1bd6f373e5194c
                                • Instruction ID: ab0770e9c28456b47efba9d2138cd0509836436c1215bb3697977c1911b3f975
                                • Opcode Fuzzy Hash: 1c3176255b51d7aa18e5595fcdb907c738e3800128f81d03eb1bd6f373e5194c
                                • Instruction Fuzzy Hash: 24F0C474914958CFDB20DF25E494BACBBB1FB59304F5044AAE80AA7390DB399DC8CF01
                                Function 05877AD8 Relevance: .0, Instructions: 26COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 28149e652c46402720659a715b690563add0878ff90ccd24c4d47c62d3697671
                                • Instruction ID: cec01952031d97cf7ee37e660ce6dbbc2ff2b980e8f50ee11b76022756f1f84f
                                • Opcode Fuzzy Hash: 28149e652c46402720659a715b690563add0878ff90ccd24c4d47c62d3697671
                                • Instruction Fuzzy Hash: 67F0C474905119CFEB14CF65E598BACBBB1FB58304F6001AAE409A3790DB389D84CF21
                                Function 05877231 Relevance: .0, Instructions: 26COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 46dd56b1d8cb7207f6754d584217047c73be4d95a5f8a6ccd5fe8b3e4b3abd7f
                                • Instruction ID: c9edbef92837800aa81f27014e1c359a70907ccca2bdd94c2a64e31e679fe5f9
                                • Opcode Fuzzy Hash: 46dd56b1d8cb7207f6754d584217047c73be4d95a5f8a6ccd5fe8b3e4b3abd7f
                                • Instruction Fuzzy Hash: B701427494055ACFDB64CF59D884BADBBB2FB04204F0085A5E819E3651E73599809F11
                                Function 05877A63 Relevance: .0, Instructions: 26COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0adf5d9a243f5fde589377c095e45f84ce2035c197da3914783dba6bc4b991c5
                                • Instruction ID: df7765eeee5fb542ca07ebbcfa25ab071a5b780483bce48fef78316d4c3d1e72
                                • Opcode Fuzzy Hash: 0adf5d9a243f5fde589377c095e45f84ce2035c197da3914783dba6bc4b991c5
                                • Instruction Fuzzy Hash: 26F0C474904219CFDB10DF65E888BACBBB1FB58300F5001AAE809E33A1DB389C848F11
                                Function 05782ED8 Relevance: .0, Instructions: 26COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1c5b4ce44e2b0f255601e375bcdf33597db61ccdab66d8d39389f999190f6989
                                • Instruction ID: 91246531f5a02bc81c2d175e44717c4a690aec3967de5aa1b52d051183271f8e
                                • Opcode Fuzzy Hash: 1c5b4ce44e2b0f255601e375bcdf33597db61ccdab66d8d39389f999190f6989
                                • Instruction Fuzzy Hash: 2FF06D74A04108ABC700DFA8D4457ACFBB4FF88315F1480EAD84897342C7319E42DB45
                                Function 058585D9 Relevance: .0, Instructions: 26COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b48af176c9eb87e2abc3e6a415216adba38cbaf76399f1bfb670d13d8d57bf6e
                                • Instruction ID: cc4ac87593aa869b3fe6b742d5e6bbe81f08e2be8f73780b07cace1783a327a5
                                • Opcode Fuzzy Hash: b48af176c9eb87e2abc3e6a415216adba38cbaf76399f1bfb670d13d8d57bf6e
                                • Instruction Fuzzy Hash: B5E09274909188DFC701CBA8DA516ADBBF5EB46325F1481DADC2993352C6399F02DF14
                                Function 0585B888 Relevance: .0, Instructions: 26COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 851c37537583971b447d2fb026c71874ca6d35aa3cbc81b8500cb838856baaea
                                • Instruction ID: 29f72fa11e1f60ea22d5741c2ff917792e225f4a9a736bfea73bfa25e55bb8b2
                                • Opcode Fuzzy Hash: 851c37537583971b447d2fb026c71874ca6d35aa3cbc81b8500cb838856baaea
                                • Instruction Fuzzy Hash: 2CF03930905108ABC700CEA8D9A2BD9FBB8EB85319F2080A9DC09A3340D6329E01CB84
                                Function 05BD3C75 Relevance: .0, Instructions: 26COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2064640113.0000000005BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BD0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5bd0000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d24c5dcd48461be2a04ed6ae87b677a94427bf48bed1d54ceaf7110627ded6ce
                                • Instruction ID: cc1c1e232f553f41531a94273d68f8e0e9f4754fbcc6cd7076ac95da190d0d42
                                • Opcode Fuzzy Hash: d24c5dcd48461be2a04ed6ae87b677a94427bf48bed1d54ceaf7110627ded6ce
                                • Instruction Fuzzy Hash: 4CF0FF78A02218CFC764DF15E964AD9B7B6FB9D700F1041EAE509A3790DB346E84CF50
                                Function 05877C29 Relevance: .0, Instructions: 25COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fe962054607286d39a465ee9c4a75d36bbc0fcfca893c09ea041325b572adcf5
                                • Instruction ID: 0bc13c94371860746ab0ec3f75c2331b9e5f18c5d18a212bc85f6c2134314655
                                • Opcode Fuzzy Hash: fe962054607286d39a465ee9c4a75d36bbc0fcfca893c09ea041325b572adcf5
                                • Instruction Fuzzy Hash: 24E01A74915108AFCB80DBA8D9867DDBBF4EB58315F2480A99C0DE3341EB32DE46DB51
                                Function 05877766 Relevance: .0, Instructions: 25COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fdf9b32c0080ffe077e663f22790f044f30feee36c86ac970cfbfe7cf6803233
                                • Instruction ID: ea378934ada685de126aab47dada5acf264c5245ce235db5102297bd125424be
                                • Opcode Fuzzy Hash: fdf9b32c0080ffe077e663f22790f044f30feee36c86ac970cfbfe7cf6803233
                                • Instruction Fuzzy Hash: 44F0F270A0631CCBEB64CF29D8086A8B2F6FB89344F5190A8D80DE7250E7309C40DF04
                                Function 058786B0 Relevance: .0, Instructions: 25COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7a5c78f39397f333365e3e40d674ff147415d3854ecdb67acacaaa667f7c0c9e
                                • Instruction ID: 992740cab29bb37bdba330ddadca67bcdca277ca4dbc6f7c2403dbe246600785
                                • Opcode Fuzzy Hash: 7a5c78f39397f333365e3e40d674ff147415d3854ecdb67acacaaa667f7c0c9e
                                • Instruction Fuzzy Hash: 6CF05874E09248AFCB40DFA8E95869DBBF5AB49215F14C0E9984897392D6319E01CF41
                                Function 05782600 Relevance: .0, Instructions: 25COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b048515d4320fcec1b10d76678d1610e76f90e6e8496d02aae66caf3fe236e26
                                • Instruction ID: 679751ec6eba9484fee323c9dd8b6d9b3075fc836d86948a5aa13e013d64e80f
                                • Opcode Fuzzy Hash: b048515d4320fcec1b10d76678d1610e76f90e6e8496d02aae66caf3fe236e26
                                • Instruction Fuzzy Hash: A2F06D74A49248AFC706DF64D8516A9BFB4EB42311F15C0EEC8489B393C6759D02DB92
                                Function 057840E8 Relevance: .0, Instructions: 25COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 360ef0acc9d2d3d5be29521e9f5df503774e4ccb0c16b6d5e2c84ce179a64e21
                                • Instruction ID: bfc056d848dd3f2f22d80bf738d43fa2db9826d1ca9a3d2b2dec97b790c5374d
                                • Opcode Fuzzy Hash: 360ef0acc9d2d3d5be29521e9f5df503774e4ccb0c16b6d5e2c84ce179a64e21
                                • Instruction Fuzzy Hash: BBE09274919208EBCB04EB54D8427ADFFB5EB55314F1490ADDC4427352D6329E52E780
                                Function 0578DBC0 Relevance: .0, Instructions: 25COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1a9553eae2cda2efb2ea67508655606f284a060d3dce7b2b2767833c8da356e5
                                • Instruction ID: c6efd5af7c1a4715f6297a9ab09578d6b14ad08adb19866d97dcee2c9eebaa34
                                • Opcode Fuzzy Hash: 1a9553eae2cda2efb2ea67508655606f284a060d3dce7b2b2767833c8da356e5
                                • Instruction Fuzzy Hash: 3BE01A312042065BC7149A1AF884C4BFB9EEEC0265710CA3AE14A87229DEB4ED0ED790
                                Function 057852E8 Relevance: .0, Instructions: 25COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 01811ce0c052a8b1e907ee842812cf550bcd199e0d4a2b9c944ef313f0de69e9
                                • Instruction ID: 7f5db7f5a4335b2fd27841790b665b653dcc997cdf68e765b864cf4b6301ece8
                                • Opcode Fuzzy Hash: 01811ce0c052a8b1e907ee842812cf550bcd199e0d4a2b9c944ef313f0de69e9
                                • Instruction Fuzzy Hash: 19E09234555208FBCB04DF94E881BADBBB4FF45315F1481A8EC4427352D732AE51EB85
                                Function 02E10860 Relevance: .0, Instructions: 25COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6b29332f471fc0608d00e237689552631b5ef4e48a3e86ba69b459b42846dcd6
                                • Instruction ID: 922a8c8314a9153a340a1983a1230476fd3c3a08b5d5e23348cee7c348e33cca
                                • Opcode Fuzzy Hash: 6b29332f471fc0608d00e237689552631b5ef4e48a3e86ba69b459b42846dcd6
                                • Instruction Fuzzy Hash: 11F0E53549D3C49FCB134FB4A8680983F70AE67215B0A01EBE885DA4B7C729881BC766
                                Function 0585B520 Relevance: .0, Instructions: 25COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 60601c1f54c08c4d520b45815f7ef7205521b55b9479042c99333d3348106f15
                                • Instruction ID: cb5844417e236bf9aaa8d505e928b7649d270ac267cac005e2098b5970baf16e
                                • Opcode Fuzzy Hash: 60601c1f54c08c4d520b45815f7ef7205521b55b9479042c99333d3348106f15
                                • Instruction Fuzzy Hash: 16F03974908208EFCB44CF98D850AADBFF8AB59321F14C09AEC9993381C6319E51EB50
                                Function 0585A7D8 Relevance: .0, Instructions: 25COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f8050d8071659b495eb690ecfb5e6ca8aff5e8769c2be4ecc46dd6d2610735fe
                                • Instruction ID: baecbfb6dbaea94af9060d027de15005cae96b7a560aa882366c5c88a1a7ce45
                                • Opcode Fuzzy Hash: f8050d8071659b495eb690ecfb5e6ca8aff5e8769c2be4ecc46dd6d2610735fe
                                • Instruction Fuzzy Hash: 63E09234905108EBC708CA58D892BAABB78EB81315F148198DC0967340DA319D02DB90
                                Function 058582D8 Relevance: .0, Instructions: 25COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 81430c406c3ad62307184b95bbbcc15986ac429b31fa3016a2be3b0da72151d4
                                • Instruction ID: 4eb03c2be16b70591aa52f4e62879133038a5a758c805a2d61f113e95ef028b6
                                • Opcode Fuzzy Hash: 81430c406c3ad62307184b95bbbcc15986ac429b31fa3016a2be3b0da72151d4
                                • Instruction Fuzzy Hash: 29E01AB1915208EFC754DEB8D8457DDBBB9AB04A29F6040A9DC48E2350E731AA50CB41
                                Function 05879C48 Relevance: .0, Instructions: 24COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4b3d7cf36f081d5bf3fbe7e8a06724d3872f0103fe976a96c99c4e2329fa0d10
                                • Instruction ID: fc2601f5df2a777c475c23e387a96afd35836a760fa99bb69a4d5884d63e6398
                                • Opcode Fuzzy Hash: 4b3d7cf36f081d5bf3fbe7e8a06724d3872f0103fe976a96c99c4e2329fa0d10
                                • Instruction Fuzzy Hash: F3E0DF30A01208EBCB00DFA0DD86BEEB7F9EB54200F404469E808EB244EE395E01A7A0
                                Function 0587088B Relevance: .0, Instructions: 24COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 55bd2dbc80fdad2800435a97551bc9fba7b6415fe468338b4fc433d283935ac5
                                • Instruction ID: 150c858c67baba174b57a72e797e65bbe8ed7b76fcf809acc08c73170fb1d5be
                                • Opcode Fuzzy Hash: 55bd2dbc80fdad2800435a97551bc9fba7b6415fe468338b4fc433d283935ac5
                                • Instruction Fuzzy Hash: C0F0A4B491822CCFDB25DF28D958799BBB5BB04304F0045E9D84AA7294CB759E81CF51
                                Function 05783F38 Relevance: .0, Instructions: 24COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1fcefc72a27e43169e6a1f5ac3b0f5177aee6948e4f79c80414dd20aa6d7c1a6
                                • Instruction ID: f0eebf0894e159dcadf90e5dcab6ccd9d03f8e9990beb38a207c81e79a04b1b1
                                • Opcode Fuzzy Hash: 1fcefc72a27e43169e6a1f5ac3b0f5177aee6948e4f79c80414dd20aa6d7c1a6
                                • Instruction Fuzzy Hash: 8BE0DF78908108EBC700EF9CD8817ADBBB4FB45305F148498D8086B381DB32AD12EB80
                                Function 0578BF18 Relevance: .0, Instructions: 24COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1b2c4da3eab8e790326b951b0379dda7f6f0ac89405242a285da18c7a2d96532
                                • Instruction ID: 6e95006263786d2fb3118cefb1473c33e57209ea224f94fc3db8ecde9dfea0b7
                                • Opcode Fuzzy Hash: 1b2c4da3eab8e790326b951b0379dda7f6f0ac89405242a285da18c7a2d96532
                                • Instruction Fuzzy Hash: 10F0A0306542048FC314CF24E544A6637B3FF8E314F2580B6E809872B6C3799C05CE10
                                Function 0578AFB8 Relevance: .0, Instructions: 24COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fe01169857f5455eaf00c7224cd850a6f11590ba969f9b03484afc39fb93dcca
                                • Instruction ID: b4f5eadd286d450411f35f2e9e6e2e45f116b4f0423db30e87db8ef6c8ba24b3
                                • Opcode Fuzzy Hash: fe01169857f5455eaf00c7224cd850a6f11590ba969f9b03484afc39fb93dcca
                                • Instruction Fuzzy Hash: 91E0D8B4955109AFC704DF78D84A7DC7BF8A704331F0000A9A808E2341EA348A50DB00
                                Function 0585BD68 Relevance: .0, Instructions: 24COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e43400ae909dd85051556e5507b1b9112ff9d2cf864bd02e8a5a3d03900c34b5
                                • Instruction ID: 0f29216feb0284c914ef75f547c39ada7129e6542582e2dafe73367e2d81256c
                                • Opcode Fuzzy Hash: e43400ae909dd85051556e5507b1b9112ff9d2cf864bd02e8a5a3d03900c34b5
                                • Instruction Fuzzy Hash: E5E09A7090620CEFC750DFA8C4407ADBBB6EB04216F2085A89C0993340E7319E50CB81
                                Function 0587E458 Relevance: .0, Instructions: 23COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ef1754c42cda6a7bf0c5bd5574fa2ec22bdce8fbc17ef162c5f8a8185ddb548f
                                • Instruction ID: 77035621592c93c8d889b99295911d4473d0c80cea8643ddaf5a91cbc5dacf6a
                                • Opcode Fuzzy Hash: ef1754c42cda6a7bf0c5bd5574fa2ec22bdce8fbc17ef162c5f8a8185ddb548f
                                • Instruction Fuzzy Hash: F5E0863075030C5BCB24A57C4845B6637DEAF45629F6008A99E0AEF280DD61EC418396
                                Function 0587D9B8 Relevance: .0, Instructions: 23COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d8fd92491ed60d6e58c12a0f6a81b2028a239a624ed5bf9085ee9b01bcb00167
                                • Instruction ID: d7c161b096e1b1b2b0d16d6a85499f3a433fd5f4bf69c2555640ce78ab6366c4
                                • Opcode Fuzzy Hash: d8fd92491ed60d6e58c12a0f6a81b2028a239a624ed5bf9085ee9b01bcb00167
                                • Instruction Fuzzy Hash: D2E0DFB27094409FC709CA58E8599A63BA9AF8421230900ABFC07C7A72CA24CC16D7A0
                                Function 05879090 Relevance: .0, Instructions: 23COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 760516f6b5f82b92ba8d230c31739a0f5ac940219c8c4bee4e435c6fc792b4d4
                                • Instruction ID: 207bfc55470d46a968f6d7ce38d490deb1646211684117872e5f206893ea0869
                                • Opcode Fuzzy Hash: 760516f6b5f82b92ba8d230c31739a0f5ac940219c8c4bee4e435c6fc792b4d4
                                • Instruction Fuzzy Hash: 9FE0DFB085A24C9FCB11DBB8D8012ACBFB5AB02306F9041E8E80857341C6318E44CF42
                                Function 05876019 Relevance: .0, Instructions: 23COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e61ca30d95aaf9e1d1973afec18c1ec0d7c10cb80c71c22d2cdf4c74f1087815
                                • Instruction ID: 0c5f5499eccd1e0113af2db52604001f4e5dfc0e9779f09e3dc7209d11c8bd43
                                • Opcode Fuzzy Hash: e61ca30d95aaf9e1d1973afec18c1ec0d7c10cb80c71c22d2cdf4c74f1087815
                                • Instruction Fuzzy Hash: 36E06D70C5A28C9FCB51CBB894496ACBFB0EB06211F1481EACC49E3252E6384908DB01
                                Function 0585CCC9 Relevance: .0, Instructions: 23COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0b9b65e27355a42e11d099e8d97660049c62d1f99386f290b21bb8e7f34deeab
                                • Instruction ID: d25c2ed7f27db84faf990ff6c7c06001a9ba0ffdd1b741e8ed44ae7bae737fdf
                                • Opcode Fuzzy Hash: 0b9b65e27355a42e11d099e8d97660049c62d1f99386f290b21bb8e7f34deeab
                                • Instruction Fuzzy Hash: 38E04F70C5524C9FC744DFB8D94579DBAF8E708222F1440A98C09E22A0E6745E81CB51
                                Function 05859B70 Relevance: .0, Instructions: 23COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b5b350d5da60f97873dee5ec4af022927d5aa2eea4863b09789d870a18b67819
                                • Instruction ID: a98c80ca1340b4095d5cc87fdaac7fdc1b3cc3f374e9668f91b9178a5ce6146d
                                • Opcode Fuzzy Hash: b5b350d5da60f97873dee5ec4af022927d5aa2eea4863b09789d870a18b67819
                                • Instruction Fuzzy Hash: 2AE0CD34455014EBD304C658D951BE9B76DDF42615F14809CAC0C97351D5339E11D751
                                Function 05BE95E0 Relevance: .0, Instructions: 23COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2064640113.0000000005BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BD0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5bd0000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0594ac64a6eaaeb8912632d937e8d767a5fcd784bb3c14204916dab84f5bb02d
                                • Instruction ID: aba10da2b533cc0c7d2c263d0b412719a442b79205d7c7ecd632a55432698e1d
                                • Opcode Fuzzy Hash: 0594ac64a6eaaeb8912632d937e8d767a5fcd784bb3c14204916dab84f5bb02d
                                • Instruction Fuzzy Hash: 84E0C974D05208EFCB54DFA8D541A9CFBF5EB48310F14C0AA9C1993351D731AA55DF40
                                Function 05BE5508 Relevance: .0, Instructions: 23COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2064640113.0000000005BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BD0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5bd0000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0594ac64a6eaaeb8912632d937e8d767a5fcd784bb3c14204916dab84f5bb02d
                                • Instruction ID: 288596035c4a0ec4faaa1b0405249ae74452afff3efd753ac1d836aedf18d7fe
                                • Opcode Fuzzy Hash: 0594ac64a6eaaeb8912632d937e8d767a5fcd784bb3c14204916dab84f5bb02d
                                • Instruction Fuzzy Hash: 37E0C974D05208EFCB54DFA8D54069CFBF5EB48315F14C0A9980993351D731AA52DF41
                                Function 05BEC168 Relevance: .0, Instructions: 23COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2064640113.0000000005BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BD0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5bd0000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0594ac64a6eaaeb8912632d937e8d767a5fcd784bb3c14204916dab84f5bb02d
                                • Instruction ID: 5d2e19ecfab0ff5ad2e0f45081a180d48d5dd82291f49574bc86b3ac9bf934d1
                                • Opcode Fuzzy Hash: 0594ac64a6eaaeb8912632d937e8d767a5fcd784bb3c14204916dab84f5bb02d
                                • Instruction Fuzzy Hash: BBE0C974D09208EFCB44DFA8D94169CFBF5EB48311F14C1AA980993351D732AE51DF85
                                Function 05BD54D5 Relevance: .0, Instructions: 23COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2064640113.0000000005BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BD0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5bd0000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 121ddfdf9ca7c9244c154aabcc8dbc7e274a85a5e9d84a3993bf76efef1a2550
                                • Instruction ID: e4fcbd8b31a5da1fd828e36cf2192a9ac3aecb0f4514009c9b40510fe9d5ced1
                                • Opcode Fuzzy Hash: 121ddfdf9ca7c9244c154aabcc8dbc7e274a85a5e9d84a3993bf76efef1a2550
                                • Instruction Fuzzy Hash: 7CF03034A0122A8FD768DF54C954EAAB7B1FB9D300F6040E9A519A3750DA786F848F11
                                Function 05BEACC0 Relevance: .0, Instructions: 23COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2064640113.0000000005BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BD0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5bd0000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0594ac64a6eaaeb8912632d937e8d767a5fcd784bb3c14204916dab84f5bb02d
                                • Instruction ID: c0af691cef0413477007fadcb05e85fd2cd1bbcf3355e81090718d3a7ec999d6
                                • Opcode Fuzzy Hash: 0594ac64a6eaaeb8912632d937e8d767a5fcd784bb3c14204916dab84f5bb02d
                                • Instruction Fuzzy Hash: 93E0A574D05208AFCB44DFA8D9446ACBBF5EB48310F14C0A99818A3351D631AE51DB80
                                Function 058786C0 Relevance: .0, Instructions: 22COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7d5d9db7e71433870fdfdc368a7ee4de6f7e4659c16dfd1651f82105f0788cc1
                                • Instruction ID: 5be5a4495720bbef4b9e8fbf246b59777359b011585a01f3b350a7f2c53cdbb6
                                • Opcode Fuzzy Hash: 7d5d9db7e71433870fdfdc368a7ee4de6f7e4659c16dfd1651f82105f0788cc1
                                • Instruction Fuzzy Hash: 34E0C274E09208AFCB84DFA8D5486ACBBF5BB48214F10C0A99818A3351D6319E01DF40
                                Function 058791A8 Relevance: .0, Instructions: 22COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7d5d9db7e71433870fdfdc368a7ee4de6f7e4659c16dfd1651f82105f0788cc1
                                • Instruction ID: 9b8169523087d02d460466b33e84f9be178c5a84937864b308e7bfc97f552799
                                • Opcode Fuzzy Hash: 7d5d9db7e71433870fdfdc368a7ee4de6f7e4659c16dfd1651f82105f0788cc1
                                • Instruction Fuzzy Hash: FDE0C274E05208AFCB84EFA8D5446ACBBF4EB49214F10C4AAD80893341D6359E12DB40
                                Function 0587D9C8 Relevance: .0, Instructions: 22COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e160a4b3ac29feff5af6685b94794c74950ec5ad1fb947b82b8826ce138c1f15
                                • Instruction ID: 1909c1aadb90e897f1357e1bafc3c4c3af598f4c9056f32be048adfe5bba2690
                                • Opcode Fuzzy Hash: e160a4b3ac29feff5af6685b94794c74950ec5ad1fb947b82b8826ce138c1f15
                                • Instruction Fuzzy Hash: 47E0B6323054189B8718DA9AE445D6A77AAFFC962131940AAF50AC7720CA71DC11D790
                                Function 05876290 Relevance: .0, Instructions: 22COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f5eadc5d43b306056fafc0fe575def06963ee56ca0ec0d8c8672d42760c94421
                                • Instruction ID: 3bf2e68b51d7184a33abbb09f89fbac7cbc33d20bf669d6b8392e4a9fb266f0c
                                • Opcode Fuzzy Hash: f5eadc5d43b306056fafc0fe575def06963ee56ca0ec0d8c8672d42760c94421
                                • Instruction Fuzzy Hash: 27E0E570D1520CEFCB94DFA9D4006ADBBB5EB48305F50C0AA9C08A3350E6359E51EF81
                                Function 05782251 Relevance: .0, Instructions: 22COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 07ff25bd258021526c2eab44ae8bfc6079c0a6dae0fcc91c5d98b2f062a7ef77
                                • Instruction ID: 045e5fcfba2eac468e927944b4839fd5628906e9bb4e0a585cd12ec048b7d141
                                • Opcode Fuzzy Hash: 07ff25bd258021526c2eab44ae8bfc6079c0a6dae0fcc91c5d98b2f062a7ef77
                                • Instruction Fuzzy Hash: 3DE0C234149004EFC700EA98E811BBCB7A8EB46319F158499984857792CA32AD81E782
                                Function 0585CDA8 Relevance: .0, Instructions: 22COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6b022f2bb1ed05f057a83a789e1c3574b5a439422eeb14c8bd2b6d1671e11e3f
                                • Instruction ID: 00b2bef03ee2173e3ce2da76ae025a0c109c0117dabd0f40235ff6527ed00040
                                • Opcode Fuzzy Hash: 6b022f2bb1ed05f057a83a789e1c3574b5a439422eeb14c8bd2b6d1671e11e3f
                                • Instruction Fuzzy Hash: 41E0E5B5909208AFC744DF98D541AACFFB8AB48311F10C0AAAC48D7381DA319E51EF90
                                Function 0585AF40 Relevance: .0, Instructions: 22COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ea5befcb849278c2afc74e6c42bd9d35813ede9fb17dc20547314ec0186fca4f
                                • Instruction ID: 37987dce080276093fd478bf50db3d258cbe3df09359010a4b1002a756122e84
                                • Opcode Fuzzy Hash: ea5befcb849278c2afc74e6c42bd9d35813ede9fb17dc20547314ec0186fca4f
                                • Instruction Fuzzy Hash: 59E0C2B4E05208EFCB84DFA8D5806ACBBF4AB48315F10C1A9AC1893341D6329E01DB40
                                Function 0585FE18 Relevance: .0, Instructions: 22COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6f7eef3919cb7ded2c821bf5849c4e1e348e5daa440bfd5cd6e65dd573031b0b
                                • Instruction ID: f755d8e85018aee88f899c5c887f7b960d83e0313deeab6fb10ff92de5636ebd
                                • Opcode Fuzzy Hash: 6f7eef3919cb7ded2c821bf5849c4e1e348e5daa440bfd5cd6e65dd573031b0b
                                • Instruction Fuzzy Hash: 8CE06D74508144CFC755CB98C999BA9BBF0AF06229F1841EDCE998B3A3D3325D42CB52
                                Function 05BEDC40 Relevance: .0, Instructions: 22COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2064640113.0000000005BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BD0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5bd0000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 067a7bdd1acb91d7568f97a20ddd078afb16911040b0071a687933da549434b8
                                • Instruction ID: ee9aa41da7842995d3ab4f76e30ac45809ee609855f2945c87f3de9ecd5098af
                                • Opcode Fuzzy Hash: 067a7bdd1acb91d7568f97a20ddd078afb16911040b0071a687933da549434b8
                                • Instruction Fuzzy Hash: B0E04F70D492089FC754EFB8D54429DBFB5EB49611F5041EEA849A3350D7706E44CB51
                                Function 0587AD10 Relevance: .0, Instructions: 21COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 82cd1dc810306dc5559fa5e6ddeee6eb12a734f44bd3d5f859bc89f8dad1d39a
                                • Instruction ID: 799ed566203244705b5286b1ce813611b917b6af25832ba3f385a50b990274d2
                                • Opcode Fuzzy Hash: 82cd1dc810306dc5559fa5e6ddeee6eb12a734f44bd3d5f859bc89f8dad1d39a
                                • Instruction Fuzzy Hash: E8E0C2373040488BDB10CA3CF881FAAB7B5EB96371B20427AF194C72A0C212CC018AA0
                                Function 0578F231 Relevance: .0, Instructions: 21COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e2e74fc344aa37ebd42094d5e4cce58f088dbd9e18061a2328124eabcf146164
                                • Instruction ID: fd7a2a56f34fb06db948750b4fa32a2b5706319f4eafeca29ceaa2688cead843
                                • Opcode Fuzzy Hash: e2e74fc344aa37ebd42094d5e4cce58f088dbd9e18061a2328124eabcf146164
                                • Instruction Fuzzy Hash: A8D017327155210BDB15D62EAD62BEB37EADF8C618B144626E849C2308EE24DD0586D0
                                Function 05BEEE78 Relevance: .0, Instructions: 21COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2064640113.0000000005BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BD0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5bd0000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 435fb41c6c17f0ff9282f878df7fea5e02a501e12964ab0dc854b0529d5139b9
                                • Instruction ID: 0a53441f82d6226c47e524d9f4acbae12d8d80b815fe84a7343f1007c3fd6695
                                • Opcode Fuzzy Hash: 435fb41c6c17f0ff9282f878df7fea5e02a501e12964ab0dc854b0529d5139b9
                                • Instruction Fuzzy Hash: 01E04F74909108ABC754DF98E5409ADBFB9AB49311F14C0D9D84857341C732AE51DB90
                                Function 058775EE Relevance: .0, Instructions: 20COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 42da9c1e9cf001147680c59009fbcdcf42aa1e40a748ed48efd18912ee807c64
                                • Instruction ID: e122f63bacf9296949cfe128e36713bf224e9a24ea6d8b60ffeea7d3c5f86120
                                • Opcode Fuzzy Hash: 42da9c1e9cf001147680c59009fbcdcf42aa1e40a748ed48efd18912ee807c64
                                • Instruction Fuzzy Hash: B4F0D474A055298FD750EF68C9847D8B7B2FBAC300F1042EAD449A7390DB345D88CF10
                                Function 05877C38 Relevance: .0, Instructions: 20COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8dc9056d36b33b1198f53c10aca82a44d1ee311dc6664506a4838d9f8e859856
                                • Instruction ID: deba0ff32d460c71d748c59e9e46a980dfb5ca01327fd5e1e7c56663401cd3a5
                                • Opcode Fuzzy Hash: 8dc9056d36b33b1198f53c10aca82a44d1ee311dc6664506a4838d9f8e859856
                                • Instruction Fuzzy Hash: CFE0467091520CEFCB80DFA8D5456ACBBF4EB48215F2080E98C0CD3341E6329E41DB41
                                Function 0587729B Relevance: .0, Instructions: 20COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c03454a4c12db13e40ec0b13bd1a9897b9c1fef336b8ad85501141ed584549e6
                                • Instruction ID: be80271937f729a954d6b676346127d9bcd94bef6c5d674a33087aa1637d8a57
                                • Opcode Fuzzy Hash: c03454a4c12db13e40ec0b13bd1a9897b9c1fef336b8ad85501141ed584549e6
                                • Instruction Fuzzy Hash: 2BE0C270A05509DFE704DF8AE094AACBBB2FB95354F54407AF812E72A0DB399C85CF00
                                Function 0578AF80 Relevance: .0, Instructions: 20COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 275bf31cf9ced218bd130a02843c6cebb0a6fccaef4894e91fc812c888462042
                                • Instruction ID: ec4eeb2836b33aa78b61bb18b49d6ad9c58a7aaa2bc90ae516057d7efa9662d9
                                • Opcode Fuzzy Hash: 275bf31cf9ced218bd130a02843c6cebb0a6fccaef4894e91fc812c888462042
                                • Instruction Fuzzy Hash: B7E046B4955208DFC780EFA8D544AACBFF4AB08321F1040EAE80893361E630DE40DB41
                                Function 057852F8 Relevance: .0, Instructions: 20COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f89ad6ace938f81ce8f3f8bc4f77307448d96316919714732a810b9c3f179aa1
                                • Instruction ID: b0ef82e2b5348bf3317c4737d7507df981b824c79a9bc1543a3da5fee5230466
                                • Opcode Fuzzy Hash: f89ad6ace938f81ce8f3f8bc4f77307448d96316919714732a810b9c3f179aa1
                                • Instruction Fuzzy Hash: 58E08C74959208EBCB04EFA8E9409ACFFB9EB45315F10C0A9EC0823351D6729E52EB80
                                Function 02E17303 Relevance: .0, Instructions: 20COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 751331d0ca534d63ee7970a4b557fc05ec8c81adf3994c6f99074326b2a998c8
                                • Instruction ID: b36cf9c3ec5d26fa1ec451736f4cfce25c05743fc36a99f3e7e6451a931c7127
                                • Opcode Fuzzy Hash: 751331d0ca534d63ee7970a4b557fc05ec8c81adf3994c6f99074326b2a998c8
                                • Instruction Fuzzy Hash: 6FE0BD2154D3C04FC717477808B80A43F72ED932283AE08CFC4C58E4B3C11A1A6BD766
                                Function 058585E8 Relevance: .0, Instructions: 20COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 317925c6a63810c9f17ca74ba917bb134be1f311e190be7933ed4711eed9c9c6
                                • Instruction ID: e0e9c86294c5ae2bcb213991f0e2f35698fcd07c72e4651e4bde199bac0fc019
                                • Opcode Fuzzy Hash: 317925c6a63810c9f17ca74ba917bb134be1f311e190be7933ed4711eed9c9c6
                                • Instruction Fuzzy Hash: 48E01A74D09108EFC704DF98D5555ACFBF4AB48215F20C0EADC4893341C6319E05DF44
                                Function 05858BC0 Relevance: .0, Instructions: 20COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6f00608b9a4ec2af01ae0d31ae06c81e32df2d9c4604475192afc477fe79d3b8
                                • Instruction ID: 6a532f14ac4899dffbb90421e7ce297829a97efa8c6c7d69e5fbfaedba63092f
                                • Opcode Fuzzy Hash: 6f00608b9a4ec2af01ae0d31ae06c81e32df2d9c4604475192afc477fe79d3b8
                                • Instruction Fuzzy Hash: 1CE0C2B590D1048FD310CA94D6616ECBB38AB4232AB2484CE9C0897352CA368E03CB01
                                Function 0585FE28 Relevance: .0, Instructions: 20COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 970dbf2afdaaf58ba2c4517e59a3b028343f9a89f5a32b8a369a2d11d7699a9b
                                • Instruction ID: 75cf672558a3a9f047f25db6ee3babaa237152371cb9b532c787d9caca97a844
                                • Opcode Fuzzy Hash: 970dbf2afdaaf58ba2c4517e59a3b028343f9a89f5a32b8a369a2d11d7699a9b
                                • Instruction Fuzzy Hash: 78E046B4A15208EFC780DFA8D5496ACBBF4AB08225F2080AD8D48D7342E7329E41CB81
                                Function 05BEAFB0 Relevance: .0, Instructions: 20COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2064640113.0000000005BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BD0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5bd0000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: dcdd5ab05fe30c86e682948e98ff01b8397c455cd228a6f7edf899ce4d047860
                                • Instruction ID: 846f5a2966ab49241a35606ba24a04b2ff975858980752f511add5a729a1ab08
                                • Opcode Fuzzy Hash: dcdd5ab05fe30c86e682948e98ff01b8397c455cd228a6f7edf899ce4d047860
                                • Instruction Fuzzy Hash: FAE01A74D09108AFC704DB99D5445ACFBB9EF48311F14C1E9985993341C735AA01DB84
                                Function 05BE7F58 Relevance: .0, Instructions: 20COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2064640113.0000000005BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BD0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5bd0000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: dcdd5ab05fe30c86e682948e98ff01b8397c455cd228a6f7edf899ce4d047860
                                • Instruction ID: 2c00d0d87dc59e41240ab9c843276ae957d758278c20b0f665fce2f128570921
                                • Opcode Fuzzy Hash: dcdd5ab05fe30c86e682948e98ff01b8397c455cd228a6f7edf899ce4d047860
                                • Instruction Fuzzy Hash: 16E01A74D09148AFC704DFA8D5405ACFBB4EB48311F14C1E9D84853351CA31AA02DB80
                                Function 05878E4D Relevance: .0, Instructions: 19COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c1e81e20826f7c125c815bd9ecc66d60ec71aadc030632a8c339ae62aa216cfd
                                • Instruction ID: 5303a640f7e4f36f4423ada7841fa534bb9194c3fd16b757c750d36375ab783d
                                • Opcode Fuzzy Hash: c1e81e20826f7c125c815bd9ecc66d60ec71aadc030632a8c339ae62aa216cfd
                                • Instruction Fuzzy Hash: 8FF0A570E0220CCFDB50CF99D849B98BBF2BB45310F1481A5E408E3210D7309D85CF04
                                Function 05876028 Relevance: .0, Instructions: 19COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 01b196a4711ac3c5107d27145fdcb0852b4c1fbc881e7ddd4439155b07a08056
                                • Instruction ID: 0f5667407d0f47fc95aaeb76656357efdffe2bfccaeb82ae8194370d56c9c359
                                • Opcode Fuzzy Hash: 01b196a4711ac3c5107d27145fdcb0852b4c1fbc881e7ddd4439155b07a08056
                                • Instruction Fuzzy Hash: CDE0EC7091620CDFC750DFA8D54A6ADBFB8EB05212F1040A9DC09E3250EA309E54DB51
                                Function 05783F48 Relevance: .0, Instructions: 19COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 462175d8739cd1eb0e746e6fb097f02793d820a7a96cbd66d12c54dd1ce19adf
                                • Instruction ID: c53f1161e2f1a60946a39dba93e446152b33af6c3fa6351adb0fb20717bc5a85
                                • Opcode Fuzzy Hash: 462175d8739cd1eb0e746e6fb097f02793d820a7a96cbd66d12c54dd1ce19adf
                                • Instruction Fuzzy Hash: 7FE08C74909108EBC704EF9CE9405ACBBB8AB45311F108098980827341DA329E02EB80
                                Function 0578BF28 Relevance: .0, Instructions: 19COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 035e01ec441aa98a2b48d4432368053847a3f7db51b1c337550f28aa633404f1
                                • Instruction ID: f6d0c606eeec167e23a2cd804df4026dfca590c1d00bbf4612deb853de48d5e2
                                • Opcode Fuzzy Hash: 035e01ec441aa98a2b48d4432368053847a3f7db51b1c337550f28aa633404f1
                                • Instruction Fuzzy Hash: 5DE01270260208CFC320DF69E144A2233A3FB8C314F2680A2E90E476B9CB39AC45DE00
                                Function 02E1C3C8 Relevance: .0, Instructions: 19COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: aa6888167607c1d95e5827dcffda97c3c999d6150ab9a2452c0f3235a02ddad9
                                • Instruction ID: ddf918d4439899de50c30543d3f8c701d7da00adf25a5109f4952f4af9a867f6
                                • Opcode Fuzzy Hash: aa6888167607c1d95e5827dcffda97c3c999d6150ab9a2452c0f3235a02ddad9
                                • Instruction Fuzzy Hash: 25E0C270481108DFC700EFB4DA0869EBBBCEB49205F0045E6D408A3160EB715E00DBA2
                                Function 0585CCD8 Relevance: .0, Instructions: 19COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4ef50a553b4bca9c9069686fbecdc825a404db27c23f8646829f3302fc5ac22e
                                • Instruction ID: 13594b30203a43b71acc1b736002209e39b7f3efc888bf8e9ca74e5b3bce72ec
                                • Opcode Fuzzy Hash: 4ef50a553b4bca9c9069686fbecdc825a404db27c23f8646829f3302fc5ac22e
                                • Instruction Fuzzy Hash: D1E01270D5920CDFC740DFBCD54569DBBF4AB04211F1040E98C08E3251E7305E50DB41
                                Function 0585A7E8 Relevance: .0, Instructions: 19COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1348fbe5a23d4fdb98a30282f0eee0c355041a0ee726c8cff4910a05994ad19c
                                • Instruction ID: 7880e0e0cea7f9995dee57a4a842fec36c725e4012252627dc00bb3b8946de31
                                • Opcode Fuzzy Hash: 1348fbe5a23d4fdb98a30282f0eee0c355041a0ee726c8cff4910a05994ad19c
                                • Instruction Fuzzy Hash: 9EE08C34909108DBC708DF98E5825ACFBB8FB45326F10C198CC0863341CB32AE02DB80
                                Function 058582E8 Relevance: .0, Instructions: 19COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fd352cfbcbbdea3afbdab14a5e87cbcb0872b08c9152065161cf71e57b3ce755
                                • Instruction ID: 054bf427fe8481f2c1e1cfca01427505b39a934f507c777285f8a04c7902ddab
                                • Opcode Fuzzy Hash: fd352cfbcbbdea3afbdab14a5e87cbcb0872b08c9152065161cf71e57b3ce755
                                • Instruction Fuzzy Hash: 19E0EC70919208DFC754EFF8D5446ACBFB5AB0461AF6040E9CD08D6350E7319E50DB41
                                Function 05BEAA98 Relevance: .0, Instructions: 19COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2064640113.0000000005BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BD0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5bd0000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 74a0a4aa3b19d851a37923f8f64ca9fabd1f3c200c6f5d569eccc35cadd07fe2
                                • Instruction ID: 890bf49698fcba11335f2001057a020f9c86b94f9bc3d18effe3a6a594606ed4
                                • Opcode Fuzzy Hash: 74a0a4aa3b19d851a37923f8f64ca9fabd1f3c200c6f5d569eccc35cadd07fe2
                                • Instruction Fuzzy Hash: 7CE0EC70956208DFC750DFA8D54A6ACBFB8AB05311F5051E9984993390EB706A94DB41
                                Function 05BED080 Relevance: .0, Instructions: 19COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2064640113.0000000005BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BD0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5bd0000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9f9ba9b5ecc35c350f4769b05a166a0d495bdd456b497b97c7782758b787216e
                                • Instruction ID: d816c26d6d0daeef955ebe101c534a6361c6038dfb8d153c1711719f8f3e4a64
                                • Opcode Fuzzy Hash: 9f9ba9b5ecc35c350f4769b05a166a0d495bdd456b497b97c7782758b787216e
                                • Instruction Fuzzy Hash: 12E08C34909108DFC705DFA8E5506ACFBB4EB85311F5890DC880813342C772AE02DB80
                                Function 05BE92D0 Relevance: .0, Instructions: 19COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2064640113.0000000005BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BD0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5bd0000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4737272973f7a5c5e9e9484504b173fed46188156c07906042e26af1d87c224d
                                • Instruction ID: 3c6cce2242d6d704927d52be803e2a5ff27c417b5c3a086d3200aa3f6a6fc2c3
                                • Opcode Fuzzy Hash: 4737272973f7a5c5e9e9484504b173fed46188156c07906042e26af1d87c224d
                                • Instruction Fuzzy Hash: 7EE0C270481108DFCB01EBF485046AE7BF9EB05200F0080E5D40893150EE315A00DBA2
                                Function 05879C58 Relevance: .0, Instructions: 18COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3aee53f37a80fe8ab7a94e4c461719518fa8985fb3207020f37f88393f634286
                                • Instruction ID: efe9ed8f32b3150c6949b93e78d6f4cbd399c4992f858951f8a442e05e06f240
                                • Opcode Fuzzy Hash: 3aee53f37a80fe8ab7a94e4c461719518fa8985fb3207020f37f88393f634286
                                • Instruction Fuzzy Hash: BCE0C230E00208EFCB00DFF5E941A6DB7B9EF85200F5085A9E808E7240EE3A5E00A790
                                Function 0578AFC8 Relevance: .0, Instructions: 18COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 63be6d6172c917f08ba01e8a88bf936819c56d3978851216941818e8413b9f50
                                • Instruction ID: d4f4844743bdd4cf62a05b2f0b0e4b0371ca1e30613621eec12d23be57d52bfc
                                • Opcode Fuzzy Hash: 63be6d6172c917f08ba01e8a88bf936819c56d3978851216941818e8413b9f50
                                • Instruction Fuzzy Hash: 91E012B4D55208DFC754EFA8D5456ACBFF4AB04316F1040AAD809D3350E6319A54EB41
                                Function 02E14DC0 Relevance: .0, Instructions: 18COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 088d10e671d877836bdd4373019fe303ca87cdc4c2f54d4bd3dbb9cbf4c03e57
                                • Instruction ID: afa3ec2a3cb51f38e65b0181f483cea526b52237702a188fbbe2b9c2cccd7f3f
                                • Opcode Fuzzy Hash: 088d10e671d877836bdd4373019fe303ca87cdc4c2f54d4bd3dbb9cbf4c03e57
                                • Instruction Fuzzy Hash: A4D05E30784245CFEF209D37B405B673297FB86326FA6E474F509823D8E77595528A01
                                Function 05879C10 Relevance: .0, Instructions: 17COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b83455b8d8e7b12ec7f8ddaff6a9419f83e9778c8e06817493ce604739825074
                                • Instruction ID: 6ec389c370e9f856be134a11c45600f19b22e2185889961423e9fbe6ec7e653a
                                • Opcode Fuzzy Hash: b83455b8d8e7b12ec7f8ddaff6a9419f83e9778c8e06817493ce604739825074
                                • Instruction Fuzzy Hash: 6AE0EC70A01209EFCB04DFA8E64165DB7B9EB44204F5049A9D40DE3745EA3A5E049791
                                Function 058777EB Relevance: .0, Instructions: 17COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: be1fd88f6d01a647b66167defc28375862403663053e2dddd7434268b902c7e2
                                • Instruction ID: 220b2891cee97f3b70e6ccd09c8bb0725eda1849fc6a843235fba4b9096689c1
                                • Opcode Fuzzy Hash: be1fd88f6d01a647b66167defc28375862403663053e2dddd7434268b902c7e2
                                • Instruction Fuzzy Hash: 63E06575A06158CFE714DF24CD69B9CBB71FB88301F0041EAA809A7390EA345E84CF20
                                Function 058779B5 Relevance: .0, Instructions: 17COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 871e4bdcdf9eefe61b9ac40fb3e686425abc04d3338df5ef78b030c6cf6ad069
                                • Instruction ID: 338a2b4b88c07f1bc0437dd63f4c6802ebdf86f1db5332a3e4a557d9f3510390
                                • Opcode Fuzzy Hash: 871e4bdcdf9eefe61b9ac40fb3e686425abc04d3338df5ef78b030c6cf6ad069
                                • Instruction Fuzzy Hash: 58E0ED34500219CFDB64CF14D855BADBB72FB5A301F5040AAA41AB3351DB345D84CF61
                                Function 05859B80 Relevance: .0, Instructions: 17COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 23354c73edfe057ced041dd6987eb96c57c56aa93941324ee4df82c23ec3d729
                                • Instruction ID: 5cf3af31838d7a9b232fff64be5963c3315d845519144f07b53a9e8085270ead
                                • Opcode Fuzzy Hash: 23354c73edfe057ced041dd6987eb96c57c56aa93941324ee4df82c23ec3d729
                                • Instruction Fuzzy Hash: 1DD05E74519108DBD714CA98D500AA8B7ADEB46225F10809CDC0D97351CA729E02D741
                                Function 05858BD0 Relevance: .0, Instructions: 17COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 23354c73edfe057ced041dd6987eb96c57c56aa93941324ee4df82c23ec3d729
                                • Instruction ID: 2ac791a88b9a96fedc6c4ae17cbfe7ca3c036ad2c5325d3a2d6d447633ac974e
                                • Opcode Fuzzy Hash: 23354c73edfe057ced041dd6987eb96c57c56aa93941324ee4df82c23ec3d729
                                • Instruction Fuzzy Hash: 1BD0A7B450D108DFC704CB98D501A68F7BCEB46325F2080DD9C0D97351CA339E02DB41
                                Function 0587748A Relevance: .0, Instructions: 16COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 080933c52cd06d267babdf9f4756c8ae1faa5aa9244a8e3448a70addb866df52
                                • Instruction ID: e8220e62ed3b37490d6004e3ca004a88346af922204f66ac0dbc61e640fbf298
                                • Opcode Fuzzy Hash: 080933c52cd06d267babdf9f4756c8ae1faa5aa9244a8e3448a70addb866df52
                                • Instruction Fuzzy Hash: 35E01AB0A002298FC720DF60D59979CBBB1FB99300F5000AA950DB37A0CF385D889F24
                                Function 05877A0D Relevance: .0, Instructions: 16COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d5cc99596207ddead5b6766e77c1388016ef9595e76704b72b4376b72fbb7067
                                • Instruction ID: e7c552347127ce8a629dc559ad7488d2940f13016436490a9c556a70bd928541
                                • Opcode Fuzzy Hash: d5cc99596207ddead5b6766e77c1388016ef9595e76704b72b4376b72fbb7067
                                • Instruction Fuzzy Hash: DDE01A30904229CFC720DF60D8957ACBBB2FB9A300F4000AAD509B7290CB382E89CF16
                                Function 02E108A0 Relevance: .0, Instructions: 16COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 33262d7609ad71002cf1cec28cf9c2aa465cebf0b34ac4b924e4742383c3d8da
                                • Instruction ID: 3d1bfa57eb173bf8eb62eaf755eecad9612074b7672d707a08f5b7a6076a5b6c
                                • Opcode Fuzzy Hash: 33262d7609ad71002cf1cec28cf9c2aa465cebf0b34ac4b924e4742383c3d8da
                                • Instruction Fuzzy Hash: 95D0C9354CC3C49FCB57566068950E83FB4D99A16471980E3D889CD423D239484B8B11
                                Function 02E14940 Relevance: .0, Instructions: 16COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 57676bd63b08caf2e0a8fcf60728e8986c7166a08a450b69144149611bec1967
                                • Instruction ID: 45710bbff0dec32150c856a9b194d98f4a39e3917d9d8d98be6a919b92310022
                                • Opcode Fuzzy Hash: 57676bd63b08caf2e0a8fcf60728e8986c7166a08a450b69144149611bec1967
                                • Instruction Fuzzy Hash: 91D01770A01109FF8B44DFA8EA0195DB7B9EB49204B2045AAD808E3264EB3A6F049B90
                                Function 02E1F748 Relevance: .0, Instructions: 16COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2c9262b555aaadc17bcff6584252bea3bfdc015b06daf15c8906c6ed83ae145e
                                • Instruction ID: 0fca090f0dde6bd7502e66015b6004e845ce6da2fd7fe0619981ad9ac3ac5ff7
                                • Opcode Fuzzy Hash: 2c9262b555aaadc17bcff6584252bea3bfdc015b06daf15c8906c6ed83ae145e
                                • Instruction Fuzzy Hash: C7D0C73258532467D63159659C01F96771C9B12BA5F154066EB483F2C08276B840C6E5
                                Function 05782918 Relevance: .0, Instructions: 15COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a46b0c01323e7e014837b529eae898849ce01499c3d16094d41c43ab8dfdae15
                                • Instruction ID: 9a445d43b1331bd3f67c713ad1cac83fce29de0be47fdc95c43d42485a2ba007
                                • Opcode Fuzzy Hash: a46b0c01323e7e014837b529eae898849ce01499c3d16094d41c43ab8dfdae15
                                • Instruction Fuzzy Hash: 97E092B8E042188FCB60DF64D984BDDB7F1FBA9300F2080AA9589A7394D7745E81CF00
                                Function 0585CFEF Relevance: .0, Instructions: 14COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9e0c0b6f251fe667e41dd585179f940b13d24813b5a314db76836531da75381f
                                • Instruction ID: a1d11bf1ee4c02a221e8483acdf42f1593e0616b47369105b95a8cc0774afbd7
                                • Opcode Fuzzy Hash: 9e0c0b6f251fe667e41dd585179f940b13d24813b5a314db76836531da75381f
                                • Instruction Fuzzy Hash: 60E0B678A0422A8FEB60CF64D855B9DBBB1FB58304F1081BAD919A7754DB345D85CF01
                                Function 058525D8 Relevance: .0, Instructions: 12COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 98a1cbb95c51302150a043d8017d657f28c7d592e7ab4cf8835fabdb54873054
                                • Instruction ID: 792b5c4a9a099a3f1bc15f06fa9b894c89a03c0b3d6afe6728a6783599072ecd
                                • Opcode Fuzzy Hash: 98a1cbb95c51302150a043d8017d657f28c7d592e7ab4cf8835fabdb54873054
                                • Instruction Fuzzy Hash: 08D0A7B51446408FC351CF24EE55F5237B0BF15210B0544C7F810CB163D324D918DB15
                                Function 058506C2 Relevance: .0, Instructions: 12COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a625f77c808e7bb356ed837aa69ed4b2064e53fbfa91c9772dfec8e8d1a7c249
                                • Instruction ID: 1d714424a09f501caeeed4c909dc0cfd41b12ed1ef2dbc6f76d3ac5f59f552ce
                                • Opcode Fuzzy Hash: a625f77c808e7bb356ed837aa69ed4b2064e53fbfa91c9772dfec8e8d1a7c249
                                • Instruction Fuzzy Hash: C2D012B74042449FC700CF58DC85F857BB8EF15225F4540A5F5488B332D661E810C664
                                Function 05BED438 Relevance: .0, Instructions: 12COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2064640113.0000000005BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BD0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5bd0000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 536b7ef51b350345b7a6b51be2ae6b5f14ef4d780efb58291627d350325da473
                                • Instruction ID: 9ee2ebc91312d4c98ae791d3c6a468b35a4d8c85c278807e6dbb7c8d6bc16ba1
                                • Opcode Fuzzy Hash: 536b7ef51b350345b7a6b51be2ae6b5f14ef4d780efb58291627d350325da473
                                • Instruction Fuzzy Hash: 29C08C300AA2048BC2201248A0293757AACD792222F881898640D004628BA27890E716
                                Function 0587DFC0 Relevance: .0, Instructions: 11COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 07441265ba8f29f1cf9a0220996267e148cd6d9decc60b2ef155a4ae8c1e58d3
                                • Instruction ID: cc3e10cfd72e72719c31d6e82ad5225844cda16262801d06ee4ac1bab8401584
                                • Opcode Fuzzy Hash: 07441265ba8f29f1cf9a0220996267e148cd6d9decc60b2ef155a4ae8c1e58d3
                                • Instruction Fuzzy Hash: 85C02BB10040107FD301D204DE4FFC7BD22DF40304F014830304C80110EB30C940D150
                                Function 0578651C Relevance: .0, Instructions: 11COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6d976fe94cc774dec0e353d094b7a4187e4d3dae91b3c98a7a126b8b74276f90
                                • Instruction ID: 5c9f88606644a4d6026558baefb18c773571088906c64a0c652b789123cf6011
                                • Opcode Fuzzy Hash: 6d976fe94cc774dec0e353d094b7a4187e4d3dae91b3c98a7a126b8b74276f90
                                • Instruction Fuzzy Hash: 0DD06774D15219CFCB61CF65C8547ADB7B6AF08304F2095D9C40C62351C7355E81CF40
                                Function 02E1C1B8 Relevance: .0, Instructions: 11COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4f55ac789ee2630c9bc4408278c75980fc0c392e751a2cd58ae4c85f7cdee71b
                                • Instruction ID: 07711e48ea3ffa3ea517022e70c5baa129b5297f15d0c7f78060fa141972e7f6
                                • Opcode Fuzzy Hash: 4f55ac789ee2630c9bc4408278c75980fc0c392e751a2cd58ae4c85f7cdee71b
                                • Instruction Fuzzy Hash: D9C08C300816448BCB2037A8FA0E3287BA86B4031FF845160E40D808788BB05410DB2A
                                Function 0587B0C0 Relevance: .0, Instructions: 10COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b0856609c97039ff42e37fdda44ef7b5515ea8836e21792e067dbae1b5bbb398
                                • Instruction ID: 71fc22aad4c082e1d8152a6cf69d9854ff02373b4900f9feb28266318ded95a1
                                • Opcode Fuzzy Hash: b0856609c97039ff42e37fdda44ef7b5515ea8836e21792e067dbae1b5bbb398
                                • Instruction Fuzzy Hash: A1C0923967520037EF600A308DABFD23AA4AB00700F150411B688B42C1EA889402D4AF
                                Function 0578F210 Relevance: .0, Instructions: 10COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5f5d46cbe97619cd06133d6d79053c63d727ab7f3282edbadcbaa2904bd4464a
                                • Instruction ID: 809ec50159b6ba12315ed351ebcb7d2811f4557479b3b8bfcb1ac6e3a35b3147
                                • Opcode Fuzzy Hash: 5f5d46cbe97619cd06133d6d79053c63d727ab7f3282edbadcbaa2904bd4464a
                                • Instruction Fuzzy Hash: D2B012675010106AF2019198ACBB7F723A8EF41138FF40892D440C0100E40895000070
                                Function 02E178FA Relevance: .0, Instructions: 10COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9971640a2428ec8541e07a6224c56d45b5af805811a826c862a05354db354486
                                • Instruction ID: 8dd0111ca6cce35906d2032b56b57c2bcf0ca82d241970397fffbdba12f7a7e0
                                • Opcode Fuzzy Hash: 9971640a2428ec8541e07a6224c56d45b5af805811a826c862a05354db354486
                                • Instruction Fuzzy Hash: 2DC04C34580504DFC740DA78E04589437F4EF5961476051A5E54AC7632D32558439E01
                                Function 02E16665 Relevance: .0, Instructions: 10COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 29af228532ddd6e26c8abbeb9a3226d601ea595c81c23365eb32e79c398f2c6f
                                • Instruction ID: 78145aaf1eec63cc7518264787ba441019fd0b9c1ea6ce639fccd835dbb07ecf
                                • Opcode Fuzzy Hash: 29af228532ddd6e26c8abbeb9a3226d601ea595c81c23365eb32e79c398f2c6f
                                • Instruction Fuzzy Hash: CFC08C76D4D1E21BE7104A6C40963E2BB64EB27300F0C49B7A8D186382E611C528D246
                                Function 02E10DCA Relevance: .0, Instructions: 10COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3ae2b485be06397247cb9a74c1f8525b1c421b678ab69a8be011e7eecf94e265
                                • Instruction ID: a9f578f0a7d4c64a0ded8cf2e52b06a3f29a9e0e93ff917c48f1a6681a6d8a22
                                • Opcode Fuzzy Hash: 3ae2b485be06397247cb9a74c1f8525b1c421b678ab69a8be011e7eecf94e265
                                • Instruction Fuzzy Hash: AAC01271984514CAE7248F15C4292D9B695BF9434570ED5B5CA5A5A029C730C5C2CA41
                                Function 0578CC9E Relevance: .0, Instructions: 9COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 719f0764dbefa87999a319755ba02381ca5df7e83dd0b6e2b26f3320ea173060
                                • Instruction ID: fc0a37d66e711b92a7e0ef12a8bcdfd9c397f2f67e7e374a227797a584d6e7c0
                                • Opcode Fuzzy Hash: 719f0764dbefa87999a319755ba02381ca5df7e83dd0b6e2b26f3320ea173060
                                • Instruction Fuzzy Hash: 94C00276E5001A9A8B00DAD9E4508DCB774EB94321B004066E224A6104D63015268B50
                                Function 02E108C2 Relevance: .0, Instructions: 9COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 002c712452c2dd53b0fbea0158ce00e053740460b731d5d712f10a9370c83cba
                                • Instruction ID: 1e73a0124e58903e22160cd7f6cddd423267445863dd3613613c1034c1442cb5
                                • Opcode Fuzzy Hash: 002c712452c2dd53b0fbea0158ce00e053740460b731d5d712f10a9370c83cba
                                • Instruction Fuzzy Hash: 3FC0926508E3C54ED31386202C2A0A07F72A8870243DE82C784E4CA963D22D948B8362
                                Function 0587773C Relevance: .0, Instructions: 8COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b2e24cdcf719f3872e9483a45a4030112db78176212cc503e34dbd50e0e2ecca
                                • Instruction ID: 3d31476390d5d0dd04573df7a7cc60511f3a51110d4ca593dc48b5180b1d54ce
                                • Opcode Fuzzy Hash: b2e24cdcf719f3872e9483a45a4030112db78176212cc503e34dbd50e0e2ecca
                                • Instruction Fuzzy Hash: 2DC08C3411900ACBD300DF91D00426C3776F7A8304F50006EE106B26D0DE385C0CCF20
                                Function 058506D0 Relevance: .0, Instructions: 8COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                                • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94
                                Function 02E17900 Relevance: .0, Instructions: 7COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d200006d66dfcaf3ad5dd5c1c75a4ffe651a9ea33eed7fff1a75258716443a08
                                • Instruction ID: 308734e347fe5fbfc39d01466d26648a0473cab39bdc6a53ba3d68073832f9aa
                                • Opcode Fuzzy Hash: d200006d66dfcaf3ad5dd5c1c75a4ffe651a9ea33eed7fff1a75258716443a08
                                • Instruction Fuzzy Hash: 93B01230240208CFC200DB5DD444C0033FCAF49A0434000D0F1098B731C721FC00CA40
                                Function 058547C8 Relevance: .0, Instructions: 7COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d478a2c3c5176b000564f9f6d5f5f9b5ccb564173a3d0d9f3d4800bb04ef9354
                                • Instruction ID: 396000ef0e4467ed1f04b1e6f607f1209c8bb99a1662706db987cad0ec24d5da
                                • Opcode Fuzzy Hash: d478a2c3c5176b000564f9f6d5f5f9b5ccb564173a3d0d9f3d4800bb04ef9354
                                • Instruction Fuzzy Hash: 4DB09236010208AB86009B84E804895BB69AB586117008025BB0906125CB33A862DB94
                                Function 02E10888 Relevance: .0, Instructions: 6COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f0700d3d6a005d75db1e084ddd4891fa514f7be02c44eb82340e795bb14d81d0
                                • Instruction ID: 23c40ec96d4d871f5c68d5352b6c2d0d8bbef288a27a0ea9117f3d490a3408c9
                                • Opcode Fuzzy Hash: f0700d3d6a005d75db1e084ddd4891fa514f7be02c44eb82340e795bb14d81d0
                                • Instruction Fuzzy Hash: 1CA0223000020CCFCB223BA0F80E8083B2CFB08203FC00020F00E8C0388F20A8008BB2
                                Function 02E12AF9 Relevance: .0, Instructions: 5COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3de4eefed2888b6d5a3e5efa145314d424d062ad2994bc94ca0751f9f1e2ec05
                                • Instruction ID: 183011608baac1c11e4c0b36cf88aefc92064b9ef02d4615fb2e8b058e647f14
                                • Opcode Fuzzy Hash: 3de4eefed2888b6d5a3e5efa145314d424d062ad2994bc94ca0751f9f1e2ec05
                                • Instruction Fuzzy Hash: 88B09270801526CFC7A08F998D08398BAF0BB48301F0040A7960DE2210D3340A848F20
                                Function 02E108B0 Relevance: .0, Instructions: 5COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2a15638b63e29f2f46c58df7933e6c63094f008c1fcb1689461a8e4f14a46416
                                • Instruction ID: 0ceac6c89eff43cbd9d49ff73d4ee353df376b99019984c5fbfeb52af54b3440
                                • Opcode Fuzzy Hash: 2a15638b63e29f2f46c58df7933e6c63094f008c1fcb1689461a8e4f14a46416
                                • Instruction Fuzzy Hash: 3D90023104460C8B55602795780D559B76C96445157C48052A50D455265A65641346D5
                                Function 02E1763A Relevance: .0, Instructions: 5COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 591620d3d80053cacdddda3f0cb9583e627e221c155615af1b63f3039739335b
                                • Instruction ID: 00a31659c6c3d26c58233906cbca9edf0108c69d172f00ebdad89b9858f3f86a
                                • Opcode Fuzzy Hash: 591620d3d80053cacdddda3f0cb9583e627e221c155615af1b63f3039739335b
                                • Instruction Fuzzy Hash: 2BB01130008A828AEB32833080202803A802B023A8FE008AC8080002008BBBA08AAA02
                                Function 02E17904 Relevance: .0, Instructions: 3COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: bc0f089188160d2f974b91109f709179b3acc20f84cddaf644c2b5e642d9d38d
                                • Instruction ID: c7798e33c620e4a9a1e10a81d5eb476ddb016f7017bfb687a0aee57340f7d75f
                                • Opcode Fuzzy Hash: bc0f089188160d2f974b91109f709179b3acc20f84cddaf644c2b5e642d9d38d
                                • Instruction Fuzzy Hash:

                                Non-executed Functions

                                Function 05785F50 Relevance: 3.8, Strings: 3, Instructions: 85COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: $V$_
                                • API String ID: 0-1253973937
                                • Opcode ID: d824632133a6f18b2210b5f8a484f805a1e06177f83da0cc0f5dbaf7846755f2
                                • Instruction ID: f790c7fd332185263c10b1a44cfc18348ca28fb3714242e444abb3f78d4d748a
                                • Opcode Fuzzy Hash: d824632133a6f18b2210b5f8a484f805a1e06177f83da0cc0f5dbaf7846755f2
                                • Instruction Fuzzy Hash: 65319DB1D056189BDB68DF6B884869EFBF7AFC9300F14C1EAC40DA6255DB310A81DF40
                                Function 0587DB28 Relevance: 2.8, Strings: 2, Instructions: 338COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: (aq$,aq
                                • API String ID: 0-1929014441
                                • Opcode ID: 97ce1b592d4fc08e2c5064dbd358e55d32d6284a3be385ec80b7567c1ce28bd7
                                • Instruction ID: 4b58dc5637eef3511f9ae10c0c5f771048fe5a5aaec20bb2f5d04828c6a720bc
                                • Opcode Fuzzy Hash: 97ce1b592d4fc08e2c5064dbd358e55d32d6284a3be385ec80b7567c1ce28bd7
                                • Instruction Fuzzy Hash: 28D12A35A056098FCB15DF69C584AAABBF2FF88314F65C499E805EB361DB34EC81CB50
                                Function 058590D8 Relevance: 1.4, Strings: 1, Instructions: 186COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: daq
                                • API String ID: 0-1532007458
                                • Opcode ID: 6c4c3ad70d5cfdea3c57e6eb46305622519978d224e403ec8427baa06f3e841b
                                • Instruction ID: 37784b1aa5652b98457a41ba87329730d9ae7530edb9c1e9db417bfd1de0efba
                                • Opcode Fuzzy Hash: 6c4c3ad70d5cfdea3c57e6eb46305622519978d224e403ec8427baa06f3e841b
                                • Instruction Fuzzy Hash: 7E812674E44228CFDB14DFA9D948BEDBBB6FB49314F10906AD809A7295DB385D49CF00
                                Function 058590CD Relevance: 1.4, Strings: 1, Instructions: 185COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: daq
                                • API String ID: 0-1532007458
                                • Opcode ID: 00fe1ad92d2976806cdc3b60ed71643fb4e629eefc12db5b9786a0c101df18d7
                                • Instruction ID: d9a2fa5b416b9d9abcd3dbf8ec29ec1de70dbf9dce7b91a3dba743d5099b3f1d
                                • Opcode Fuzzy Hash: 00fe1ad92d2976806cdc3b60ed71643fb4e629eefc12db5b9786a0c101df18d7
                                • Instruction Fuzzy Hash: 8E811674E04228CFDB14DFA9D944BEDBBB6FB49314F10906AE809A7294DB385D49CF00
                                Function 05785F41 Relevance: 1.3, Strings: 1, Instructions: 73COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: V
                                • API String ID: 0-1342839628
                                • Opcode ID: 77f803c199e9f7b2f772da0fa7a1cb07258a233c642e02ff0b2c8eebdfdec3a6
                                • Instruction ID: c42142b8571fa48f785ea6098c92b3bfaec9571ecbf3816410b2eb81686d96b6
                                • Opcode Fuzzy Hash: 77f803c199e9f7b2f772da0fa7a1cb07258a233c642e02ff0b2c8eebdfdec3a6
                                • Instruction Fuzzy Hash: 95318DB1E056189BE71CDF6B884569EFBF7AFC9300F14C1BA840CA6265DB3509868F11
                                Function 0578B880 Relevance: .4, Instructions: 431COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 77b739126f68e97d144b1f3d18d6c29fef3363512d6e8009641e274fb2460caa
                                • Instruction ID: 5bde4314e2a0cda15dd2f0f53b62e593aa47a5cfd57fc93b7b8e1e4a1ed82474
                                • Opcode Fuzzy Hash: 77b739126f68e97d144b1f3d18d6c29fef3363512d6e8009641e274fb2460caa
                                • Instruction Fuzzy Hash: A412B371E046189FDB14DFAAC98069DFBF2FF88304F24C169D459AB21AD734A946CF50
                                Function 0586F089 Relevance: .3, Instructions: 261COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063457909.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5860000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 730e31bc52c8bed8d9f174e46943651b2733a1c908752f1ea6cbb681c4ab59bc
                                • Instruction ID: c76da69fe4385f3e5900b1aa5bd1318115a0d77f4c88481a73dc5ca22c692833
                                • Opcode Fuzzy Hash: 730e31bc52c8bed8d9f174e46943651b2733a1c908752f1ea6cbb681c4ab59bc
                                • Instruction Fuzzy Hash: D6C11674E01218CFDB64DFA9E944B9DBBF2FB49304F1080AAD909AB294DB759D85CF01
                                Function 0586F098 Relevance: .3, Instructions: 261COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063457909.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5860000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b148972ee34f7577bdca1e11903013cee920b54b416916f503041b647aac64c6
                                • Instruction ID: b4ff364250e522b4078c442375fb87420840f53eea46184fde2c1d12effb3dc7
                                • Opcode Fuzzy Hash: b148972ee34f7577bdca1e11903013cee920b54b416916f503041b647aac64c6
                                • Instruction Fuzzy Hash: 66C11674E05218CFDB64DFA9E944B9DBBF2FB49304F10806AD909AB294DB749D85CF01
                                Function 02E149E1 Relevance: .2, Instructions: 205COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2043986302.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2e10000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e964f1f46d9765e9c7f2c2c8fc62cf4eae2e8b48933fd8e52ee098b86d42470f
                                • Instruction ID: 7899795b9d27ec3cfa21afdcb28ebe911ddd1a1c55215a7070a4f8d3b754cdfa
                                • Opcode Fuzzy Hash: e964f1f46d9765e9c7f2c2c8fc62cf4eae2e8b48933fd8e52ee098b86d42470f
                                • Instruction Fuzzy Hash: 468145B1A40104CFDB14CF48C444BEAB3B2EB84705F2AD9B6D506AB7D4E379AD85DB60
                                Function 05BED0C0 Relevance: .2, Instructions: 202COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2064640113.0000000005BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BD0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5bd0000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0bcd578ee7b2ad7adee938d30b9905eea3b5feb91c34ef2ab157c961c5e2ca21
                                • Instruction ID: f75e5acd0eaff245b6aef679e83c12d2047aa664a58dd3c667b59ca0b9529e94
                                • Opcode Fuzzy Hash: 0bcd578ee7b2ad7adee938d30b9905eea3b5feb91c34ef2ab157c961c5e2ca21
                                • Instruction Fuzzy Hash: BF81EA70E45218CFDB64DFA5C845BADBBB6FF49304F2880ADC00AA7251DBB46989CF01
                                Function 05782F30 Relevance: .2, Instructions: 199COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 787d0b49924318af42e7d68330ce5a3ef72efe9e74e0b104160dd29a31a83dca
                                • Instruction ID: 74889a29eb24989dbbe3ed5a8731bc64c2d94b9a20e37030885412b34e21fb9a
                                • Opcode Fuzzy Hash: 787d0b49924318af42e7d68330ce5a3ef72efe9e74e0b104160dd29a31a83dca
                                • Instruction Fuzzy Hash: 7F81EFB4D45219CBDB08EFA9C9087EEFBF2FB48302F10942AD809B7251DB794A45DB54
                                Function 05867E08 Relevance: .2, Instructions: 197COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063457909.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5860000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: af40dedb67d70828d5c835ca7a38d904942cddb3f4683201f28a0e0e4c3f5087
                                • Instruction ID: fae61122e2d6d99d599d718fc9b1a81c37324c2193c1cd8a2a067e36659412a8
                                • Opcode Fuzzy Hash: af40dedb67d70828d5c835ca7a38d904942cddb3f4683201f28a0e0e4c3f5087
                                • Instruction Fuzzy Hash: 4E81F774905258CFDB14DFA9D484BADBBF6FB49308F20806AE809E7295DB389D49CF44
                                Function 05867E18 Relevance: .2, Instructions: 195COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063457909.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5860000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: cd96d6b2eecee1781057534f39f0513d27c098abe54adf2bffcabee2e071c6d8
                                • Instruction ID: b6770f5ddeab6d6598eeaa8f644cf80930906b0eee50daa304781c980f8fd3b6
                                • Opcode Fuzzy Hash: cd96d6b2eecee1781057534f39f0513d27c098abe54adf2bffcabee2e071c6d8
                                • Instruction Fuzzy Hash: B371F574905258CFDB14DFA9D484BADBBF6FB49308F20906AD809E7295DB389D89CF40
                                Function 05867F06 Relevance: .2, Instructions: 188COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063457909.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5860000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5222885cc467b5d92dc0ef6b7b220eff2a87fad4436980cedca0631fc2365b65
                                • Instruction ID: f98029cf5107d00e56060d559e3d807146089878817699bd7fdd7cb91b9fb4bc
                                • Opcode Fuzzy Hash: 5222885cc467b5d92dc0ef6b7b220eff2a87fad4436980cedca0631fc2365b65
                                • Instruction Fuzzy Hash: 6071E574E05218CFDB14CFA9D584AADBBF2FB49308F20906AD809E7254DB389D85CF44
                                Function 058623A0 Relevance: .2, Instructions: 188COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063457909.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5860000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 28b4a99b6035e93d021419fde6257b1c4347fbcc8419ce418bef60bd41a4a76b
                                • Instruction ID: c09f896911065156aa43ed7918aa04534440aff4a0feab4dd4b2a3a207ebaa37
                                • Opcode Fuzzy Hash: 28b4a99b6035e93d021419fde6257b1c4347fbcc8419ce418bef60bd41a4a76b
                                • Instruction Fuzzy Hash: 5891C174D05218CFEB24CFAAD984BDDBBF2BB49304F1091AAD90AA7251DB745A84CF50
                                Function 05862391 Relevance: .2, Instructions: 178COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063457909.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5860000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d02613ee42c4e31da4fd1e8e663ac608be48113d493f49bd00b47ccdf4849857
                                • Instruction ID: 15dca4f20639ef38b4d67d25c41148a5b57d168ace40b9a05bb174d5278cc8d8
                                • Opcode Fuzzy Hash: d02613ee42c4e31da4fd1e8e663ac608be48113d493f49bd00b47ccdf4849857
                                • Instruction Fuzzy Hash: 8A81E474D06218CFEB25CFAAD984BDDBBF2BB48304F1090AAD90AB7251DB745984CF50
                                Function 05930040 Relevance: .1, Instructions: 142COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063927578.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5930000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6db32f176019c722023644fbade6420f3d6f230473bc0b983270c03b1d21065e
                                • Instruction ID: 0561a5c19ba8027cac957c7ae7b98674b1b68808cfd9fd9e98a07bc7dba7e369
                                • Opcode Fuzzy Hash: 6db32f176019c722023644fbade6420f3d6f230473bc0b983270c03b1d21065e
                                • Instruction Fuzzy Hash: E56149B1D006698BEB68CF5BCD457DAFAF3AFC8300F14C1FA945CA6254DB700A859E40
                                Function 05930006 Relevance: .1, Instructions: 129COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063927578.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5930000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e5635b203498d5aa87074edc7aba94857d23952c2f4c84681864196852675869
                                • Instruction ID: 1f6ad44a70b0c2d915552486e26031fb94e8903f2f896b59e519798d8942ec90
                                • Opcode Fuzzy Hash: e5635b203498d5aa87074edc7aba94857d23952c2f4c84681864196852675869
                                • Instruction Fuzzy Hash: 17519371D056598BE769CF278C417DAFAF3AFC9300F04C1FA984CAA265EB7409869F50
                                Function 0578B870 Relevance: .1, Instructions: 128COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3d4c8aaf8c6a49a0079669212d1ad18e599aa64f9a0f1b2fee48e47956886e2d
                                • Instruction ID: f0868e7d5efa6d9a39c5c3569cc613a4aade022966b1e5bc65e2a9f7190394ca
                                • Opcode Fuzzy Hash: 3d4c8aaf8c6a49a0079669212d1ad18e599aa64f9a0f1b2fee48e47956886e2d
                                • Instruction Fuzzy Hash: B24176B1E016199BDB08DFABC94069EFBF3BFC8310F14C07AD958AB264DB3459468B54
                                Function 0593CE18 Relevance: .1, Instructions: 114COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063927578.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5930000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8c97d1ddee7d0ed67ae203bab9d8567b03b6b3734e1b753d862ed0a3e20c05d2
                                • Instruction ID: dc1392fd8d4e84e3efa83ff85c34fceb38289ecf7d9f401054974cf039a5e1ff
                                • Opcode Fuzzy Hash: 8c97d1ddee7d0ed67ae203bab9d8567b03b6b3734e1b753d862ed0a3e20c05d2
                                • Instruction Fuzzy Hash: 3541ECB4D04648DFDB10CFA9C986BADBBF1BF09300F20902AE418BB254D7789885CF85
                                Function 05870007 Relevance: .1, Instructions: 107COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 83a1eeb861a53ee759887f07b08886ad71987b3797f6b6125aa3624790117a72
                                • Instruction ID: c403c789d6df4c7bd4bc8aae8e0403bfaf0d7872a77bce8797d8344ae5d634f0
                                • Opcode Fuzzy Hash: 83a1eeb861a53ee759887f07b08886ad71987b3797f6b6125aa3624790117a72
                                • Instruction Fuzzy Hash: BE416471D05A588FD75DCF6B8D402DAFBF3AFC9211F18C0B6984CEA265EA3449468F11
                                Function 05870040 Relevance: .1, Instructions: 105COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063509108.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5870000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e3c00cbd09722246c03255fc79d8f30f72e68d1a55fbec03e3810066a1667c8d
                                • Instruction ID: 840591f72bc2703bf9af7d20c400f135fbaff8c14c4114d84e5fd130f1ec7697
                                • Opcode Fuzzy Hash: e3c00cbd09722246c03255fc79d8f30f72e68d1a55fbec03e3810066a1667c8d
                                • Instruction Fuzzy Hash: CD415F71D05A18CBEB18CF6B8C4479EFAF3AFC9301F14C0B5984CAA255DB304A818F51
                                Function 058660F0 Relevance: .1, Instructions: 97COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063457909.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5860000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 24b5969a19f29e8ae494e88db9ac6cb06f31f90e790b8320c520145626e8c8db
                                • Instruction ID: 4bbe8026cf609d145008feba5bf0c3983619df0d9bd4bf353237d2d5c196905d
                                • Opcode Fuzzy Hash: 24b5969a19f29e8ae494e88db9ac6cb06f31f90e790b8320c520145626e8c8db
                                • Instruction Fuzzy Hash: AD41EEB5C052589FCB00DFAAD484AEEFBF1BF09310F14902AE415B7240D738AA49CFA4
                                Function 058660F8 Relevance: .1, Instructions: 95COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063457909.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5860000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 72da880734a490b604f86dd580db9d1e23f9e4f0c4856b4bafd838dd308a5c84
                                • Instruction ID: b44d759f54acc9f4c8a955f50aebb890b8145ca4c604ffb9241906a958d4b2a6
                                • Opcode Fuzzy Hash: 72da880734a490b604f86dd580db9d1e23f9e4f0c4856b4bafd838dd308a5c84
                                • Instruction Fuzzy Hash: 4F41DDB5D042589FCB00DFAAD484AEEFBF5BF09310F14942AE415B7240D738AA85CFA4
                                Function 05BD0006 Relevance: .1, Instructions: 79COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2064640113.0000000005BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BD0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5bd0000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8960d8364f309f08e2789dc64b822a1531268fb31f5b3207417356436905e20a
                                • Instruction ID: 32d8b166c9a57f9786ac6e0b52a1c653b6f4d4896b89f7e1546fa76ec475b009
                                • Opcode Fuzzy Hash: 8960d8364f309f08e2789dc64b822a1531268fb31f5b3207417356436905e20a
                                • Instruction Fuzzy Hash: FF314D71D097588FE729CF2A8C5479AFBF2AF85200F08C0FAD548AA255E7341A86CF11
                                Function 05BD0040 Relevance: .1, Instructions: 79COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2064640113.0000000005BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BD0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5bd0000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 84f142e5cd8aef7327f54c561ad52fce2d7e9778e1c9592b28aef8b6359be439
                                • Instruction ID: 587b9ec3a6e15a5f3970bceed91ad83033026b23ec48f697fbc42c72a61eeebc
                                • Opcode Fuzzy Hash: 84f142e5cd8aef7327f54c561ad52fce2d7e9778e1c9592b28aef8b6359be439
                                • Instruction Fuzzy Hash: 1E31BB70D45629CFDB28DF1AC958B99FBF2BF88300F04C0EAD50CA6254E7745A859F51
                                Function 05784140 Relevance: .1, Instructions: 74COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 32c82ef5d4f1df4ec87acc6df418350ea08563466dae93ba235ab9ff7cf44beb
                                • Instruction ID: f60b94493b0d2acc0b41b0143dd76aafd02546fe6604e5dfcd1bdfc55901ba17
                                • Opcode Fuzzy Hash: 32c82ef5d4f1df4ec87acc6df418350ea08563466dae93ba235ab9ff7cf44beb
                                • Instruction Fuzzy Hash: DB31F871D15628CBDB28DF6ACC446D9BBB3BFC9304F14C0AA9809AA354DB741A85DF00
                                Function 05861D73 Relevance: .1, Instructions: 67COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063457909.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5860000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9b2f438fd3261de6e87a60afc43688fdb764bfcce6a1096c589899940b62531c
                                • Instruction ID: b105b25ef1828980e1901023d0d480502caa5cfd4dcde34b558b842a2b107832
                                • Opcode Fuzzy Hash: 9b2f438fd3261de6e87a60afc43688fdb764bfcce6a1096c589899940b62531c
                                • Instruction Fuzzy Hash: 8B21DEB5D002089FCB10DFA9D985AEEFBF5FB49310F10901AE809B7210CB35A945CFA4
                                Function 05861D78 Relevance: .1, Instructions: 66COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063457909.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5860000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 36c35a1e0a4f93a18e95b3638e99393a055ffc98daedb00547295e39028bbaf5
                                • Instruction ID: e6b3451e0901bd5b15ad3cce1513a883bc91cb02e4cd69435a4fbb5778698fa1
                                • Opcode Fuzzy Hash: 36c35a1e0a4f93a18e95b3638e99393a055ffc98daedb00547295e39028bbaf5
                                • Instruction Fuzzy Hash: 4A21DEB5D002089BCB10DFA9D984AEEFBF5BB49310F10901AE809B7210C735A945CFA4
                                Function 0585CDF8 Relevance: .1, Instructions: 62COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2d218ce1c94a788a0f11c1ded89adb393ada48a88286faa624eb91974828ef01
                                • Instruction ID: bdfa9d963c5b37c9051682760f3c85a6b07ec896100410a9f303edaa1ebd738b
                                • Opcode Fuzzy Hash: 2d218ce1c94a788a0f11c1ded89adb393ada48a88286faa624eb91974828ef01
                                • Instruction Fuzzy Hash: B321CFB1E056189BEB28CF9BD84479EFAB7AFC8314F04C0AAD808AA254DB7419458F41
                                Function 0585CDEA Relevance: .1, Instructions: 59COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ad6503a728d5026a3d85b630e0be6cc4db32463005e30a787479c14fd7a1e3a1
                                • Instruction ID: d7c2d62168ae56dd2d70776ade27f046360c1a76b13cad02fa2b33bdf71c7bd3
                                • Opcode Fuzzy Hash: ad6503a728d5026a3d85b630e0be6cc4db32463005e30a787479c14fd7a1e3a1
                                • Instruction Fuzzy Hash: F121C4B1D056189BEB28CF9BD8447DEFAF7AFC8304F14C07AD808AA264DB7519458F51
                                Function 0578412F Relevance: .1, Instructions: 58COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b18316ccc4bdd5aca0740eb02f2489165f17612b2be53199e09b6589de05f5ef
                                • Instruction ID: e8da6dfc30b2a78a8404b972e6a7467e10f3a5dc3308e69c2f1af54dda681b46
                                • Opcode Fuzzy Hash: b18316ccc4bdd5aca0740eb02f2489165f17612b2be53199e09b6589de05f5ef
                                • Instruction Fuzzy Hash: 44110D71D146588BDB18CF6BCC442DAFBF3AFC9305F04C1BA9808AA254DB301945DF00
                                Function 058537BF Relevance: 5.2, Strings: 4, Instructions: 207COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2063413497.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5850000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: (_]q$(_]q$(_]q$(_]q
                                • API String ID: 0-2651352888
                                • Opcode ID: d53f4a6d7f786a24560d8979b1f9c194c2ca3115d2f3609912f4e62480218329
                                • Instruction ID: 7b8dbab4a5e4209a933f740405949e7d016e66ad40bc9cd2f0f85477d45a1da0
                                • Opcode Fuzzy Hash: d53f4a6d7f786a24560d8979b1f9c194c2ca3115d2f3609912f4e62480218329
                                • Instruction Fuzzy Hash: 2171CF70A043458FCB059F78C45596A7BF2FF8A310B1588AAE84ADB3A1DF35DC46CB90
                                Function 0578636C Relevance: 5.0, Strings: 4, Instructions: 39COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2062958315.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_5780000_rliquida____odefaturadepagamento.jbxd
                                Similarity
                                • API ID:
                                • String ID: -$/$c$l
                                • API String ID: 0-1015544082
                                • Opcode ID: ba500c0203afc6781f728a1a7efbce4dcd0ba1ea5ebb47d23cbf7ee909bc1278
                                • Instruction ID: a812512dc0a837fe3a0e2df29ec4c9fd49551b5956075b78bba17430a050937e
                                • Opcode Fuzzy Hash: ba500c0203afc6781f728a1a7efbce4dcd0ba1ea5ebb47d23cbf7ee909bc1278
                                • Instruction Fuzzy Hash: 101109B0D81258DEDB24EF64C598BFDBBB2BF09354F1494A9C00AB2241D7744AC49F15

                                Executed Functions

                                Function 04AC6748 Relevance: 6.7, Strings: 5, Instructions: 464COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2360629263.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_4ac0000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID: (o]q$(o]q$(o]q$,aq$,aq
                                • API String ID: 0-615190528
                                • Opcode ID: 59d80f4eebd575e93bb87d564d32c3c2a1f0db44745eb83344b12a23d1a4f9da
                                • Instruction ID: b614ebc244248415bc16cfc629dc2eb76dd9cc6e9a72cbd3a121b809b1ce9a3d
                                • Opcode Fuzzy Hash: 59d80f4eebd575e93bb87d564d32c3c2a1f0db44745eb83344b12a23d1a4f9da
                                • Instruction Fuzzy Hash: 57125E74A04209DFCB94CF69C984AAEBBF6FF88300F558469E415AB2A1D735EC52CB50
                                Function 04ACB338 Relevance: 6.6, Strings: 5, Instructions: 349COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2360629263.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_4ac0000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID: 0odp$Ljdp$Ljdp$PH]q$PH]q
                                • API String ID: 0-3689317755
                                • Opcode ID: 172921c7040014f25237e320bb00515a0d4400c72216a5f0da0f7fd91d7737b7
                                • Instruction ID: 35201f89dcc40e143c6b5d53329e9b2099c07b86bc812d8f65786cea7d7abb5d
                                • Opcode Fuzzy Hash: 172921c7040014f25237e320bb00515a0d4400c72216a5f0da0f7fd91d7737b7
                                • Instruction Fuzzy Hash: 03E11874E04258CFDB54CFA9D984A9DBBB2FF48310F1584A9E919AB361DB31B841CF60
                                Function 04ACBAC0 Relevance: 6.5, Strings: 5, Instructions: 209COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2360629263.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_4ac0000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID: 0odp$Ljdp$Ljdp$PH]q$PH]q
                                • API String ID: 0-3689317755
                                • Opcode ID: 57dcd7a20ca8c0a4986b0f50388c3d29adafe9a97356bbe3335e9760dd0d4010
                                • Instruction ID: cfa9859c5fc0ed2038f611b9053b573de3579dd3971529dc0a169f1d4a27510f
                                • Opcode Fuzzy Hash: 57dcd7a20ca8c0a4986b0f50388c3d29adafe9a97356bbe3335e9760dd0d4010
                                • Instruction Fuzzy Hash: 4191C474E00218CFDB58DFA9D994A9DBBF2BF88300F149469E419AB365DB35A941CF20
                                Function 04ACBDA0 Relevance: 6.5, Strings: 5, Instructions: 205COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2360629263.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_4ac0000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID: 0odp$Ljdp$Ljdp$PH]q$PH]q
                                • API String ID: 0-3689317755
                                • Opcode ID: 35aa6bce9aaafee08ed8cab10044c37028036b3104d0a1f0fdc4ce43b3f49025
                                • Instruction ID: f4b67a5158c144beef2ec15baecf1b23adc059841c6a62b24401b55e39c53b53
                                • Opcode Fuzzy Hash: 35aa6bce9aaafee08ed8cab10044c37028036b3104d0a1f0fdc4ce43b3f49025
                                • Instruction Fuzzy Hash: 9391C374E00218CFDB58DFA9D994A9DBBF2BF88300F14D469E409AB365DB31A985CF50
                                Function 04AC46D9 Relevance: 6.4, Strings: 5, Instructions: 188COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2360629263.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_4ac0000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID: 0odp$Ljdp$Ljdp$PH]q$PH]q
                                • API String ID: 0-3689317755
                                • Opcode ID: 2b0601741f43ef94f04049a66f45a93f26ba7622000514f844cffd13db6c5d4d
                                • Instruction ID: 855191753b476cda119d4f878fb23cbbe56ed0b0dd0eb49d4804a63cd90959e7
                                • Opcode Fuzzy Hash: 2b0601741f43ef94f04049a66f45a93f26ba7622000514f844cffd13db6c5d4d
                                • Instruction Fuzzy Hash: BF81C374E00258CFDB54DFA9D994A9DBBF2BF88300F14D069E819AB365DB34A985CF10
                                Function 04ACC761 Relevance: 6.4, Strings: 5, Instructions: 188COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2360629263.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_4ac0000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID: 0odp$Ljdp$Ljdp$PH]q$PH]q
                                • API String ID: 0-3689317755
                                • Opcode ID: fa2350ca9eeae17414c6cc3319e8df40c5be5d6f21e88f5d54487a6228ed43d0
                                • Instruction ID: 5e79b15077b5f8d1c817f4bb8e6b2bec7f554c1d8d5a6466777e58a5065cdbd6
                                • Opcode Fuzzy Hash: fa2350ca9eeae17414c6cc3319e8df40c5be5d6f21e88f5d54487a6228ed43d0
                                • Instruction Fuzzy Hash: 8681E774E00218DFDB58DFA9D994A9DBBF2BF88310F14D069E419AB365DB30A985CF10
                                Function 04ACCA41 Relevance: 6.4, Strings: 5, Instructions: 188COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2360629263.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_4ac0000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID: 0odp$Ljdp$Ljdp$PH]q$PH]q
                                • API String ID: 0-3689317755
                                • Opcode ID: 76ad185681023daea651fb4ef6818ffd9afae8869ab0c9d48192c12f07f70a54
                                • Instruction ID: 8cd6c267bd0863eac165232460a32ecfd3f14c027f950b7f8633fec912ca8401
                                • Opcode Fuzzy Hash: 76ad185681023daea651fb4ef6818ffd9afae8869ab0c9d48192c12f07f70a54
                                • Instruction Fuzzy Hash: F381D874E00218CFDB54DFA9D994A9DBBF2BF88310F14D069E809AB355DB34A985CF50
                                Function 04ACC080 Relevance: 6.4, Strings: 5, Instructions: 185COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2360629263.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_4ac0000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID: 0odp$Ljdp$Ljdp$PH]q$PH]q
                                • API String ID: 0-3689317755
                                • Opcode ID: c751459babbb029822214eb35439de1925ea07b0958ead48da2097c2ca43f1ad
                                • Instruction ID: 7c637eeb56333a3c4e72ada8e0fd13816a6725c57963677d595a88c03ce3c9d4
                                • Opcode Fuzzy Hash: c751459babbb029822214eb35439de1925ea07b0958ead48da2097c2ca43f1ad
                                • Instruction Fuzzy Hash: BF81D774E00218CFDB58DFAAD994A9DBBF2BF89310F14D069E419AB365DB309981CF50
                                Function 04ACB7E2 Relevance: 6.4, Strings: 5, Instructions: 184COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2360629263.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_4ac0000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID: 0odp$Ljdp$Ljdp$PH]q$PH]q
                                • API String ID: 0-3689317755
                                • Opcode ID: 9f5a213d2ba8881998e3f61a6a59880ddeb21647a210ebe66ed5921e12a5e132
                                • Instruction ID: 6239ae7dff06b3014390a0266a5b1715e1b8ac393e0871e0e5a69b9871c69d15
                                • Opcode Fuzzy Hash: 9f5a213d2ba8881998e3f61a6a59880ddeb21647a210ebe66ed5921e12a5e132
                                • Instruction Fuzzy Hash: AC81D574E00218CFDB54DFA9D994A9DBBF2BF88300F14C069E449AB365DB31A985CF10
                                Function 04ACB503 Relevance: 3.9, Strings: 3, Instructions: 174COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2360629263.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_4ac0000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID: 0odp$PH]q$PH]q
                                • API String ID: 0-1672110758
                                • Opcode ID: 7e31cb96d561a8dfccc395906c7f3673813b586906c490f9b263b8b826273c8c
                                • Instruction ID: 8966857ed54474e771c7bbfdebc0f241bbe22547c6d45848f0823cac576e35d7
                                • Opcode Fuzzy Hash: 7e31cb96d561a8dfccc395906c7f3673813b586906c490f9b263b8b826273c8c
                                • Instruction Fuzzy Hash: 6A711974E00248CFDB58CFA9D984A9DBBF2FF89310F148069D809AB365DB356846CF10
                                Function 04AC9868 Relevance: 3.4, Strings: 2, Instructions: 857COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2360629263.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_4ac0000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID: (o]q$4']q
                                • API String ID: 0-176817397
                                • Opcode ID: 7c95402f67ec8d9638d464cf597180390d2ec028b2393fd0f9345f727e363c0b
                                • Instruction ID: 4959d02891add4959547e91aeec28c5782e4b7f3dae1eb9650e20ca19d3c96ca
                                • Opcode Fuzzy Hash: 7c95402f67ec8d9638d464cf597180390d2ec028b2393fd0f9345f727e363c0b
                                • Instruction Fuzzy Hash: E9728C70A00209DFCB55CFA9D988AAEBBF6FF88310F158559E8159B2A1D730FD41CB90
                                Function 04AC6120 Relevance: 3.0, Strings: 2, Instructions: 515COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2360629263.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_4ac0000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID: (o]q$Haq
                                • API String ID: 0-903699183
                                • Opcode ID: 83308e68e302c5d8f86cf0feb2f69604ea888f6dab5a88a5bb72aecd379267e0
                                • Instruction ID: 520b664bf2518160725c74d206fdcd0cd50e31fdfe0851a008360773af93cc45
                                • Opcode Fuzzy Hash: 83308e68e302c5d8f86cf0feb2f69604ea888f6dab5a88a5bb72aecd379267e0
                                • Instruction Fuzzy Hash: A2127D70A002198FDB54DF69C954AAEBBF6FF88300F20856DE4169B395DB34ED46CB90
                                Function 04AC3570 Relevance: 2.9, Strings: 2, Instructions: 439COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2360629263.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_4ac0000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID: Xaq$$]q
                                • API String ID: 0-1280934391
                                • Opcode ID: 58a96f8d5294c7e12f98165fd5e9cd117eda49bf638cdece4e9797f5c7f5f4f4
                                • Instruction ID: 7cbfc01e308da81762a3f1d61a84dce882cd06a9f613cd2f24ac690113459eb3
                                • Opcode Fuzzy Hash: 58a96f8d5294c7e12f98165fd5e9cd117eda49bf638cdece4e9797f5c7f5f4f4
                                • Instruction Fuzzy Hash: EDF14974F002488FDB49DFB9D5946AEBBB2BF88710B14856DD806AB358DB35A802CB51
                                Function 04AC6E70 Relevance: 10.5, Strings: 8, Instructions: 477COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2360629263.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_4ac0000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID: (o]q$(o]q$(o]q$(o]q$(o]q$(o]q$,aq$,aq
                                • API String ID: 0-1435242062
                                • Opcode ID: 773b914c58736fe5eae638581ca06d1dd0ed8896e379680abd998a9e5819cfd0
                                • Instruction ID: a3f1ce7f717ed5681bb6fecff0331bbb012e8e56ff1e1ffa0b3f39c0b9b4d8c4
                                • Opcode Fuzzy Hash: 773b914c58736fe5eae638581ca06d1dd0ed8896e379680abd998a9e5819cfd0
                                • Instruction Fuzzy Hash: 9B124934A006098FCB65CF69D984A9EBBF6FF48314F1585A9E8169B2A1D730FC41CF90
                                Function 04AC8801 Relevance: 4.2, Strings: 3, Instructions: 498COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2360629263.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_4ac0000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID: 4']q$4']q$;]q
                                • API String ID: 0-1096896373
                                • Opcode ID: d8269faa6826ccb9b99479149aaeda352f240ee0d21d16a61698dfe970262be1
                                • Instruction ID: b1f62e9fc84c16486993295ae1c5d84d8aa5cd8047610eccce33eae0e78404ee
                                • Opcode Fuzzy Hash: d8269faa6826ccb9b99479149aaeda352f240ee0d21d16a61698dfe970262be1
                                • Instruction Fuzzy Hash: CEF18B703046018FDBA5AF29C85873936AAFF95746F1944AEE012CF3B5EA2DEC42C751
                                Function 04AC7808 Relevance: 3.2, Strings: 2, Instructions: 702COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2360629263.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_4ac0000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID: $]q$$]q
                                • API String ID: 0-127220927
                                • Opcode ID: 07205784f6cca0a008ad519532acbc0f130016ef96e109263246c4b881adc0ef
                                • Instruction ID: 7ab1a98805e20bbda1c63ac12744d82cd95b0a7060f63f7385fb565b3208cae3
                                • Opcode Fuzzy Hash: 07205784f6cca0a008ad519532acbc0f130016ef96e109263246c4b881adc0ef
                                • Instruction Fuzzy Hash: C6523274A00218CFEB659BA4C850BAEBB77FF84300F1080ADC55A6B3A5CB35AD45DF95
                                Function 04AC56B0 Relevance: 2.8, Strings: 2, Instructions: 329COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2360629263.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_4ac0000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID: Haq$Haq
                                • API String ID: 0-4016896955
                                • Opcode ID: 0de2038f9078a2d76d1932ba5fd23a61f1260186854a9e68de2545e03766551b
                                • Instruction ID: 38f0308b1233a56d8dcfbfd1fdfcd8f4a66a311ba2036c1a35ead9366e722c7a
                                • Opcode Fuzzy Hash: 0de2038f9078a2d76d1932ba5fd23a61f1260186854a9e68de2545e03766551b
                                • Instruction Fuzzy Hash: B3B1B135B042209FDB559F6A885863A7BA2EFC8314F15896DF406CB391DF34EC42DB91
                                Function 04AC5C10 Relevance: 2.7, Strings: 2, Instructions: 230COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2360629263.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_4ac0000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID: ,aq$,aq
                                • API String ID: 0-2990736959
                                • Opcode ID: 5b4d5cc7bd0f764857bb4d04d5888466d3b78bb2d63e22df16e1c0ad963df495
                                • Instruction ID: 8287b3d8a825cfdcba52756418801e445178f4330e6de675bd27c79279505122
                                • Opcode Fuzzy Hash: 5b4d5cc7bd0f764857bb4d04d5888466d3b78bb2d63e22df16e1c0ad963df495
                                • Instruction Fuzzy Hash: 01817A34F00225EFCB94DFA9C88896AB7B2FF89314B15816DE415AB365DB31F841CB90
                                Function 04AC3428 Relevance: 2.6, Strings: 2, Instructions: 112COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2360629263.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_4ac0000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID: Xaq$Xaq
                                • API String ID: 0-1488805882
                                • Opcode ID: 271246bfe3fb516ca1beb427d3e5d1feb9b0015043516010195e8aff0d080186
                                • Instruction ID: c99d84584ec7a48743f2ec5dd7eef3c5034bf34834c75685971083b693dc697d
                                • Opcode Fuzzy Hash: 271246bfe3fb516ca1beb427d3e5d1feb9b0015043516010195e8aff0d080186
                                • Instruction Fuzzy Hash: E4312231B003298BDF9D9FAA5A9423EA6EAABC4311F14843DDC16C7384EF78DC458791
                                Function 04AC0C8F Relevance: 1.7, Strings: 1, Instructions: 403COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2360629263.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_4ac0000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID: LR]q
                                • API String ID: 0-3081347316
                                • Opcode ID: 154fa79484952a731c34392860fa2a586228a3acea70d868460081b2e9f5dba6
                                • Instruction ID: 23b69a196d4e80eee25102127069adf6e9664de56e6338f7900bbb4ff5f7c053
                                • Opcode Fuzzy Hash: 154fa79484952a731c34392860fa2a586228a3acea70d868460081b2e9f5dba6
                                • Instruction Fuzzy Hash: EF221178E00219CFCB95EF64E994A9DBBB6FF48300F2095A9D409A7358EB346D95CF40
                                Function 04AC0CA0 Relevance: 1.6, Strings: 1, Instructions: 395COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2360629263.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_4ac0000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID: LR]q
                                • API String ID: 0-3081347316
                                • Opcode ID: 57a971ec63e31d9c1505ac6e215403ba6edb3d9f2e12730e78ba5c099691b5b3
                                • Instruction ID: 8816121ed9679c8b25630ffebef5fad81c1fcfc626e7c7af82f12556f7f44481
                                • Opcode Fuzzy Hash: 57a971ec63e31d9c1505ac6e215403ba6edb3d9f2e12730e78ba5c099691b5b3
                                • Instruction Fuzzy Hash: D7221078E00219CFCB95EF64E994A9DBBB6FF48300F2095A9D409A7358EB346D95CF40
                                Function 04ACA660 Relevance: 1.4, Strings: 1, Instructions: 122COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2360629263.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_4ac0000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID: (o]q
                                • API String ID: 0-794736227
                                • Opcode ID: a38298ad5c9d40bda9cba95a37ea30fe598e2289458834809195c4bbf9d1c4ed
                                • Instruction ID: 2ae149ee8b84058d7d41c71c330166b8d385832afaac0ad509742979d31dbce2
                                • Opcode Fuzzy Hash: a38298ad5c9d40bda9cba95a37ea30fe598e2289458834809195c4bbf9d1c4ed
                                • Instruction Fuzzy Hash: E841DA757042489FCB14AB79D854ABE7BB6EFC9710F1484ADDA16DB390CE359C02CBA0
                                Function 04ACA828 Relevance: .4, Instructions: 418COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2360629263.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_4ac0000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 370370f06aec4463a1ff77a0f64cfc07f689e1e58388f7247ecde3e8335a20c2
                                • Instruction ID: 3e560026e6975dc4bb23a130e89b8412e54380a0764c8b810d8632f2b8f10b19
                                • Opcode Fuzzy Hash: 370370f06aec4463a1ff77a0f64cfc07f689e1e58388f7247ecde3e8335a20c2
                                • Instruction Fuzzy Hash: 52F12C75B002198FCB44CFA9D988AADBBF6FF88314B168459E415AB361DB35FC42CB50
                                Function 04AC7450 Relevance: .2, Instructions: 201COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2360629263.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_4ac0000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 20105a2a55c62a448453abd62209132762567423cb379840b1c02357788f0f33
                                • Instruction ID: 8fea94981a2b88e30d85a5251b4763c6f4444e2f4beee4f2af07f83057761dc5
                                • Opcode Fuzzy Hash: 20105a2a55c62a448453abd62209132762567423cb379840b1c02357788f0f33
                                • Instruction Fuzzy Hash: AF71F6387002068FCB95DF29C998A6A7BE5AF59300F1940A9E816CB371EB75EC41CF91
                                Function 04ACCED7 Relevance: .2, Instructions: 176COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2360629263.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_4ac0000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 43a6d535d0ec7e128969fa43be4b9fea265af1ab376a80f4ecc116490702861c
                                • Instruction ID: eea884a414736f68359bc8a67d19d07f2832506f1c6d1e9f9346d88e4ce866d9
                                • Opcode Fuzzy Hash: 43a6d535d0ec7e128969fa43be4b9fea265af1ab376a80f4ecc116490702861c
                                • Instruction Fuzzy Hash: E051CF74561347CFD3802B26F1AC0AABBB9FB2F327B416D04E52E8D041CB395856CB20
                                Function 04ACCEE8 Relevance: .2, Instructions: 167COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2360629263.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_4ac0000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 80a274dd6fc3eddce48827b1b0fda66036b1c61555d05a8401006504fc3cdaf1
                                • Instruction ID: d164ca34824e3958e97df7d02ac0d21b99f26d0c459afb44ec08dea1cc9d80ed
                                • Opcode Fuzzy Hash: 80a274dd6fc3eddce48827b1b0fda66036b1c61555d05a8401006504fc3cdaf1
                                • Instruction Fuzzy Hash: 3E51AF70561707CFD2842B26F1AC16ABBA9FB6F327B816C04E62E8D015DB3958568B20
                                Function 04ACCD20 Relevance: .1, Instructions: 142COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2360629263.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_4ac0000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e6c23fd4238527c717f5b2775cae96a9a988b805e04cb5c8da49a477b1678d04
                                • Instruction ID: 2b6ee801c57746c271fd26fbb5c1b5bdbaf6b695a7cd32820d3cc2f6df81d045
                                • Opcode Fuzzy Hash: e6c23fd4238527c717f5b2775cae96a9a988b805e04cb5c8da49a477b1678d04
                                • Instruction Fuzzy Hash: 73518274E01218DFDB58DFA9D5849DDBBF2BF89310F208169E419AB365DB31A806CF50
                                Function 04AC3908 Relevance: .1, Instructions: 134COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2360629263.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_4ac0000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: bbdc02192fa9f85cac99190cd375610dd17a06a8c1a383203784b30aef6a6b80
                                • Instruction ID: aa1324a1840e58d1347cbe4b1aa4c84ef519c461af591e245258a78239ca69be
                                • Opcode Fuzzy Hash: bbdc02192fa9f85cac99190cd375610dd17a06a8c1a383203784b30aef6a6b80
                                • Instruction Fuzzy Hash: C151BA74E01208CFCB49DFA9D59099DBBF2FF89304B209469E805AB328DB35AD42CF50
                                Function 04AC9A73 Relevance: .1, Instructions: 126COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2360629263.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_4ac0000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: df54d58cd61205898db7839f2d94afe62cb23e7f24235c5d5635b5b959af9332
                                • Instruction ID: fc3b5240cf556d1ce2552a4fb06dc4620e1654c27715cf2309d960274255669a
                                • Opcode Fuzzy Hash: df54d58cd61205898db7839f2d94afe62cb23e7f24235c5d5635b5b959af9332
                                • Instruction Fuzzy Hash: 0F416BB1A04249DFCF51CFA9C844A9EBFBAFF49310F018559E8159B291D335A916CBA0
                                Function 04AC4DD0 Relevance: .1, Instructions: 101COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2360629263.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_4ac0000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3097c29c7935cc14582150d93e30ac1113d7bb708245fa6f1ee26ec293c71b27
                                • Instruction ID: 95f7eee20ec4a0289668d563e896586aaf197c23fdc42c5df105369604e526af
                                • Opcode Fuzzy Hash: 3097c29c7935cc14582150d93e30ac1113d7bb708245fa6f1ee26ec293c71b27
                                • Instruction Fuzzy Hash: A5316F35700119AFDF169FA5D4546BF3BA7EB88310F004058F9268B294CB79EC61DBA4
                                Function 04AC76E8 Relevance: .1, Instructions: 89COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2360629263.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_4ac0000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 273dba8791c48a83c7d79863a497393887c5356d1449c805b8e6489e5466aaf7
                                • Instruction ID: d4100e4e33e788e5b73f5794fe5aa5c6f0aa0a3482c03fa59a2e6c9034b584a9
                                • Opcode Fuzzy Hash: 273dba8791c48a83c7d79863a497393887c5356d1449c805b8e6489e5466aaf7
                                • Instruction Fuzzy Hash: 76216A7C3842068FDB665B3AC48463D36DB9FC8604B18407DD416CB3A0EE28DC02DF91
                                Function 04AC76F8 Relevance: .1, Instructions: 87COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2360629263.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_4ac0000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 50e9ce256c25fb782c0febba9f96c3ce2fb3b77ca996ab38413f2d11d33de1ed
                                • Instruction ID: 04b6b2ca33d63a27ef5b125663c5ff9fbf75e908ca3eeebae36ca169c028a7e2
                                • Opcode Fuzzy Hash: 50e9ce256c25fb782c0febba9f96c3ce2fb3b77ca996ab38413f2d11d33de1ed
                                • Instruction Fuzzy Hash: AC21077C38020A4BEB655B2AC49467E329B9FC8714F24403CD426CB394EE29EC42DB91
                                Function 04ACA819 Relevance: .1, Instructions: 87COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2360629263.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_4ac0000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c5fea19ebe7ecd56fa6f6f7636cf5aaebf50daff32ad321b43e5405237bc418e
                                • Instruction ID: 99fb5b5a0afd91721d7aea58de6430c2af7c112adc1ccfcdd8ffdeb9dcf803fb
                                • Opcode Fuzzy Hash: c5fea19ebe7ecd56fa6f6f7636cf5aaebf50daff32ad321b43e5405237bc418e
                                • Instruction Fuzzy Hash: D8316870A005198FCB44DF69C889AAEBBB3FF85710F168159D5559B3B1C734ED02CB90
                                Function 04AC5A6B Relevance: .1, Instructions: 80COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2360629263.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_4ac0000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7dba42d62985f3380dceb42f57009f380e527a49902bb17e8bff60ad182c8bfe
                                • Instruction ID: 242262a0a3e080a15c7da89ce98fb5f09b98a69046a0da0dbfe475f6ec6f3ca2
                                • Opcode Fuzzy Hash: 7dba42d62985f3380dceb42f57009f380e527a49902bb17e8bff60ad182c8bfe
                                • Instruction Fuzzy Hash: 9C212235B01A21AFC7259B6AD49852ABBA2FFC5710704416DE816CB344DF34FC038BC0
                                Function 04ACD127 Relevance: .1, Instructions: 79COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2360629263.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_4ac0000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9ece41c895482e441a9b67a3804caf50cc4771a0ac23f07c953093f2945d17f6
                                • Instruction ID: c585cfd5bad52ba8292cea996ae972a35bbe73e0d5afcf8504199e7275993965
                                • Opcode Fuzzy Hash: 9ece41c895482e441a9b67a3804caf50cc4771a0ac23f07c953093f2945d17f6
                                • Instruction Fuzzy Hash: BF212331C11219DEDB10EFE8E8946EDFBB0FF4A310F10962AD54477254EB316A9ACB80
                                Function 04AC2060 Relevance: .1, Instructions: 77COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2360629263.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_4ac0000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 86191895a515277f58c935972eccdb5448a0ee7a25e8332869c5fa6cb96d07b1
                                • Instruction ID: 631a62231119051fe0ee57abea8ecaef8013d7cf4d6ac138cf854265b4f7c742
                                • Opcode Fuzzy Hash: 86191895a515277f58c935972eccdb5448a0ee7a25e8332869c5fa6cb96d07b1
                                • Instruction Fuzzy Hash: FD21F436E002059FCB54DF64D850AAE37B5EB88254F10C45EE8098B344EB35FE46CBC2
                                Function 023ED404 Relevance: .1, Instructions: 75COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2357325140.00000000023ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 023ED000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_23ed000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 213eec2e058315c114c27f4c7484923c0975718534b9339034ed78512f02877a
                                • Instruction ID: 5e59b34ae937a03b8aa332a31ac396023e9370ebb220c0e2d5738f166b1a4984
                                • Opcode Fuzzy Hash: 213eec2e058315c114c27f4c7484923c0975718534b9339034ed78512f02877a
                                • Instruction Fuzzy Hash: 7D21F471604248DFDF09DF14D9C0F16BF69FFA4314F20C569E90A0A696C73AE41ACBA1
                                Function 04ACD228 Relevance: .1, Instructions: 69COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2360629263.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_4ac0000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a7149c8656acb7e7445c8a5180be35ea23cf602a3ad880d89cc23a828a53b64c
                                • Instruction ID: 4fc63f917755f317fe357531dd797d154e3c182086c1a287e4a29d5120cf4fba
                                • Opcode Fuzzy Hash: a7149c8656acb7e7445c8a5180be35ea23cf602a3ad880d89cc23a828a53b64c
                                • Instruction Fuzzy Hash: 02211D349012499FDB14DFB4D850AEEBBB2EB8A300F10A96CC45177394CB3A9916CF65
                                Function 04AC4DC3 Relevance: .1, Instructions: 68COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2360629263.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_4ac0000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a60a44691b161a498c4717397869f3a0eb1bbf329bf5dabe621eaa6e0813d36e
                                • Instruction ID: 8538165e9edf2de6c72212ccda4b27bc06031eb2e509b241e3d0968468f15346
                                • Opcode Fuzzy Hash: a60a44691b161a498c4717397869f3a0eb1bbf329bf5dabe621eaa6e0813d36e
                                • Instruction Fuzzy Hash: 0021AE31744219DFEB15AF69E4547BB3BA3EB88314F144069F8168B284CB38EC56CBE4
                                Function 04AC1EF8 Relevance: .1, Instructions: 68COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2360629263.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_4ac0000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1cb63d2bbdb92066c7976df657dd16e0cf25b3911165890f84bfdfd31d698669
                                • Instruction ID: d5d0ce9f069a6684ecfa25ea7f43230039c4ad2e3f8ac55b7ac745b71507d09f
                                • Opcode Fuzzy Hash: 1cb63d2bbdb92066c7976df657dd16e0cf25b3911165890f84bfdfd31d698669
                                • Instruction Fuzzy Hash: 97214374D082098FCB41EFB9C4546EEBFB0FF5A300F1041AAD845B7211EB359946CBA1
                                Function 04AC39ED Relevance: .1, Instructions: 68COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2360629263.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_4ac0000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 214914273d0dbfebe003b6209bbb78873ab52c41560ba7f3b49b90aaea736507
                                • Instruction ID: 7bf312f5d6e8906b3e3c7cc2d93ae6d51ba8a3e7c1b8d9b82420555ab73b5af3
                                • Opcode Fuzzy Hash: 214914273d0dbfebe003b6209bbb78873ab52c41560ba7f3b49b90aaea736507
                                • Instruction Fuzzy Hash: D131A578E11309CFCB45DFA8E59489DBBB6FF49305B209469E819AB328D735AD05CF40
                                Function 04ACD238 Relevance: .1, Instructions: 64COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2360629263.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_4ac0000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 311c25aeaffbe4178ed2328a84938e11545314fdbd3027667779452d12a4f0d5
                                • Instruction ID: 00084cf02072cb2574986bd0b3c349e953cf9302f9a58a2a40ced970d18cc272
                                • Opcode Fuzzy Hash: 311c25aeaffbe4178ed2328a84938e11545314fdbd3027667779452d12a4f0d5
                                • Instruction Fuzzy Hash: AE21E434A412089BDF08DFB4D850AEEB7B6FB89300F10A46DC416B7394DB3AA955CF65
                                Function 04AC5A78 Relevance: .1, Instructions: 59COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2360629263.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_4ac0000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 811687ad865dce5b274f265263dd6a14fb66f62fd0ad75dc7f7dcc4e0c984495
                                • Instruction ID: 16c9c6619e23f84fc038713d0a5e108c3937d8515ef731d37bd8b3b971244d0f
                                • Opcode Fuzzy Hash: 811687ad865dce5b274f265263dd6a14fb66f62fd0ad75dc7f7dcc4e0c984495
                                • Instruction Fuzzy Hash: ED112531B01621AFC7199B6BD49892AB7A6FFC4750305006CE806CB350DF30FC028BC0
                                Function 023ED3FF Relevance: .1, Instructions: 56COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2357325140.00000000023ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 023ED000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_23ed000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                • Instruction ID: d9e213f51a103b63adb647ac431a8e7361ed66cc51150fecf0386b3facd53661
                                • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                • Instruction Fuzzy Hash: E111DF72504284CFCF16CF00D5C4B16BF71FB94324F24C5A9D90A0B656C33AE45ACBA2
                                Function 04AC1F61 Relevance: .1, Instructions: 54COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2360629263.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_4ac0000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 98251c56d41c0eea28d4950f0c81ac9b3d0bd13dbdb111b59168c7dde58a93c0
                                • Instruction ID: 8218d0bbcd1c1ff5e42a548a4f1a4681086cee05d958eb3235fa2932a2ef047a
                                • Opcode Fuzzy Hash: 98251c56d41c0eea28d4950f0c81ac9b3d0bd13dbdb111b59168c7dde58a93c0
                                • Instruction Fuzzy Hash: 3421EFB4D0520A8FCB40EFA9D8955EEBFB0FF59301F10816AD815B7211EB345A4ACBA1
                                Function 04AC560F Relevance: .1, Instructions: 51COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2360629263.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_4ac0000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: feb49dfd2fbb398aa1d523122bef7b147cf9e1872a02137d78291e54618e21a0
                                • Instruction ID: a0c8c5f808a2e06a99b65bf90c831c38d6bff56ab42c3126fcc9a19822060e39
                                • Opcode Fuzzy Hash: feb49dfd2fbb398aa1d523122bef7b147cf9e1872a02137d78291e54618e21a0
                                • Instruction Fuzzy Hash: 36012D72F041246FDF11CE6598006BF3FA7DBD8791B18806AF515D7290DA75DC028B90
                                Function 04AC2010 Relevance: .0, Instructions: 23COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2360629263.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_4ac0000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 71161d5efe828e1a943a578b1b955538cb4516fe47fa3f756ae1ea00a2a8f4be
                                • Instruction ID: febadb1f4f196a5e8ee353e4ad72e625dd36fd31ab4d1491b74294a10cc6aa9b
                                • Opcode Fuzzy Hash: 71161d5efe828e1a943a578b1b955538cb4516fe47fa3f756ae1ea00a2a8f4be
                                • Instruction Fuzzy Hash: 09E0D835D253B796CB21FB60D8444DEB730EF86314B55499AD06467051E730295FC752
                                Function 04AC2020 Relevance: .0, Instructions: 19COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2360629263.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_4ac0000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5b19eac6227dacec84b1f82b6d837c5c275336d138105bea0cceaf6068998333
                                • Instruction ID: 2d6707e3fd42b7d1f3103e89c27e73df1d19edefd0e9b4ef59037cf632b731a8
                                • Opcode Fuzzy Hash: 5b19eac6227dacec84b1f82b6d837c5c275336d138105bea0cceaf6068998333
                                • Instruction Fuzzy Hash: 67D05B31D2022B97CB11E7A5DC044DFF738EED5265B504626D51837140FB703659C6E1
                                Function 04AC8270 Relevance: .0, Instructions: 18COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2360629263.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_4ac0000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                • Instruction ID: 0b5eba717495e37d81ed87ce6490680aaf8fd39e6e2543308d9f0ede11324de8
                                • Opcode Fuzzy Hash: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                • Instruction Fuzzy Hash: 25C0123320C5282AA6A4208E7C48AA7AA8CF3C16B6A25013FF52C87240A846AC8011E4
                                Function 04ACA71D Relevance: .0, Instructions: 16COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2360629263.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_4ac0000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 66aad2591a2d60452290e3c72bd8360ae7ede07c2b10dd637aad28b523117ed1
                                • Instruction ID: df5af96a40b0ef01f058f45eff9868c8e0f87d64880cb585915a5a9417403952
                                • Opcode Fuzzy Hash: 66aad2591a2d60452290e3c72bd8360ae7ede07c2b10dd637aad28b523117ed1
                                • Instruction Fuzzy Hash: 0DD0677AB410189FCF049F99E8408DDBBB6FB9C221B048116E925A7261C6319925DB50
                                Function 04AC5EB0 Relevance: .0, Instructions: 16COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2360629263.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_4ac0000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3c5ae5821d6f801af56bfa0e04913699b637610697ba52066747d6e03f50ae8e
                                • Instruction ID: 51fdc3f64ae2acb934eca53c51c55350bf4dee77a968e0024a65d9b6306ca027
                                • Opcode Fuzzy Hash: 3c5ae5821d6f801af56bfa0e04913699b637610697ba52066747d6e03f50ae8e
                                • Instruction Fuzzy Hash: 36D05B785483454FC755F771F9554153F39EEC0308B5095E5E8150A16EEB7C4C0F8799
                                Function 04AC5EC0 Relevance: .0, Instructions: 12COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2360629263.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_4ac0000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 71831e4f6e800bdb933ee4008bc32f272ac99242e84aedd9f9d213ab63930bd9
                                • Instruction ID: 38f3c7dbce1b68efb309e17dbe7bd71b2a0a988ac9b508201752cc605a6243bf
                                • Opcode Fuzzy Hash: 71831e4f6e800bdb933ee4008bc32f272ac99242e84aedd9f9d213ab63930bd9
                                • Instruction Fuzzy Hash: 32C012345443094BC659FB76FA45916372EEEC0304F505564A01A0A12DEF7C5C498798

                                Non-executed Functions

                                Function 04AC2150 Relevance: 5.2, Strings: 4, Instructions: 204COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2360629263.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_4ac0000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID: Xaq$Xaq$Xaq$Xaq
                                • API String ID: 0-4015495023
                                • Opcode ID: fa6d7ceaa3b62b395313a1ec9700185440b8cccadb3253ceb483ff846f7aa773
                                • Instruction ID: 9d149b0b8b7298322a19afb40957d81725feb8d7bdde0008b83357f9218496e9
                                • Opcode Fuzzy Hash: fa6d7ceaa3b62b395313a1ec9700185440b8cccadb3253ceb483ff846f7aa773
                                • Instruction Fuzzy Hash: 7671B532E043198FDFA59FA8C9407EEBBB6FF88300F1445A9C515A7251DB349A85CB92
                                Function 04AC60A0 Relevance: 5.0, Strings: 4, Instructions: 49COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2360629263.0000000004AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_4ac0000_InstallUtil.jbxd
                                Similarity
                                • API ID:
                                • String ID: \;]q$\;]q$\;]q$\;]q
                                • API String ID: 0-2351511683
                                • Opcode ID: 925dfbd0abfc2b20c32a1cd286a0342466dfe3b1338c95ac3284ca0ba816202e
                                • Instruction ID: 9dc1bad2eb6976359506edfd4594bc9019024968d8f0ae71d2e3db9692a978bb
                                • Opcode Fuzzy Hash: 925dfbd0abfc2b20c32a1cd286a0342466dfe3b1338c95ac3284ca0ba816202e
                                • Instruction Fuzzy Hash: 4F01BC317401148FE7A4CF2CC59092677FAAF88B60325856EE401DB3B0EA32EC418781

                                Execution Graph

                                Execution Coverage:11.6%
                                Dynamic/Decrypted Code Coverage:98.1%
                                Signature Coverage:0%
                                Total number of Nodes:310
                                Total number of Limit Nodes:12
                                execution_graph 60414 599e198 60415 599e1dc VirtualAlloc 60414->60415 60417 599e249 60415->60417 60695 1427c10 60696 1427c2a 60695->60696 60697 1427c3a 60696->60697 60702 5992ed8 60696->60702 60706 5991a4d 60696->60706 60709 599048b 60696->60709 60712 599967b 60696->60712 60703 5992ef7 60702->60703 60705 599cad0 VirtualProtect 60703->60705 60704 59901d0 60705->60704 60708 599cad0 VirtualProtect 60706->60708 60707 59901d0 60708->60707 60711 599cad0 VirtualProtect 60709->60711 60710 59901d0 60711->60710 60713 599969a 60712->60713 60715 599cad0 VirtualProtect 60713->60715 60714 59996bf 60715->60714 60418 58d748a 60419 58d7494 60418->60419 60425 58ce3a8 60419->60425 60432 58ce360 60419->60432 60440 58ce350 60419->60440 60448 58ce399 60419->60448 60420 58d74d2 60426 58ce3ad 60425->60426 60455 58ce7c8 60426->60455 60458 58ce911 60426->60458 60461 58ce7f0 60426->60461 60464 58ceab7 60426->60464 60433 58ce365 60432->60433 60435 58ce36e 60433->60435 60436 58ce7c8 11 API calls 60433->60436 60437 58ceab7 11 API calls 60433->60437 60438 58ce7f0 11 API calls 60433->60438 60439 58ce911 11 API calls 60433->60439 60434 58ce3d3 60434->60420 60435->60420 60436->60434 60437->60434 60438->60434 60439->60434 60441 58ce360 60440->60441 60443 58ce36e 60441->60443 60444 58ce7c8 11 API calls 60441->60444 60445 58ceab7 11 API calls 60441->60445 60446 58ce7f0 11 API calls 60441->60446 60447 58ce911 11 API calls 60441->60447 60442 58ce3d3 60442->60420 60443->60420 60444->60442 60445->60442 60446->60442 60447->60442 60449 58ce3a8 60448->60449 60451 58ce7c8 11 API calls 60449->60451 60452 58ceab7 11 API calls 60449->60452 60453 58ce7f0 11 API calls 60449->60453 60454 58ce911 11 API calls 60449->60454 60450 58ce3d3 60450->60420 60451->60450 60452->60450 60453->60450 60454->60450 60456 58ce7cd 60455->60456 60467 58cfb81 60456->60467 60459 58ce84d 60458->60459 60460 58cfb81 11 API calls 60459->60460 60460->60459 60462 58ce81a 60461->60462 60463 58cfb81 11 API calls 60462->60463 60463->60462 60465 58ce84d 60464->60465 60466 58cfb81 11 API calls 60465->60466 60466->60465 60468 58cfba5 60467->60468 60471 5960121 60468->60471 60472 5960135 60471->60472 60476 59606d8 60472->60476 60490 59606c9 60472->60490 60473 58cfbc7 60473->60456 60477 59606ed 60476->60477 60504 5960c37 60477->60504 60510 59609e7 60477->60510 60515 5960e99 60477->60515 60519 59608e8 60477->60519 60524 596100d 60477->60524 60529 596106d 60477->60529 60534 596143f 60477->60534 60539 59612ee 60477->60539 60544 596095e 60477->60544 60549 5960e01 60477->60549 60554 5961012 60477->60554 60478 596070f 60478->60473 60491 59606d8 60490->60491 60493 59609e7 2 API calls 60491->60493 60494 5960c37 3 API calls 60491->60494 60495 5961012 2 API calls 60491->60495 60496 5960e01 2 API calls 60491->60496 60497 596095e 2 API calls 60491->60497 60498 59612ee 2 API calls 60491->60498 60499 596143f 2 API calls 60491->60499 60500 596106d 3 API calls 60491->60500 60501 596100d 2 API calls 60491->60501 60502 59608e8 3 API calls 60491->60502 60503 5960e99 2 API calls 60491->60503 60492 596070f 60492->60473 60493->60492 60494->60492 60495->60492 60496->60492 60497->60492 60498->60492 60499->60492 60500->60492 60501->60492 60502->60492 60503->60492 60505 5961190 60504->60505 60506 596079a 60504->60506 60559 5963480 60505->60559 60565 5963470 60505->60565 60506->60478 60507 59611fb 60511 59609f1 60510->60511 60584 58c3e28 60511->60584 60588 58c3e21 60511->60588 60512 5960d65 60592 59635b8 60515->60592 60597 59635a8 60515->60597 60516 596079a 60516->60478 60520 59611b6 60519->60520 60522 5963480 3 API calls 60520->60522 60523 5963470 3 API calls 60520->60523 60521 59611fb 60522->60521 60523->60521 60525 59615ae 60524->60525 60602 58c4700 60525->60602 60606 58c46f9 60525->60606 60526 596079a 60526->60478 60530 5961077 60529->60530 60532 5963480 3 API calls 60530->60532 60533 5963470 3 API calls 60530->60533 60531 59611fb 60532->60531 60533->60531 60535 5961588 60534->60535 60536 596079a 60534->60536 60537 58c46f9 NtResumeThread 60535->60537 60538 58c4700 NtResumeThread 60535->60538 60536->60478 60537->60536 60538->60536 60540 596130b 60539->60540 60610 58c44e8 60540->60610 60614 58c44e0 60540->60614 60541 5960c18 60541->60478 60545 596097a 60544->60545 60547 58c44e8 WriteProcessMemory 60545->60547 60548 58c44e0 WriteProcessMemory 60545->60548 60546 59609c4 60546->60478 60547->60546 60548->60546 60550 5960e24 60549->60550 60552 58c44e8 WriteProcessMemory 60550->60552 60553 58c44e0 WriteProcessMemory 60550->60553 60551 596079a 60551->60478 60552->60551 60553->60551 60555 596102a 60554->60555 60618 5961d10 60555->60618 60623 5961d20 60555->60623 60556 5961042 60560 5963495 60559->60560 60571 58c4388 60560->60571 60575 58c4381 60560->60575 60579 58c4339 60560->60579 60561 59634b7 60561->60507 60566 5963480 60565->60566 60568 58c4388 VirtualAllocEx 60566->60568 60569 58c4339 VirtualAllocEx 60566->60569 60570 58c4381 VirtualAllocEx 60566->60570 60567 59634b7 60567->60507 60568->60567 60569->60567 60570->60567 60572 58c438d VirtualAllocEx 60571->60572 60574 58c4444 60572->60574 60574->60561 60576 58c4388 VirtualAllocEx 60575->60576 60578 58c4444 60576->60578 60578->60561 60580 58c4385 VirtualAllocEx 60579->60580 60581 58c4342 60579->60581 60583 58c4444 60580->60583 60581->60561 60583->60561 60585 58c3e71 Wow64SetThreadContext 60584->60585 60587 58c3ee9 60585->60587 60587->60512 60589 58c3e28 Wow64SetThreadContext 60588->60589 60591 58c3ee9 60589->60591 60591->60512 60593 59635cd 60592->60593 60595 58c3e28 Wow64SetThreadContext 60593->60595 60596 58c3e21 Wow64SetThreadContext 60593->60596 60594 59635e6 60594->60516 60595->60594 60596->60594 60598 59635b8 60597->60598 60600 58c3e28 Wow64SetThreadContext 60598->60600 60601 58c3e21 Wow64SetThreadContext 60598->60601 60599 59635e6 60599->60516 60600->60599 60601->60599 60603 58c4749 NtResumeThread 60602->60603 60605 58c47a0 60603->60605 60605->60526 60607 58c4700 NtResumeThread 60606->60607 60609 58c47a0 60607->60609 60609->60526 60611 58c44ed WriteProcessMemory 60610->60611 60613 58c45cd 60611->60613 60613->60541 60615 58c44e5 WriteProcessMemory 60614->60615 60617 58c45cd 60615->60617 60617->60541 60619 5961d20 60618->60619 60620 5961d59 60619->60620 60628 5962496 60619->60628 60633 596243b 60619->60633 60620->60556 60624 5961d37 60623->60624 60625 5961d59 60624->60625 60626 5962496 2 API calls 60624->60626 60627 596243b 2 API calls 60624->60627 60625->60556 60626->60625 60627->60625 60629 59624bb 60628->60629 60638 58c3a65 60629->60638 60642 58c3a70 60629->60642 60634 5962443 60633->60634 60636 58c3a65 CreateProcessA 60634->60636 60637 58c3a70 CreateProcessA 60634->60637 60635 59625e2 60636->60635 60637->60635 60639 58c3af0 CreateProcessA 60638->60639 60641 58c3cec 60639->60641 60643 58c3af0 CreateProcessA 60642->60643 60645 58c3cec 60643->60645 60674 134d01c 60675 134d034 60674->60675 60676 134d08f 60675->60676 60678 599d6b8 60675->60678 60679 599d711 60678->60679 60682 599dc48 60679->60682 60680 599d746 60683 599dc75 60682->60683 60686 599de0b 60683->60686 60687 599cad0 60683->60687 60686->60680 60689 599caf7 60687->60689 60691 599cfd0 60689->60691 60692 599d019 VirtualProtect 60691->60692 60694 599cbb4 60692->60694 60694->60680 60720 58d7575 60721 58d757f 60720->60721 60728 58ba7d8 60721->60728 60737 58ba7a0 60721->60737 60747 58ba793 60721->60747 60757 58ba818 60721->60757 60771 58ba7e8 60721->60771 60722 58d6f8f 60729 58ba7dc 60728->60729 60729->60722 60733 58ba818 2 API calls 60729->60733 60780 58ba92c 60729->60780 60785 58bad8d 60729->60785 60790 58ba828 60729->60790 60795 58baa6a 60729->60795 60800 58ba8ba 60729->60800 60730 58ba813 60730->60722 60733->60730 60739 58ba7a1 60737->60739 60738 58ba7ae 60738->60722 60739->60738 60741 58ba8ba 2 API calls 60739->60741 60742 58baa6a 2 API calls 60739->60742 60743 58ba818 2 API calls 60739->60743 60744 58ba828 2 API calls 60739->60744 60745 58bad8d 2 API calls 60739->60745 60746 58ba92c 2 API calls 60739->60746 60740 58ba813 60740->60722 60741->60740 60742->60740 60743->60740 60744->60740 60745->60740 60746->60740 60748 58ba79c 60747->60748 60749 58ba7ae 60748->60749 60751 58ba8ba 2 API calls 60748->60751 60752 58baa6a 2 API calls 60748->60752 60753 58ba818 2 API calls 60748->60753 60754 58ba828 2 API calls 60748->60754 60755 58bad8d 2 API calls 60748->60755 60756 58ba92c 2 API calls 60748->60756 60749->60722 60750 58ba813 60750->60722 60751->60750 60752->60750 60753->60750 60754->60750 60755->60750 60756->60750 60758 58ba81c 60757->60758 60762 58ba81e 60757->60762 60759 58ba7f0 60758->60759 60758->60762 60765 58ba8ba 2 API calls 60759->60765 60766 58baa6a 2 API calls 60759->60766 60767 58ba818 2 API calls 60759->60767 60768 58ba828 2 API calls 60759->60768 60769 58bad8d 2 API calls 60759->60769 60770 58ba92c 2 API calls 60759->60770 60760 58ba813 60760->60722 60761 58baa7f 60761->60722 60762->60761 60763 58c49d8 VirtualProtect 60762->60763 60764 58c49d0 VirtualProtect 60762->60764 60763->60762 60764->60762 60765->60760 60766->60760 60767->60760 60768->60760 60769->60760 60770->60760 60772 58ba7e9 60771->60772 60774 58ba8ba 2 API calls 60772->60774 60775 58baa6a 2 API calls 60772->60775 60776 58ba818 2 API calls 60772->60776 60777 58ba828 2 API calls 60772->60777 60778 58bad8d 2 API calls 60772->60778 60779 58ba92c 2 API calls 60772->60779 60773 58ba813 60773->60722 60774->60773 60775->60773 60776->60773 60777->60773 60778->60773 60779->60773 60782 58ba8a4 60780->60782 60781 58baa7f 60781->60730 60782->60780 60782->60781 60805 58c49d0 60782->60805 60809 58c49d8 60782->60809 60787 58ba8a4 60785->60787 60786 58baa7f 60786->60730 60787->60786 60788 58c49d8 VirtualProtect 60787->60788 60789 58c49d0 VirtualProtect 60787->60789 60788->60787 60789->60787 60792 58ba829 60790->60792 60791 58baa7f 60791->60730 60792->60791 60793 58c49d8 VirtualProtect 60792->60793 60794 58c49d0 VirtualProtect 60792->60794 60793->60792 60794->60792 60797 58baa70 60795->60797 60796 58baa7f 60796->60730 60797->60796 60798 58c49d8 VirtualProtect 60797->60798 60799 58c49d0 VirtualProtect 60797->60799 60798->60797 60799->60797 60801 58ba8a4 60800->60801 60802 58baa7f 60801->60802 60803 58c49d8 VirtualProtect 60801->60803 60804 58c49d0 VirtualProtect 60801->60804 60802->60730 60803->60801 60804->60801 60806 58c49d8 VirtualProtect 60805->60806 60808 58c4a8e 60806->60808 60808->60782 60810 58c4a21 VirtualProtect 60809->60810 60812 58c4a8e 60810->60812 60812->60782 60646 58d7084 60647 58d708e 60646->60647 60653 58c6c68 60647->60653 60657 58c6cc0 60647->60657 60661 58c6cb0 60647->60661 60665 58c6c78 60647->60665 60648 58d6f8f 60654 58c6c78 60653->60654 60654->60648 60669 58c71a2 60654->60669 60658 58c6cd5 60657->60658 60660 58c71a2 2 API calls 60658->60660 60659 58c6ceb 60659->60648 60660->60659 60662 58c6cba 60661->60662 60664 58c71a2 2 API calls 60662->60664 60663 58c6ceb 60663->60648 60664->60663 60666 58c6c7d 60665->60666 60666->60648 60668 58c71a2 2 API calls 60666->60668 60667 58c6ceb 60667->60648 60668->60667 60671 58c71c6 60669->60671 60670 58c6ceb 60670->60648 60671->60670 60672 58c49d8 VirtualProtect 60671->60672 60673 58c49d0 VirtualProtect 60671->60673 60672->60671 60673->60671 60716 58c3250 60717 58c329f NtProtectVirtualMemory 60716->60717 60719 58c3317 60717->60719

                                Executed Functions

                                Function 058DC530 Relevance: 16.2, Strings: 12, Instructions: 1178COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2197934282.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_58d0000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID: ,aq$4$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q
                                • API String ID: 0-3443518476
                                • Opcode ID: 9a3bd17efdd8815d79d4e723372c460869bac6537ee1a3f8e7d5c681e0e72a3b
                                • Instruction ID: bcbd23e2e9a785d96d672d5ab854aa5d66e73d9d2b3cd2f532c7b8080c058a34
                                • Opcode Fuzzy Hash: 9a3bd17efdd8815d79d4e723372c460869bac6537ee1a3f8e7d5c681e0e72a3b
                                • Instruction Fuzzy Hash: 38B2E774A002189FDB18DFA8C994FADB7F6BB48700F158599E905EB2A5DB70EC41CF60
                                Function 053F0048 Relevance: 5.6, Strings: 3, Instructions: 1828COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2196821262.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_53f0000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID: 4']q$4']q$x
                                • API String ID: 0-2848505956
                                • Opcode ID: d45325ac9c139968dbc869f380707d9aaf8e7f8fea4b64724fa4b295a43f2530
                                • Instruction ID: 0c2857038175988ad3878183fc38350d8d1222d0ab9472905b3802a470d04e3e
                                • Opcode Fuzzy Hash: d45325ac9c139968dbc869f380707d9aaf8e7f8fea4b64724fa4b295a43f2530
                                • Instruction Fuzzy Hash: EEF2C770909389DFDB1ACBA8DC58BAE7FB5BF06301F1540A6E601AB2D3C7B45845CB61
                                Function 058D87E0 Relevance: 1.6, Strings: 1, Instructions: 356COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2197934282.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_58d0000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID: Te]q
                                • API String ID: 0-52440209
                                • Opcode ID: f36ac63bb9520858d89b186d111b49d1505f247200ce7238e0064eab2f6d843f
                                • Instruction ID: 54049dc363dcb3b7a8d1f7344692ea88251beb2e7e2277a4e810a18ed4e41d7e
                                • Opcode Fuzzy Hash: f36ac63bb9520858d89b186d111b49d1505f247200ce7238e0064eab2f6d843f
                                • Instruction Fuzzy Hash: D0F1B070E05218CFDB64DF6AD885BA9FBF2BB49304F1085AAD80AE7255DB305D85CF21
                                Function 058DEC28 Relevance: 3.0, Strings: 2, Instructions: 516COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 2238 58dec28-58dec4e 2239 58dec5f-58dec68 2238->2239 2240 58dec50-58dec5d 2238->2240 2240->2239 2241 58dec6b-58dec78 2240->2241 2242 58dec7a-58dec81 2241->2242 2243 58dec83 2241->2243 2244 58dec8a-58decb4 2242->2244 2243->2244 2245 58decbd-58decd0 call 58de908 2244->2245 2246 58decb6 2244->2246 2249 58dee14-58dee1b 2245->2249 2250 58decd6-58dece9 2245->2250 2246->2245 2251 58df0b5-58df0bc 2249->2251 2252 58dee21-58dee36 2249->2252 2260 58deceb-58decf2 2250->2260 2261 58decf7-58ded11 2250->2261 2253 58df0be-58df0c7 2251->2253 2254 58df12b-58df132 2251->2254 2266 58dee38-58dee3a 2252->2266 2267 58dee56-58dee5c 2252->2267 2253->2254 2258 58df0c9-58df0dc 2253->2258 2256 58df1ce-58df1d5 2254->2256 2257 58df138-58df141 2254->2257 2264 58df1d7-58df1e8 2256->2264 2265 58df1f1-58df1f7 2256->2265 2257->2256 2263 58df147-58df15a 2257->2263 2258->2254 2283 58df0de-58df123 call 58dbd90 2258->2283 2262 58dee0d 2260->2262 2278 58ded18-58ded25 2261->2278 2279 58ded13-58ded16 2261->2279 2262->2249 2286 58df16d-58df171 2263->2286 2287 58df15c-58df16b 2263->2287 2264->2265 2288 58df1ea 2264->2288 2273 58df209-58df212 2265->2273 2274 58df1f9-58df1ff 2265->2274 2266->2267 2272 58dee3c-58dee53 2266->2272 2268 58def24-58def28 2267->2268 2269 58dee62-58dee64 2267->2269 2268->2251 2280 58def2e-58def30 2268->2280 2269->2268 2277 58dee6a-58deeeb call 58dbd90 * 4 2269->2277 2272->2267 2275 58df215-58df247 2274->2275 2276 58df201-58df207 2274->2276 2324 58df24f-58df28a 2275->2324 2276->2273 2276->2275 2349 58deeed-58deeff call 58dbd90 2277->2349 2350 58def02-58def21 call 58dbd90 2277->2350 2284 58ded27-58ded3b 2278->2284 2279->2284 2280->2251 2285 58def36-58def3f 2280->2285 2283->2254 2319 58df125-58df128 2283->2319 2284->2262 2318 58ded41-58ded95 2284->2318 2293 58df092-58df098 2285->2293 2294 58df191-58df193 2286->2294 2295 58df173-58df175 2286->2295 2287->2286 2288->2265 2298 58df0ab 2293->2298 2299 58df09a-58df0a9 2293->2299 2294->2256 2297 58df195-58df19b 2294->2297 2295->2294 2302 58df177-58df18e 2295->2302 2297->2256 2304 58df19d-58df1cb 2297->2304 2307 58df0ad-58df0af 2298->2307 2299->2307 2302->2294 2304->2256 2307->2251 2311 58def44-58def52 call 58dd560 2307->2311 2325 58def6a-58def84 2311->2325 2326 58def54-58def5a 2311->2326 2360 58ded97-58ded99 2318->2360 2361 58deda3-58deda7 2318->2361 2319->2254 2357 58df28c-58df296 2324->2357 2358 58df298 2324->2358 2325->2293 2335 58def8a-58def8e 2325->2335 2329 58def5c 2326->2329 2330 58def5e-58def60 2326->2330 2329->2325 2330->2325 2337 58defaf 2335->2337 2338 58def90-58def99 2335->2338 2343 58defb2-58defcc 2337->2343 2341 58def9b-58def9e 2338->2341 2342 58defa0-58defa3 2338->2342 2347 58defad 2341->2347 2342->2347 2343->2293 2365 58defd2-58df053 call 58dbd90 * 4 2343->2365 2347->2343 2349->2350 2350->2268 2363 58df29d-58df29f 2357->2363 2358->2363 2360->2361 2361->2262 2364 58deda9-58dedc1 2361->2364 2366 58df2a6-58df2ab 2363->2366 2367 58df2a1-58df2a4 2363->2367 2364->2262 2371 58dedc3-58dedcf 2364->2371 2391 58df06a-58df090 call 58dbd90 2365->2391 2392 58df055-58df067 call 58dbd90 2365->2392 2369 58df2b1-58df2de 2366->2369 2367->2369 2374 58dedde-58dede4 2371->2374 2375 58dedd1-58dedd4 2371->2375 2376 58dedec-58dedf5 2374->2376 2377 58dede6-58dede9 2374->2377 2375->2374 2379 58dee04-58dee0a 2376->2379 2380 58dedf7-58dedfa 2376->2380 2377->2376 2379->2262 2380->2379 2391->2251 2391->2293 2392->2391
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2197934282.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_58d0000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID: $]q$$]q
                                • API String ID: 0-127220927
                                • Opcode ID: 55259c21f7af8964e9c963d1256a7fcf03fbb9ad52e69fc6fffc2ed951f3f1a4
                                • Instruction ID: 4aba4c848faddfa00bed7e6c1532b1bce7067a93d87b8a5d0c76f32574ef0870
                                • Opcode Fuzzy Hash: 55259c21f7af8964e9c963d1256a7fcf03fbb9ad52e69fc6fffc2ed951f3f1a4
                                • Instruction Fuzzy Hash: A5225730A102199FCB15DFA4D894AAEBBF2BF48300F148459E812EB395DB349D46DFA1
                                Function 053F18C0 Relevance: 2.9, Strings: 2, Instructions: 362COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 2518 53f18c0-53f18e8 2520 53f18ef-53f1918 2518->2520 2521 53f18ea 2518->2521 2522 53f191a-53f1923 2520->2522 2523 53f1939 2520->2523 2521->2520 2525 53f192a-53f192d 2522->2525 2526 53f1925-53f1928 2522->2526 2524 53f193c-53f1940 2523->2524 2528 53f1cf7-53f1d0e 2524->2528 2527 53f1937 2525->2527 2526->2527 2527->2524 2530 53f1945-53f1949 2528->2530 2531 53f1d14-53f1d18 2528->2531 2532 53f194e-53f1952 2530->2532 2533 53f194b-53f19a8 2530->2533 2534 53f1d4d-53f1d51 2531->2534 2535 53f1d1a-53f1d4a 2531->2535 2539 53f197b-53f199f 2532->2539 2540 53f1954-53f1978 2532->2540 2541 53f19ad-53f19b1 2533->2541 2542 53f19aa-53f1a1b 2533->2542 2537 53f1d53-53f1d5c 2534->2537 2538 53f1d72 2534->2538 2535->2534 2544 53f1d5e-53f1d61 2537->2544 2545 53f1d63-53f1d66 2537->2545 2543 53f1d75-53f1d7b 2538->2543 2539->2528 2540->2539 2548 53f19da-53f19eb 2541->2548 2549 53f19b3-53f19d7 2541->2549 2553 53f1a1d-53f1a7a 2542->2553 2554 53f1a20-53f1a24 2542->2554 2550 53f1d70 2544->2550 2545->2550 2644 53f19ee call 58b6a50 2548->2644 2645 53f19ee call 58b6a60 2548->2645 2549->2548 2550->2543 2564 53f1a7f-53f1a83 2553->2564 2565 53f1a7c-53f1ad8 2553->2565 2557 53f1a4d-53f1a71 2554->2557 2558 53f1a26-53f1a4a 2554->2558 2557->2528 2558->2557 2567 53f1aac-53f1acf 2564->2567 2568 53f1a85-53f1aa9 2564->2568 2574 53f1add-53f1ae1 2565->2574 2575 53f1ada-53f1b3c 2565->2575 2567->2528 2568->2567 2573 53f19f4-53f1a01 2576 53f1a03-53f1a09 2573->2576 2577 53f1a11-53f1a12 2573->2577 2579 53f1b0a-53f1b0d 2574->2579 2580 53f1ae3-53f1b07 2574->2580 2586 53f1b3e-53f1ba0 2575->2586 2587 53f1b41-53f1b45 2575->2587 2576->2577 2577->2528 2646 53f1b0f call 58b6ec3 2579->2646 2647 53f1b0f call 58b6ed0 2579->2647 2580->2579 2596 53f1ba5-53f1ba9 2586->2596 2597 53f1ba2-53f1c04 2586->2597 2589 53f1b6e-53f1b86 2587->2589 2590 53f1b47-53f1b6b 2587->2590 2609 53f1b88-53f1b8e 2589->2609 2610 53f1b96-53f1b97 2589->2610 2590->2589 2594 53f1b15-53f1b22 2598 53f1b24-53f1b2a 2594->2598 2599 53f1b32-53f1b33 2594->2599 2601 53f1bab-53f1bcf 2596->2601 2602 53f1bd2-53f1bea 2596->2602 2607 53f1c09-53f1c0d 2597->2607 2608 53f1c06-53f1c68 2597->2608 2598->2599 2599->2528 2601->2602 2620 53f1bec-53f1bf2 2602->2620 2621 53f1bfa-53f1bfb 2602->2621 2612 53f1c0f-53f1c33 2607->2612 2613 53f1c36-53f1c4e 2607->2613 2618 53f1c6d-53f1c71 2608->2618 2619 53f1c6a-53f1cc3 2608->2619 2609->2610 2610->2528 2612->2613 2629 53f1c5e-53f1c5f 2613->2629 2630 53f1c50-53f1c56 2613->2630 2623 53f1c9a-53f1cbd 2618->2623 2624 53f1c73-53f1c97 2618->2624 2631 53f1cec-53f1cef 2619->2631 2632 53f1cc5-53f1ce9 2619->2632 2620->2621 2621->2528 2623->2528 2624->2623 2629->2528 2630->2629 2631->2528 2632->2631 2644->2573 2645->2573 2646->2594 2647->2594
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2196821262.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_53f0000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID: 4']q$4']q
                                • API String ID: 0-3120983240
                                • Opcode ID: 825b6044f3c022c3c99b7a8612b44c73e5288027b0388b800b2295f67027b4be
                                • Instruction ID: ef52a4c31a3b4c6fa4a14050e47815dbb450c866b1134df53ffe50410a8f0e5c
                                • Opcode Fuzzy Hash: 825b6044f3c022c3c99b7a8612b44c73e5288027b0388b800b2295f67027b4be
                                • Instruction Fuzzy Hash: 12F1E438E05208EFCB18DFA9E4986EDBBB6FF49305F20812AE506A7355DB705985CF50
                                Function 053F1598 Relevance: 2.7, Strings: 2, Instructions: 231COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 2737 53f1598-53f15bd 2739 53f15bf 2737->2739 2740 53f15c4-53f15e1 2737->2740 2739->2740 2741 53f15e3-53f15ec 2740->2741 2742 53f1602 2740->2742 2744 53f15ee-53f15f1 2741->2744 2745 53f15f3-53f15f6 2741->2745 2743 53f1605-53f1609 2742->2743 2747 53f1824-53f183b 2743->2747 2746 53f1600 2744->2746 2745->2746 2746->2743 2749 53f160e-53f1612 2747->2749 2750 53f1841-53f1845 2747->2750 2753 53f161a-53f161e 2749->2753 2754 53f1614-53f16b2 2749->2754 2751 53f186f-53f1873 2750->2751 2752 53f1847-53f186c 2750->2752 2755 53f1875-53f187e 2751->2755 2756 53f1894 2751->2756 2752->2751 2758 53f1648-53f166d 2753->2758 2759 53f1620-53f1645 2753->2759 2760 53f16ba-53f16be 2754->2760 2761 53f16b4-53f1752 2754->2761 2763 53f1885-53f1888 2755->2763 2764 53f1880-53f1883 2755->2764 2765 53f1897-53f189d 2756->2765 2785 53f166f-53f1678 2758->2785 2786 53f168e 2758->2786 2759->2758 2767 53f16e8-53f170d 2760->2767 2768 53f16c0-53f16e5 2760->2768 2773 53f175a-53f175e 2761->2773 2774 53f1754-53f17ef 2761->2774 2770 53f1892 2763->2770 2764->2770 2795 53f170f-53f1718 2767->2795 2796 53f172e 2767->2796 2768->2767 2770->2765 2779 53f1788-53f17ad 2773->2779 2780 53f1760-53f1785 2773->2780 2782 53f1819-53f181c 2774->2782 2783 53f17f1-53f1816 2774->2783 2811 53f17af-53f17b8 2779->2811 2812 53f17ce 2779->2812 2780->2779 2782->2747 2783->2782 2792 53f167f-53f1682 2785->2792 2793 53f167a-53f167d 2785->2793 2794 53f1691-53f1698 2786->2794 2798 53f168c 2792->2798 2793->2798 2799 53f169a-53f16a0 2794->2799 2800 53f16a8-53f16a9 2794->2800 2802 53f171f-53f1722 2795->2802 2803 53f171a-53f171d 2795->2803 2804 53f1731-53f1738 2796->2804 2798->2794 2799->2800 2800->2747 2807 53f172c 2802->2807 2803->2807 2808 53f173a-53f1740 2804->2808 2809 53f1748-53f1749 2804->2809 2807->2804 2808->2809 2809->2747 2815 53f17bf-53f17c2 2811->2815 2816 53f17ba-53f17bd 2811->2816 2813 53f17d1-53f17d8 2812->2813 2817 53f17da-53f17e0 2813->2817 2818 53f17e8-53f17e9 2813->2818 2820 53f17cc 2815->2820 2816->2820 2817->2818 2818->2747 2820->2813
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2196821262.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_53f0000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID: 4']q$4']q
                                • API String ID: 0-3120983240
                                • Opcode ID: 54a4f8c6771e077519c6d89e738d6b4e6af934fa6eaede75369afd1ad259fc68
                                • Instruction ID: f0582bc69bf271b189cb7cb5df0ce428b415e6f6b23d1b1a0f02db2a8d6f6257
                                • Opcode Fuzzy Hash: 54a4f8c6771e077519c6d89e738d6b4e6af934fa6eaede75369afd1ad259fc68
                                • Instruction Fuzzy Hash: E0A1E174E00209CFDB19DFA9E598AEEBBB6FF88301F508029E916A7350CB755946CF50
                                Function 058DE249 Relevance: 2.7, Strings: 2, Instructions: 177COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2197934282.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_58d0000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID: (aq$Haq
                                • API String ID: 0-3785302501
                                • Opcode ID: 00f999ebe7045c17dfb9ae1b1cf4ae11209b18d0e7c063e3e799355ccbcbd72b
                                • Instruction ID: 1350b76458e76527e47f2d6911fb4ab480fec70306b53c0e9a4ff6f67a8b717e
                                • Opcode Fuzzy Hash: 00f999ebe7045c17dfb9ae1b1cf4ae11209b18d0e7c063e3e799355ccbcbd72b
                                • Instruction Fuzzy Hash: BF517B307446058FC719AF68C49493EBBB6BF95205B5484ADE906DB3A1DF31DC02CBA6
                                Function 05C4EEC0 Relevance: 1.9, Strings: 1, Instructions: 677COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2198576678.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_5c30000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID: ,aq
                                • API String ID: 0-3092978723
                                • Opcode ID: 118da023cf40dc80551618cf50927d291dc51b909b09408520e26fee1a28ea40
                                • Instruction ID: 311a70e68558d05c3cfddbf9b8b15698604066523233135bf1486d495f614fd9
                                • Opcode Fuzzy Hash: 118da023cf40dc80551618cf50927d291dc51b909b09408520e26fee1a28ea40
                                • Instruction Fuzzy Hash: 93521D75A002288FDB64CF69C985BDDBBF6BF88300F1585D9E509AB351DA309E81CF61
                                Function 058DF7C8 Relevance: 1.8, Strings: 1, Instructions: 560COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2197934282.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_58d0000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID: (_]q
                                • API String ID: 0-188044275
                                • Opcode ID: d16537ef00be72b712862365891081c6dc1ae0052c5879ada8844d4da39f0499
                                • Instruction ID: deb35220d4f0c0d824b0afe56e8d8074bfb9b3ddd379807354222cb5626beb57
                                • Opcode Fuzzy Hash: d16537ef00be72b712862365891081c6dc1ae0052c5879ada8844d4da39f0499
                                • Instruction Fuzzy Hash: B1226731B102099FCB14DFA8D490A6DBBF2FF88314F148469E906DB3A5DA75EC41DBA0
                                Function 0599CFD0 Relevance: 1.6, APIs: 1, Instructions: 96memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualProtect.KERNELBASE(?,?,?,?), ref: 0599D074
                                Memory Dump Source
                                • Source File: 00000003.00000002.2198280521.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_5990000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID: ProtectVirtual
                                • String ID:
                                • API String ID: 544645111-0
                                • Opcode ID: a8087e291b58aaed3e82341f2a5a6ef8bb35b0f4e733de9473ad673e955d5872
                                • Instruction ID: 9f3b08712a8baed2dc17286bf7a4e23f70527e71999397638ed461015700c4ed
                                • Opcode Fuzzy Hash: a8087e291b58aaed3e82341f2a5a6ef8bb35b0f4e733de9473ad673e955d5872
                                • Instruction Fuzzy Hash: 153198B4D012489FCF14CFA9D984A9EFBB5BF49310F10942AE819B7210D735A945CFA4
                                Function 0599E198 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualAlloc.KERNELBASE(?,?,?,?), ref: 0599E237
                                Memory Dump Source
                                • Source File: 00000003.00000002.2198280521.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_5990000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID: AllocVirtual
                                • String ID:
                                • API String ID: 4275171209-0
                                • Opcode ID: 7f49aaaf6aaf9de49e1ef1aeb4f28439ebff597563c63645f4f4493bd7f0ee98
                                • Instruction ID: f555737ee31a559d21a9d8522d1fb0dd9c2ee5837c7db5c937632fde5bc4c198
                                • Opcode Fuzzy Hash: 7f49aaaf6aaf9de49e1ef1aeb4f28439ebff597563c63645f4f4493bd7f0ee98
                                • Instruction Fuzzy Hash: F63198B8D002589FCF14CFA9D984AAEFBB5BF49310F10942AE819B7210D735A945CFA4
                                Function 053F0D98 Relevance: 1.3, Strings: 1, Instructions: 64COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2196821262.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_53f0000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID: 4']q
                                • API String ID: 0-1259897404
                                • Opcode ID: e6133be07db186293c2ed554660d01e6a7ea2c34ed2946cb0d0ce955adddb036
                                • Instruction ID: 6e76e0d6f9aec28a4fe16339001011abc3d8d18d2389bf5f788031e40c6e9022
                                • Opcode Fuzzy Hash: e6133be07db186293c2ed554660d01e6a7ea2c34ed2946cb0d0ce955adddb036
                                • Instruction Fuzzy Hash: E3214934E04209CFDB18DFA9D448AFEBBB6FB44301F108029E626A7291DB746985CF90
                                Function 05C356F5 Relevance: 1.3, Strings: 1, Instructions: 40COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2198576678.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_5c30000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID: =
                                • API String ID: 0-2322244508
                                • Opcode ID: f9fcd2b57487cd89329b61e0642079f6aba11ffa625eab157b620081765e6970
                                • Instruction ID: a94f4bb67ec9f9dc2686bee58235e5a57101da20605acbfe108623c0f1cad9b8
                                • Opcode Fuzzy Hash: f9fcd2b57487cd89329b61e0642079f6aba11ffa625eab157b620081765e6970
                                • Instruction Fuzzy Hash: FE112274A4222ACFCB28DF98C949BAAB7B2BB49304F1044E9D409A7B44C7785E85CF41
                                Function 058D72A0 Relevance: 1.3, Strings: 1, Instructions: 37COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2197934282.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_58d0000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID: Te]q
                                • API String ID: 0-52440209
                                • Opcode ID: 01ff86504aed4b58a6c7c4b0d85edaea80dc655a93cedf8f339b27f7d6c6f314
                                • Instruction ID: 2e81017ad63f1b3f45673273d49b9b195035397b506109f9b958144a8dac46aa
                                • Opcode Fuzzy Hash: 01ff86504aed4b58a6c7c4b0d85edaea80dc655a93cedf8f339b27f7d6c6f314
                                • Instruction Fuzzy Hash: F711CBB4A0121C8FCB54EF68D890B9DBBB2BB49314F6045AAE809A7254DB706E85CF51
                                Function 058D3CB4 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2197934282.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_58d0000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID: o
                                • API String ID: 0-252678980
                                • Opcode ID: fc2d03e74ae6ddd9344eeaa3f10d64d17977bf5ef94cca07067c0146d8ef1dcf
                                • Instruction ID: b3c1f64451a840fb313be61d39870fe9d9b92c338b87595102e04569f3f2eb00
                                • Opcode Fuzzy Hash: fc2d03e74ae6ddd9344eeaa3f10d64d17977bf5ef94cca07067c0146d8ef1dcf
                                • Instruction Fuzzy Hash: 68F06C74D107A8CFDBA1DF14C8587AABBF6BB08306F1485E5D819A6280DB355F848F11
                                Function 058D34B5 Relevance: 1.3, Strings: 1, Instructions: 10COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2197934282.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_58d0000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID: /
                                • API String ID: 0-2043925204
                                • Opcode ID: 3424461426547ed011541ef39119584078b079e2e28f77c71ff15375eb948252
                                • Instruction ID: be3ae969029bcfc09df03d935a4f80c0da4ea61e6618a8be7f66b43cf674aaf0
                                • Opcode Fuzzy Hash: 3424461426547ed011541ef39119584078b079e2e28f77c71ff15375eb948252
                                • Instruction Fuzzy Hash: 30D09E3450121DCFCB50DF24D958B59BBF6AB04309F0046E4940597225DB745E88CF11
                                Function 058DB6B8 Relevance: .3, Instructions: 272COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2197934282.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_58d0000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5f28c42c8ff015ca66fe8d787ed0e71cecd78de3ce0d873e9652831b27964289
                                • Instruction ID: 4ddbbcde7b398a6397591725d08bdfbf3aa41587f2222de33102dbaca371a169
                                • Opcode Fuzzy Hash: 5f28c42c8ff015ca66fe8d787ed0e71cecd78de3ce0d873e9652831b27964289
                                • Instruction Fuzzy Hash: 89A18835A102489FCB15CFA9D485AADFBF2FF89312F11806AE811DB391DA31DD42CB60
                                Function 05C4AD10 Relevance: .2, Instructions: 162COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2198576678.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_5c30000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 50ce2e88304c7e574422ecd2c2bbe9266ed4b27059a18e02a540d4fda3d8e4b2
                                • Instruction ID: 5203c2e040cd4887e03fdea1e28d92b37b6e27c5813df0d3432221545a47fa3a
                                • Opcode Fuzzy Hash: 50ce2e88304c7e574422ecd2c2bbe9266ed4b27059a18e02a540d4fda3d8e4b2
                                • Instruction Fuzzy Hash: D761F378E94218DFCB04DFA9E884AADBBB2FF88315F108429E416B7354CB345945CF51
                                Function 058DACF0 Relevance: .1, Instructions: 148COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2197934282.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_58d0000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fcf919e80efed61a024469f2493c9c0ff1777226cb3d97cee9aa49a4b4c57214
                                • Instruction ID: fa37d13e6f24f10f52ef455239a466b35e91c5df42cebebbd8a0e3a202f4546b
                                • Opcode Fuzzy Hash: fcf919e80efed61a024469f2493c9c0ff1777226cb3d97cee9aa49a4b4c57214
                                • Instruction Fuzzy Hash: F541D0756052489FCB09CF68D894BAEBFF5EF46311F2480AAF901DB392CA759C01CB61
                                Function 05C4FD68 Relevance: .1, Instructions: 103COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2198576678.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_5c30000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 77c817742cf8415e87427356e3b4d3eb021d896148f8bce84a37c5403e5ec715
                                • Instruction ID: 45fc0bdadb5faa59b88324a907df82ac3335330c14dd6a12165c3f9795c0868d
                                • Opcode Fuzzy Hash: 77c817742cf8415e87427356e3b4d3eb021d896148f8bce84a37c5403e5ec715
                                • Instruction Fuzzy Hash: B13106366101049FCB05DF69E898EA9BBB2FF48321B0684A8F6099B372D731ED55DF40
                                Function 058DC523 Relevance: .1, Instructions: 95COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2197934282.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_58d0000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6b14bd7e0a941b3f5dfc235767618830a2c7623a6982e6c9e9b5d7efb40406dc
                                • Instruction ID: cc741ecc6ab3a2eb5292f19e84c2f301135ae6f205ac84cb6d3eb4bcc7f4a509
                                • Opcode Fuzzy Hash: 6b14bd7e0a941b3f5dfc235767618830a2c7623a6982e6c9e9b5d7efb40406dc
                                • Instruction Fuzzy Hash: F741E535A012288FEB24DB28D995FA9B7F1BB59710F1041D9EA05AB391D631ED81CF60
                                Function 058D7D50 Relevance: .1, Instructions: 93COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2197934282.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_58d0000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: dcf3c6c05472b51b1177f1ee3e0eaf5b74810582b1ccaeba7719d11e451cb535
                                • Instruction ID: 50bf36052a0b20bf06c5a7da3fb048e02f42e49aec8ba178c002d6e7e9951970
                                • Opcode Fuzzy Hash: dcf3c6c05472b51b1177f1ee3e0eaf5b74810582b1ccaeba7719d11e451cb535
                                • Instruction Fuzzy Hash: D231FE74E04209DFDB04DFAAD840AAEBBF2FB88314F10C469D815E3258D7349942CFA0
                                Function 058D7D4B Relevance: .1, Instructions: 92COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2197934282.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_58d0000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 25a4c85b8fd7ccf52840f8be79f7b3f1be9c731ca02c4218e6c272f78d6e1c98
                                • Instruction ID: 3af17ab6d31a4020d330ac93422ffd8e161fc7e5dc5ed28a9231ebcf7f364dbb
                                • Opcode Fuzzy Hash: 25a4c85b8fd7ccf52840f8be79f7b3f1be9c731ca02c4218e6c272f78d6e1c98
                                • Instruction Fuzzy Hash: BD31EE74E042099FDB04DFAAD840AAEBBF2FB88314F10C469D815E3258D7349942CBA5
                                Function 058D6328 Relevance: .1, Instructions: 88COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2197934282.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_58d0000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3fc8760769c366652c26d8707de017f32155befdec58ac95323fae97057bde15
                                • Instruction ID: 8565dbc8eb66b2d6387dfe74f5ba7c7e3d30281ec0a9fc92aa357e7dc7c2c303
                                • Opcode Fuzzy Hash: 3fc8760769c366652c26d8707de017f32155befdec58ac95323fae97057bde15
                                • Instruction Fuzzy Hash: 5E31F070D0920CCBDB08CFAAD544BEEBBF6BB49314F108029E815B7250E7755E44CBA1
                                Function 058D6090 Relevance: .1, Instructions: 85COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2197934282.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_58d0000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 103b7dd83a712d5db31c3e361124f00ca07d5add8f8fa6d55559740d05c310ef
                                • Instruction ID: 48fd19a7df48f0287efc5c697807c8b1129bcafae2368eba2e65d2bce83e9e1e
                                • Opcode Fuzzy Hash: 103b7dd83a712d5db31c3e361124f00ca07d5add8f8fa6d55559740d05c310ef
                                • Instruction Fuzzy Hash: 4A311774E012099FDB05DFA9D854AEEBBF6FF88310F10846AE806B7264DB345841CFA1
                                Function 058D70FE Relevance: .1, Instructions: 85COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2197934282.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_58d0000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 37e48093152c802216c63c40526d5b4704bc98b40651a220fd8f1c92870241fc
                                • Instruction ID: 43f5b101d4ea72ce34f2d0bd0d9237541fba7169c0c2f52aec644677fa0a1ef0
                                • Opcode Fuzzy Hash: 37e48093152c802216c63c40526d5b4704bc98b40651a220fd8f1c92870241fc
                                • Instruction Fuzzy Hash: 16311170905258CFDB50EF99D858BADFBF2FB49304F1081A9E80AE7254D7749985CF21
                                Function 058D6327 Relevance: .1, Instructions: 84COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2197934282.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_58d0000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 517049659454f64ea99f48f3077758bc0ce3484d3f6f83c92f208b8d7064e589
                                • Instruction ID: 1fdfd8ff06ef0714c19e5e2633e200f960b06b8daaac982f018476dedd179996
                                • Opcode Fuzzy Hash: 517049659454f64ea99f48f3077758bc0ce3484d3f6f83c92f208b8d7064e589
                                • Instruction Fuzzy Hash: 5F31D174D4520DCBDB08CFAAD544BEEBBF6BB49314F10802AE815B7250E7745A44CF61
                                Function 058D6063 Relevance: .1, Instructions: 78COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2197934282.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_58d0000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4e8f8e07eba3b9dee633b05d4ab66a7d6d0743f6c1af0a213317717e786849d2
                                • Instruction ID: f663056ed8084d13d34b92b88a71f5fe2dc33f4ff45553d169cddbe465906761
                                • Opcode Fuzzy Hash: 4e8f8e07eba3b9dee633b05d4ab66a7d6d0743f6c1af0a213317717e786849d2
                                • Instruction Fuzzy Hash: AD312774E0020D9FCB04EFA9E9856EDBBF6FF88210F148465E809B7264EB345C41CBA1
                                Function 058DA733 Relevance: .1, Instructions: 71COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2197934282.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_58d0000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 01431bf5b207ba13746517c9e2228cf18bc7e57a5bffa6b27a1c87a39289e98b
                                • Instruction ID: 0997d2b637a7f0c8bf39fcde2c9ef432087adb6ef9fcd7686fafacb5ed97fb71
                                • Opcode Fuzzy Hash: 01431bf5b207ba13746517c9e2228cf18bc7e57a5bffa6b27a1c87a39289e98b
                                • Instruction Fuzzy Hash: 1F212F35A101099FCB18DF69C4459EEBFB6FB8C320F148229E815A7394DA759C42DF60
                                Function 058D9CBB Relevance: .1, Instructions: 69COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2197934282.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_58d0000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4b0d690dc590661be630517589a7d11ed0b10e43bc2c3a9fe0bc18dd1afd382c
                                • Instruction ID: d1b2c53e41515b4d9505f28707a362459bd1aea911b260f8f04bc5529464fb87
                                • Opcode Fuzzy Hash: 4b0d690dc590661be630517589a7d11ed0b10e43bc2c3a9fe0bc18dd1afd382c
                                • Instruction Fuzzy Hash: 672192306102059FCB04AB68E859BAEBFEAEF85314F408538E00ADB654DF759C0687A1
                                Function 05C37494 Relevance: .1, Instructions: 56COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2198576678.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_5c30000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 955659630645e661cf640c8c4d0313ee5557b80a07f1e48626dacafea84ea43f
                                • Instruction ID: cd55c0617a84fa3fec5271c985e61fe780aa079b86d24dbda38dbba2b98c4a5f
                                • Opcode Fuzzy Hash: 955659630645e661cf640c8c4d0313ee5557b80a07f1e48626dacafea84ea43f
                                • Instruction Fuzzy Hash: C3317EB8A05228DFDB64CF29C9849D9BBF1BB48304F1081DAE818A7795D734AF81CF50
                                Function 058DB0E7 Relevance: .1, Instructions: 56COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2197934282.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_58d0000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b96de450a05ccc2a9e9098c1b4341be867b508e02e22973abc50cc7314c8d288
                                • Instruction ID: 299d1ef057af82d6e9b1842447d789e6ec85f39efadd94e02a772227c7d26edf
                                • Opcode Fuzzy Hash: b96de450a05ccc2a9e9098c1b4341be867b508e02e22973abc50cc7314c8d288
                                • Instruction Fuzzy Hash: 66119131B102059FCF54DE699845BAEBBF6EF89611F054029F906DB380DA70C9029BB1
                                Function 058DBD90 Relevance: .1, Instructions: 53COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2197934282.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_58d0000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 71632048e984bd219d295ee1d8e14821c16ed6066a32249fd4571325408213ec
                                • Instruction ID: b1dc821e0a9d22c48eb0f0664408fe9fc52b7d2a8a2c56efc1282880266fdd3d
                                • Opcode Fuzzy Hash: 71632048e984bd219d295ee1d8e14821c16ed6066a32249fd4571325408213ec
                                • Instruction Fuzzy Hash: 6E01B5326082586FD754DEADD040AEAFFF4FB55321F2580ABE884C7250D632ED90CBA0
                                Function 058DACB8 Relevance: .1, Instructions: 52COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2197934282.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_58d0000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 68d26d130693222e0c1e6af9dd9bba7bc29af8450835017ae4305f4c981e2d0c
                                • Instruction ID: e20d0891d1f7ced5e7f45bf060d959457f277d6d4ace2f8c4bd6add0c4ef2ce7
                                • Opcode Fuzzy Hash: 68d26d130693222e0c1e6af9dd9bba7bc29af8450835017ae4305f4c981e2d0c
                                • Instruction Fuzzy Hash: 5601D8363452545FC7199F29E888D5BBBE9EF9563071544AAE941C7322DA70DC0087B0
                                Function 058DAD40 Relevance: .1, Instructions: 51COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2197934282.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_58d0000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: cf62bf130e8fe38294c76908a108b105bd467e02c533c10b18379593a885ea9e
                                • Instruction ID: 2e74be5697fa6d79333d6fc8128c12dc2547b6676d3bfae20dcb780433443a3e
                                • Opcode Fuzzy Hash: cf62bf130e8fe38294c76908a108b105bd467e02c533c10b18379593a885ea9e
                                • Instruction Fuzzy Hash: 05018836340254AFD7048E59DC84FABB7E9FF88721F108026FA14CB390CA71DC118760
                                Function 05C4E120 Relevance: .0, Instructions: 46COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2198576678.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_5c30000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f3a14ef8859f2cb61006b9ddfc8b1150c8bd0d51049b71e8f5aad35dfd57b1ee
                                • Instruction ID: 59fcbdc6ead51e7faaa7673fecafad54050df5223154088430570217aac835f0
                                • Opcode Fuzzy Hash: f3a14ef8859f2cb61006b9ddfc8b1150c8bd0d51049b71e8f5aad35dfd57b1ee
                                • Instruction Fuzzy Hash: 3511C9B4E0020A9FCB44DFA9D9456AFFBF5FF88300F10846AD819A7355DB349A41CB95
                                Function 058DA160 Relevance: .0, Instructions: 45COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2197934282.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_58d0000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fba27da78d705add4ea2fe9a8ab0f04d28b871c9636a6393c729da2a1f6acc3f
                                • Instruction ID: 852f6efa6d7bb8c65ba2080612206ab2870736b3803a1ff9bac106ca0406fc43
                                • Opcode Fuzzy Hash: fba27da78d705add4ea2fe9a8ab0f04d28b871c9636a6393c729da2a1f6acc3f
                                • Instruction Fuzzy Hash: CEF02D32B0C2155FEB1A96549810B5AFBE9EBC9320F144466D806DB351CA75DC41C3B0
                                Function 058DA1C8 Relevance: .0, Instructions: 38COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2197934282.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_58d0000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5cdfa1cb40496b3d9d81804395004028be7b5d3a6aa8e026755e28ed2176f171
                                • Instruction ID: 1b8a3163d8713c1ec4b6977c14c76ec8adaa49f55699c158326e0f771c2bd805
                                • Opcode Fuzzy Hash: 5cdfa1cb40496b3d9d81804395004028be7b5d3a6aa8e026755e28ed2176f171
                                • Instruction Fuzzy Hash: 7EF0F072B4D2905EEB2A53381C11325EBE19BD6205F6884AAC842CF2A6D99A8C02C360
                                Function 058DC420 Relevance: .0, Instructions: 37COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2197934282.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_58d0000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 55d43eaac6856a5d2e2f3356bbfc188a4af0fbe5533859fde434048f82af91ae
                                • Instruction ID: 80b9e40c876e91e0d0630f42daaaf4ab30cf79cf6602fc05b7d88bc3a6d6430c
                                • Opcode Fuzzy Hash: 55d43eaac6856a5d2e2f3356bbfc188a4af0fbe5533859fde434048f82af91ae
                                • Instruction Fuzzy Hash: 41F0C271A182549FDB0ACB64E459ABDBFF3AB84215F0484EAE80AD7190EB744E85C760
                                Function 058DA170 Relevance: .0, Instructions: 37COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2197934282.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_58d0000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4952312544b2226ca196acbc5fa72cbda82f61edc5a5f99009fa8295f9fac99e
                                • Instruction ID: f114cbd10c7b52e1bdbad3c8ce91f7b9c20a2af7a1aa6053c4a3862cdd420535
                                • Opcode Fuzzy Hash: 4952312544b2226ca196acbc5fa72cbda82f61edc5a5f99009fa8295f9fac99e
                                • Instruction Fuzzy Hash: 47F05931B042115FE71996199C10B2BF7EDEBC8310F148439E80ADB350CA72EC41C3A0
                                Function 058DAD30 Relevance: .0, Instructions: 36COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2197934282.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_58d0000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2b34b996032be8ec4479bec558ff8aa2eff44ea3e877c9a119373cf57a0e2099
                                • Instruction ID: ed48b2ead8f5f0109364662c55552189fe3bafbc5dc6d727bbd81634c41dd349
                                • Opcode Fuzzy Hash: 2b34b996032be8ec4479bec558ff8aa2eff44ea3e877c9a119373cf57a0e2099
                                • Instruction Fuzzy Hash: E6F05E36300240AFC7098E69E884E9BBBF9FF99622B148579F905C7320DA71EC108760
                                Function 058D0378 Relevance: .0, Instructions: 35COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2197934282.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_58d0000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c6819c9371d4480be5cf4ed85b1cbbf173cb5bf2e6d57aa73659ca46e7834069
                                • Instruction ID: 99ab4b5a9bf15590eb880d2686baaa143a4a172114f7225de3ddd0c45280ed07
                                • Opcode Fuzzy Hash: c6819c9371d4480be5cf4ed85b1cbbf173cb5bf2e6d57aa73659ca46e7834069
                                • Instruction Fuzzy Hash: B0117574A152188FCB65DF28D894B99B7F5BF49305F4095E9D40AA7390EB306F85CF40
                                Function 058D9198 Relevance: .0, Instructions: 32COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2197934282.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_58d0000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ed15390f97fccafb41b7a77447fda1b90cba38e2077cc68e6f47d53dce556194
                                • Instruction ID: e3a83184160fa51b4e4b1055abc99de42f5ecd05e5aff1a16bbe3a96a9a1ffed
                                • Opcode Fuzzy Hash: ed15390f97fccafb41b7a77447fda1b90cba38e2077cc68e6f47d53dce556194
                                • Instruction Fuzzy Hash: CEF03074D092089FCB59EBA8D45969CFBF5EB45314F14C0EACC08D7352E6365D06CB51
                                Function 058D6280 Relevance: .0, Instructions: 31COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2197934282.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_58d0000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b3a6725fd6a00b71b6c2764965a8d32591b912f13fdefe3f9032fd49f96d3520
                                • Instruction ID: e3c0ae977910107956d5bd86e4ede438267ce5169565168be4e82544867c3f2b
                                • Opcode Fuzzy Hash: b3a6725fd6a00b71b6c2764965a8d32591b912f13fdefe3f9032fd49f96d3520
                                • Instruction Fuzzy Hash: 68F0CD3094934CAFCB12DBA99404598FFF1AB06210F0481EADC44A6296E2395941DB91
                                Function 058D7390 Relevance: .0, Instructions: 30COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2197934282.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_58d0000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5dd288433f9a75106686e1d26e5202bef96555b5e80f758a868f82d03397de31
                                • Instruction ID: 188217d2ed3e07a199edf711500f526d9152974f969db5b1ecd03359e71df229
                                • Opcode Fuzzy Hash: 5dd288433f9a75106686e1d26e5202bef96555b5e80f758a868f82d03397de31
                                • Instruction Fuzzy Hash: EE011274904258CFCB50DF58D8A9BACBBF2BB0A312F1040A9E409E36A1DB345D89CF01
                                Function 058D64AF Relevance: .0, Instructions: 29COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2197934282.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_58d0000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 61c8259612f671de3afc2aafd26cef44a680a2def3fd476f8ffaf5f4d9dd8a15
                                • Instruction ID: 4b18fd94b9b43d694e401a5cab8a78aa67c4a68f6f43b31eb32d7592019c48c9
                                • Opcode Fuzzy Hash: 61c8259612f671de3afc2aafd26cef44a680a2def3fd476f8ffaf5f4d9dd8a15
                                • Instruction Fuzzy Hash: CCF08234909208AFC705DF54D4449ADBFF6AF09321F10C0D5EC0997361E6319D55DB51
                                Function 058D7575 Relevance: .0, Instructions: 27COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2197934282.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_58d0000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4867d684e16ad0807a83734ea0d0f18b7729857c7fb46807921c7f2abebc58c4
                                • Instruction ID: dcff915ece744cd20d300649e90681ad8ba75fa36bb450496683b3e11c65f9f0
                                • Opcode Fuzzy Hash: 4867d684e16ad0807a83734ea0d0f18b7729857c7fb46807921c7f2abebc58c4
                                • Instruction Fuzzy Hash: D401B2749015598FCB54DF5AE494BACBBF2FB89324F4084AAE50AE3250DB305D85CF21
                                Function 058D7084 Relevance: .0, Instructions: 27COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2197934282.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_58d0000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 450434eaf772ba1633e490576896546c3fe6e478970ab884c69168edad37ad53
                                • Instruction ID: c705c3261957ef4cf143a4330ccf4161a58d19d2ee18c3b30d4139431bb39d40
                                • Opcode Fuzzy Hash: 450434eaf772ba1633e490576896546c3fe6e478970ab884c69168edad37ad53
                                • Instruction Fuzzy Hash: EF01B674A011189FCB14DF59D495B9DFBF2FF89315F4080A6E909E7291DB305D818F21
                                Function 05C33C75 Relevance: .0, Instructions: 26COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2198576678.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_5c30000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2a8e7d7600a2da452266e4d017bc943047cb50d1f961a184cc01ac3425d9a496
                                • Instruction ID: 47c355465f381e0a0bfc0ffe8adb2454c0b1a2aaf17b5c5d1f42a5ebc2566423
                                • Opcode Fuzzy Hash: 2a8e7d7600a2da452266e4d017bc943047cb50d1f961a184cc01ac3425d9a496
                                • Instruction Fuzzy Hash: C4F0E778A41218CFC724EF19E968AE97BB6FB88304F1080D9E509A3354CB346E84CF50
                                Function 058D7658 Relevance: .0, Instructions: 26COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2197934282.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_58d0000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2a7d6cb72fade42c20991bea11bcb4dace19513083dcf8c4826fa5da7dacb16c
                                • Instruction ID: dcd70a51e1145dc7acc8a1a9b4b616507fa0b2cb90d42074320708e3dad156c4
                                • Opcode Fuzzy Hash: 2a7d6cb72fade42c20991bea11bcb4dace19513083dcf8c4826fa5da7dacb16c
                                • Instruction Fuzzy Hash: C2F01438900558CFCB10DF18E494BACBBB1FB88318F4080AAE809A7340CB345DC8CF20
                                Function 058D7231 Relevance: .0, Instructions: 26COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2197934282.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_58d0000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 45929ab9123f13ae3deef9cf7cc0d86a77168994331f540739e77b7adaee7b39
                                • Instruction ID: 20833b54ba22d70b5468b2cb762a60ed9f38ad4a682ae1b1b1421979232f421f
                                • Opcode Fuzzy Hash: 45929ab9123f13ae3deef9cf7cc0d86a77168994331f540739e77b7adaee7b39
                                • Instruction Fuzzy Hash: 59019274940559CFDB60CF59D854BACBBF5BB04310F0080E6E809E3640EB305D808F21
                                Function 058D7C29 Relevance: .0, Instructions: 26COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2197934282.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_58d0000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 18fb4e32162b47e1cd349c1b2417a81838bcff51ee71861596c5f3cc7691117d
                                • Instruction ID: 145095f7a00aadd896668c725e962720932c872e79ba32119f0b6c059019ee35
                                • Opcode Fuzzy Hash: 18fb4e32162b47e1cd349c1b2417a81838bcff51ee71861596c5f3cc7691117d
                                • Instruction Fuzzy Hash: B0E0397091420CAFCB44DFA8D9457A8FBF5EB05208F2040A9DC08D3340E6329E42DBA1
                                Function 058D7766 Relevance: .0, Instructions: 25COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2197934282.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_58d0000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 42bb415dd78f13a013f9665c74dd7aa052e77cd3071a23e4d6da06e3f54de410
                                • Instruction ID: 135da3194c0d4b2184586e5b08618c10869cfb0456f48949b74b57c185079d30
                                • Opcode Fuzzy Hash: 42bb415dd78f13a013f9665c74dd7aa052e77cd3071a23e4d6da06e3f54de410
                                • Instruction Fuzzy Hash: 10F09270E06318CBEBA4CF669848BA9F7F6BB89304F909469D80DE7254EB309D40CB14
                                Function 058D86B0 Relevance: .0, Instructions: 25COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2197934282.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_58d0000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ff59c4d899440bddb7cc73967eeff082335b2011324d660815598caad8dfd80f
                                • Instruction ID: 5c181409e3b32bc6e4bca2db702863dbf18355f4709a8f48428d48a781f8b26b
                                • Opcode Fuzzy Hash: ff59c4d899440bddb7cc73967eeff082335b2011324d660815598caad8dfd80f
                                • Instruction Fuzzy Hash: 5EF05874E08248AFCB40DFA8E50469DBBF4AB89314F14C0ED9848A3342D6329A01CF42
                                Function 058D601B Relevance: .0, Instructions: 25COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2197934282.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_58d0000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9a6d29979eda36f994a493aa52a7d04ecabe3a99a23e72a3eeab77bfc498abb5
                                • Instruction ID: aca85d64a6d602e9bdd8505f52185afcccf622666b31b312c8e5fa3f57e725ed
                                • Opcode Fuzzy Hash: 9a6d29979eda36f994a493aa52a7d04ecabe3a99a23e72a3eeab77bfc498abb5
                                • Instruction Fuzzy Hash: D2E0E57486520CAFCB50DBA9D446399BFF9AB05215F1040A9EC04A3250EA755E50D7A5
                                Function 05C495E0 Relevance: .0, Instructions: 23COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2198576678.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_5c30000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 96d2bc4796bfe9d3a4ae7dfc899349b02a10fcdcc31c2e8768d55ac86610051c
                                • Instruction ID: 174eae417ed26a704fbb53e38a2ef2e3fee1901dd8ca74530730c0de60d6087e
                                • Opcode Fuzzy Hash: 96d2bc4796bfe9d3a4ae7dfc899349b02a10fcdcc31c2e8768d55ac86610051c
                                • Instruction Fuzzy Hash: AFE0C974D05208EFCB84DFA8D541A9DBBF5EB48310F10C5A99C19A3345D6359A51DF80
                                Function 05C4C168 Relevance: .0, Instructions: 23COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2198576678.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_5c30000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 96d2bc4796bfe9d3a4ae7dfc899349b02a10fcdcc31c2e8768d55ac86610051c
                                • Instruction ID: 201a32bee6c07e8635ce976cc1bf667d5677b813aed6729dfcf27920f6231a8f
                                • Opcode Fuzzy Hash: 96d2bc4796bfe9d3a4ae7dfc899349b02a10fcdcc31c2e8768d55ac86610051c
                                • Instruction Fuzzy Hash: FDE0C974D09208EFCB44DFA9D540A9CBBF5EB48310F10C5AA9C09A3351D7369E51DF90
                                Function 05C45508 Relevance: .0, Instructions: 23COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2198576678.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_5c30000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 96d2bc4796bfe9d3a4ae7dfc899349b02a10fcdcc31c2e8768d55ac86610051c
                                • Instruction ID: 636cc204bd61313abad0bb6b6d9183e92cc767a42ad6d7dbcc3a5750ce958062
                                • Opcode Fuzzy Hash: 96d2bc4796bfe9d3a4ae7dfc899349b02a10fcdcc31c2e8768d55ac86610051c
                                • Instruction Fuzzy Hash: A6E0C274E05208EFCB44DFA8D540AACBBF6EB48310F10C4AAAC09A3341D636AA51DF81
                                Function 05C4ACC0 Relevance: .0, Instructions: 23COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2198576678.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_5c30000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 96d2bc4796bfe9d3a4ae7dfc899349b02a10fcdcc31c2e8768d55ac86610051c
                                • Instruction ID: 5a7d5386655f92de71f7febb20e7ae7fe1883e7a60cbf34e511ca2e59efd2b7f
                                • Opcode Fuzzy Hash: 96d2bc4796bfe9d3a4ae7dfc899349b02a10fcdcc31c2e8768d55ac86610051c
                                • Instruction Fuzzy Hash: 82E0C974D05208EFCB84DFA8D940A9DBBF6FB48310F14C4A99C18A3341D6369E51DF80
                                Function 05C354D5 Relevance: .0, Instructions: 23COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2198576678.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_5c30000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 88d17c195bdacc5fc3abf7285a49f48d6e7aa4d4b1f813ca0becb67bbaed4aed
                                • Instruction ID: 989072a4662f12dc49f43ff83c99118986fc23f078798e9e0f414d8e024b33c4
                                • Opcode Fuzzy Hash: 88d17c195bdacc5fc3abf7285a49f48d6e7aa4d4b1f813ca0becb67bbaed4aed
                                • Instruction Fuzzy Hash: 82F03A38A4122ACFC718DF58C958EAA77B2FB89304F1080E89119B7744CA386F848F11
                                Function 058DE458 Relevance: .0, Instructions: 23COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2197934282.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_58d0000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0312cc9fe81d7ca8c12cb7fddaa2fb684079f4ff774f227ab4782e89c096301f
                                • Instruction ID: a416491b478a8decf93a7ee67800bce82ad13b9a577120b4188af9676af72564
                                • Opcode Fuzzy Hash: 0312cc9fe81d7ca8c12cb7fddaa2fb684079f4ff774f227ab4782e89c096301f
                                • Instruction Fuzzy Hash: DFE086303503045BCB28A56D5840B75B7EE9B46615F910869AE05EF280D962EC4187B6
                                Function 058D9090 Relevance: .0, Instructions: 23COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2197934282.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_58d0000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 58276d3f904f0015a6af663da87db5b7fbc3b5c03a96ee148e5fb30cc2af814f
                                • Instruction ID: 56c05c2943b8bc208020d7481fd9bc0b7b4cf85a8c3b5fb2979ba3ba988408c3
                                • Opcode Fuzzy Hash: 58276d3f904f0015a6af663da87db5b7fbc3b5c03a96ee148e5fb30cc2af814f
                                • Instruction Fuzzy Hash: 6BE0DF7480A208ABCB15DB74F8002ADBFB9AB12306F9006E9D80827301C6315E40DBA2
                                Function 05C4DC40 Relevance: .0, Instructions: 22COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2198576678.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_5c30000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 34df7f27e5c34b908d1e6457afc010d6dfa72ad126df21e3e173fd59f8ed1240
                                • Instruction ID: 9b99861e91372054d0421524b5361aa80a3062a01891eddfd63bc7107ff24a84
                                • Opcode Fuzzy Hash: 34df7f27e5c34b908d1e6457afc010d6dfa72ad126df21e3e173fd59f8ed1240
                                • Instruction Fuzzy Hash: 71E0DF34D09208DFC710EFBCD44469C7BF9AB05311F1040A99809A3340DB342E44CB81
                                Function 058D86C0 Relevance: .0, Instructions: 22COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2197934282.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_58d0000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 220008e5613a3bc0f4102aaeed2073e21d14e96fb537d1c75f2fed306e3ee9b8
                                • Instruction ID: f783ad862894c3c723609c3a21215165e1b8796c03b2bd037559b1cfb8a3ec82
                                • Opcode Fuzzy Hash: 220008e5613a3bc0f4102aaeed2073e21d14e96fb537d1c75f2fed306e3ee9b8
                                • Instruction Fuzzy Hash: 18E0C974D05208AFCB44DFA8E54469CFBF5EB48314F10C0A99C18A3341D6369E01CF40
                                Function 058D91A8 Relevance: .0, Instructions: 22COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2197934282.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_58d0000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 220008e5613a3bc0f4102aaeed2073e21d14e96fb537d1c75f2fed306e3ee9b8
                                • Instruction ID: 4727a94e2703fa2bc39f311b1f4cf4b1be2a90e17eff665e44a0cdbd44fe3af2
                                • Opcode Fuzzy Hash: 220008e5613a3bc0f4102aaeed2073e21d14e96fb537d1c75f2fed306e3ee9b8
                                • Instruction Fuzzy Hash: 7CE0C274E05208AFCB84EFA8D5446ACFBF5EB48314F10C1AADC08A3341D635AE02CB80
                                Function 058D6290 Relevance: .0, Instructions: 22COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2197934282.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_58d0000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6c4bf7e4cea3e71a2c6fca4c18451414b051faa1675f1b423111e3ed12ecfa7c
                                • Instruction ID: fa7b6c2d93281e9d260539ca63e1ba3c7bc1dbdb8b336de949dca6d3fb7f4b37
                                • Opcode Fuzzy Hash: 6c4bf7e4cea3e71a2c6fca4c18451414b051faa1675f1b423111e3ed12ecfa7c
                                • Instruction Fuzzy Hash: BCE0E574D0520CEFCB54DFA9D4406ADBBF5EB48300F5080A99C18A3344E7399E51DF91
                                Function 05C4EE78 Relevance: .0, Instructions: 21COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2198576678.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_5c30000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fe99ecfc7b0d32537bac63e3738c07c37d3f3aa526f33d939d37791df4fe774b
                                • Instruction ID: fe076f698eae2bf278b83db6b9b54652e31314aafb37260b0ea85ba3d8543ec7
                                • Opcode Fuzzy Hash: fe99ecfc7b0d32537bac63e3738c07c37d3f3aa526f33d939d37791df4fe774b
                                • Instruction Fuzzy Hash: 53E04F78909108ABC714DF98E5409ADBFBDAB49311F10C4999C4457341CA319A51DB91
                                Function 05C4AFB0 Relevance: .0, Instructions: 20COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2198576678.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_5c30000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4bec9e1fd096a58ff33ec34e8f3f46af8dbf6ecc2893c272e28cd6cb0bc275ee
                                • Instruction ID: 4416dba9517bbed0fd0894a21b785b2569c40ecaff1ddac0368a83bc03b0c92e
                                • Opcode Fuzzy Hash: 4bec9e1fd096a58ff33ec34e8f3f46af8dbf6ecc2893c272e28cd6cb0bc275ee
                                • Instruction Fuzzy Hash: 89E01A78D09108AFC704DB99D5405ACBBB6AB48310F1084E99C1953341C635AA01DF80
                                Function 05C47F58 Relevance: .0, Instructions: 20COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2198576678.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_5c30000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4bec9e1fd096a58ff33ec34e8f3f46af8dbf6ecc2893c272e28cd6cb0bc275ee
                                • Instruction ID: 2096066de2937f976bd43d13550397f7afbcdaa4a9a1b365e8f30521dcf4a475
                                • Opcode Fuzzy Hash: 4bec9e1fd096a58ff33ec34e8f3f46af8dbf6ecc2893c272e28cd6cb0bc275ee
                                • Instruction Fuzzy Hash: 85E01A38D09108AFC704DFE9D5405ACBBF9EB48311F1080E99C4863341CB35AA02DF80
                                Function 058D75EE Relevance: .0, Instructions: 20COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2197934282.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_58d0000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: acec7b6a9d6069766c100a19c674078879ec85da9f2b84636919f1039e728f57
                                • Instruction ID: 390962dc8bc4d09bcafcf3873ab4876dd19f238431204b6ed65bb36a0b9277cd
                                • Opcode Fuzzy Hash: acec7b6a9d6069766c100a19c674078879ec85da9f2b84636919f1039e728f57
                                • Instruction Fuzzy Hash: 12F0D478A051188FD751EF68C9547D8BBB2FB98304F008298D449B7344DB345D89CF20
                                Function 058D729B Relevance: .0, Instructions: 20COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2197934282.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_58d0000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ae7112b68178c536002a68ec4de4f55502ec62a3ff5a5b0da7b08754f6362bf9
                                • Instruction ID: 87e12ad4ac6970f1a8b039f99bab87be7a0701dfcb6a05818560bc7c83951070
                                • Opcode Fuzzy Hash: ae7112b68178c536002a68ec4de4f55502ec62a3ff5a5b0da7b08754f6362bf9
                                • Instruction Fuzzy Hash: 14E0AE74945548DFE704DF8AE0A4AACBBF2FB84364F50806AE802E7294DB346C85CB21
                                Function 05C4D080 Relevance: .0, Instructions: 19COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2198576678.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_5c30000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a1bf24303b573753a40ee12db3472855510b482c7bf91978c9502024e1aafd1a
                                • Instruction ID: 658e0f2c303cd0338ed7176db56bc6a78d0821670241fc6ed877006fbb357907
                                • Opcode Fuzzy Hash: a1bf24303b573753a40ee12db3472855510b482c7bf91978c9502024e1aafd1a
                                • Instruction Fuzzy Hash: B5E0C238909108DBC704EFA8E5409BCFBB9EB45310F5084D8CC0923341CB32AE03CB80
                                Function 05C492D0 Relevance: .0, Instructions: 19COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2198576678.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_5c30000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8cf83c1bd7d3148b691f03b94c30c68f71836e5793fdf35e99ec8d8088d4912e
                                • Instruction ID: 53aab567c5d2baeb55122aea9c0c759af37408d1002c802a27d1102ba93d910b
                                • Opcode Fuzzy Hash: 8cf83c1bd7d3148b691f03b94c30c68f71836e5793fdf35e99ec8d8088d4912e
                                • Instruction Fuzzy Hash: 72E0C2704411189FCB00EBB98504AAE7BBDAF55200F4044F5C404A3110EE755A10D7A6
                                Function 05C4AA98 Relevance: .0, Instructions: 19COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2198576678.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_5c30000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 68070986a1b9aa42ed2c2902631a79ccca0e88552379a917bfb785d9e8a29dfa
                                • Instruction ID: 68d857c9ac278288e1276405a23175fcba07406bdc42f08ce60e9c6662a82234
                                • Opcode Fuzzy Hash: 68070986a1b9aa42ed2c2902631a79ccca0e88552379a917bfb785d9e8a29dfa
                                • Instruction Fuzzy Hash: B5E0EC74956208DFC740DFA8D9496ACBFB9AB04211F5045A99909A3340EB705A94DF41
                                Function 058D6028 Relevance: .0, Instructions: 19COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2197934282.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_58d0000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b3766f54b2b6c5d643574d957ef61f31d39cbddb39d4ef212a2ad6311030107e
                                • Instruction ID: a7f8c290ec2cb5dd807eb75f77b3016d2c9e6bec4ab19f784fcafb81b59caf66
                                • Opcode Fuzzy Hash: b3766f54b2b6c5d643574d957ef61f31d39cbddb39d4ef212a2ad6311030107e
                                • Instruction Fuzzy Hash: 06E0EC7495520CEFC750DFA8D5456ADBFF9EB04211F1040A9DC09E3240EB346E54DB51
                                Function 058D74E0 Relevance: .0, Instructions: 18COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2197934282.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_58d0000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3e941f129ffd46912dfc202a6d9d96549e056d3ed68f205ab7dc9a9e67da297e
                                • Instruction ID: 94c707d68619e36fba934682ee77a30d1444ddba595c065ac96697c1760c7437
                                • Opcode Fuzzy Hash: 3e941f129ffd46912dfc202a6d9d96549e056d3ed68f205ab7dc9a9e67da297e
                                • Instruction Fuzzy Hash: A7E0C274915548CFE700DF5AE494BACBBF1FB44369F4040AAE805E3681C7386D84CF21
                                Function 058D77EB Relevance: .0, Instructions: 17COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2197934282.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_58d0000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 36c807c6abff670c8f8c0def36abed88286f054363dd9a540de5ef1ff6d8a076
                                • Instruction ID: 7e7e892a981c85886a9e2d485dfb14c07bfa50bb3e571115adddd72a2914bc31
                                • Opcode Fuzzy Hash: 36c807c6abff670c8f8c0def36abed88286f054363dd9a540de5ef1ff6d8a076
                                • Instruction Fuzzy Hash: B1E0ED75512058CFD754DF64C96EB98BBB1FB88315F1041D99909B7350DB305D44CF60
                                Function 058D9C10 Relevance: .0, Instructions: 17COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2197934282.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_58d0000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: eef69f1d0225fe972e4cb67d39ff4f2d0531f7e1caae2704308c42fcb29824c2
                                • Instruction ID: fb75c0065a8a2cd111557e58c9ec0a8822e2f63a4a5630f878fe3ada27184269
                                • Opcode Fuzzy Hash: eef69f1d0225fe972e4cb67d39ff4f2d0531f7e1caae2704308c42fcb29824c2
                                • Instruction Fuzzy Hash: C6E01230A0020DEFCB04EFA8E951A9DB7B9EB84204F1085A8D409D7305DA315E049795
                                Function 058D748A Relevance: .0, Instructions: 16COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2197934282.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_58d0000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d5ac3e0b8019cc0613fe1b77f200477bf22b3d4733961817b29b2117c3d67d6a
                                • Instruction ID: 58dc5e4fb16fb41f99cb74b98c5ea3d44a919822328e6e4b04b90081bef27313
                                • Opcode Fuzzy Hash: d5ac3e0b8019cc0613fe1b77f200477bf22b3d4733961817b29b2117c3d67d6a
                                • Instruction Fuzzy Hash: 50E01AB4A102188FC714EFA4E59979CBBB1EF85304F10809D950AB7354CB301D859F34
                                Function 058DB0C0 Relevance: .0, Instructions: 15COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2197934282.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_58d0000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b200af1df4e533d9318edde94a7bf738f53d0c8165fc0bd58b52ef7d8f9722d9
                                • Instruction ID: c174ad334f06d0ade31de3f491a0973c1950678948c24c20cbf43d5cf6dafa6c
                                • Opcode Fuzzy Hash: b200af1df4e533d9318edde94a7bf738f53d0c8165fc0bd58b52ef7d8f9722d9
                                • Instruction Fuzzy Hash: A9D0A7A651C3C12FCB034A306816704BF715B12219F0B40D3D150DA1C7E6819C43C632
                                Function 05C4D438 Relevance: .0, Instructions: 12COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2198576678.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_5c30000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 718d63e23d2fd229c14a041cbd41aea8520bc9c5117c6b5026ea834b37690e70
                                • Instruction ID: 6c3abef9ca1149f89d30762698dfe55b2f558220f57737d96f964c2a8f35028f
                                • Opcode Fuzzy Hash: 718d63e23d2fd229c14a041cbd41aea8520bc9c5117c6b5026ea834b37690e70
                                • Instruction Fuzzy Hash: 4CC08C300AA60487C1116288A009B713A9ED382323F482C10680E048118A62A890DB66
                                Function 058D773C Relevance: .0, Instructions: 8COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2197934282.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_58d0000_Koerxmxvkh.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e8009f61d50091bfac553088e2c5e323aca710d55d3c7db6f3d0c767e7f0dc16
                                • Instruction ID: 8ebe789031a9d31cdb1be8753c2045a8dbad2b3bb7b40ffef0b40ec3f6c3b553
                                • Opcode Fuzzy Hash: e8009f61d50091bfac553088e2c5e323aca710d55d3c7db6f3d0c767e7f0dc16
                                • Instruction Fuzzy Hash: 66C08C7821900DCBC300EF84D01466CBBB6F784308F408088C102722C4CE380C0CC734