Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
jbuESggTv0.exe

Overview

General Information

Sample name:jbuESggTv0.exe
renamed because original name is a hash value
Original sample name:13cb2135790780947be355c3c9ed42be1987c9e64d6cd0c43a5a4c5ae289dc30.exe
Analysis ID:1562382
MD5:2ed7362e959d42385d4e6d231a6840dd
SHA1:b3cc47ac92296d978fc991d9658c771f225dbf18
SHA256:13cb2135790780947be355c3c9ed42be1987c9e64d6cd0c43a5a4c5ae289dc30
Tags:cia-tfexeuser-JAMESWT_MHT
Infos:

Detection

Snake Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sigma detected: Drops script at startup location
Yara detected AntiVM3
Yara detected Snake Keylogger
.NET source code contains potential unpacker
AI detected suspicious sample
Drops VBS files to the startup folder
Drops large PE files
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Sigma detected: WScript or CScript Dropper
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Writes to foreign memory regions
Yara detected Costura Assembly Loader
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • jbuESggTv0.exe (PID: 7252 cmdline: "C:\Users\user\Desktop\jbuESggTv0.exe" MD5: 2ED7362E959D42385D4E6D231A6840DD)
    • InstallUtil.exe (PID: 7636 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • wscript.exe (PID: 7680 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svcost.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • svcost.exe (PID: 7740 cmdline: "C:\Users\user\AppData\Roaming\svcost.exe" MD5: 1D3F574D5468B5AD753EF474761B993D)
      • InstallUtil.exe (PID: 7864 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: Snake Keylogger

{"Exfil Mode": "SMTP", "Username": "sendpcamill@juguly.shop", "Password": "rEBS93U9rKLG", "Host": "juguly.shop", "Port": "587", "Version": "5.1"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.1605150480.0000000006320000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
    00000003.00000002.3816754828.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000003.00000002.3816754828.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
        00000003.00000002.3816754828.0000000000402000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
        • 0x14885:$a1: get_encryptedPassword
        • 0x14b71:$a2: get_encryptedUsername
        • 0x14691:$a3: get_timePasswordChanged
        • 0x1478c:$a4: get_passwordField
        • 0x1489b:$a5: set_encryptedPassword
        • 0x15f18:$a7: get_logins
        • 0x15e7b:$a10: KeyLoggerEventArgs
        • 0x15ae6:$a11: KeyLoggerEventArgsEventHandler
        00000003.00000002.3816754828.0000000000402000.00000040.00000400.00020000.00000000.sdmpMALWARE_Win_SnakeKeyloggerDetects Snake KeyloggerditekSHen
        • 0x18248:$x1: $%SMTPDV$
        • 0x182ae:$x2: $#TheHashHere%&
        • 0x198bf:$x3: %FTPDV$
        • 0x199b3:$x4: $%TelegramDv$
        • 0x15ae6:$x5: KeyLoggerEventArgs
        • 0x15e7b:$x5: KeyLoggerEventArgs
        • 0x198e3:$m2: Clipboard Logs ID
        • 0x19b03:$m2: Screenshot Logs ID
        • 0x19c13:$m2: keystroke Logs ID
        • 0x19eed:$m3: SnakePW
        • 0x19adb:$m4: \SnakeKeylogger\
        Click to see the 36 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        0.2.jbuESggTv0.exe.6320000.8.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
          0.2.jbuESggTv0.exe.4235570.2.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            0.2.jbuESggTv0.exe.4235570.2.unpackJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
              0.2.jbuESggTv0.exe.4235570.2.unpackWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
              • 0x12c85:$a1: get_encryptedPassword
              • 0x12f71:$a2: get_encryptedUsername
              • 0x12a91:$a3: get_timePasswordChanged
              • 0x12b8c:$a4: get_passwordField
              • 0x12c9b:$a5: set_encryptedPassword
              • 0x14318:$a7: get_logins
              • 0x1427b:$a10: KeyLoggerEventArgs
              • 0x13ee6:$a11: KeyLoggerEventArgsEventHandler
              0.2.jbuESggTv0.exe.4235570.2.unpackMAL_Envrial_Jan18_1Detects Encrial credential stealer malwareFlorian Roth
              • 0x1a6af:$a2: \Comodo\Dragon\User Data\Default\Login Data
              • 0x198e1:$a3: \Google\Chrome\User Data\Default\Login Data
              • 0x19d14:$a4: \Orbitum\User Data\Default\Login Data
              • 0x1ad53:$a5: \Kometa\User Data\Default\Login Data
              Click to see the 15 entries

              Sigma Signatures

              System Summary

              barindex
              Sigma detected: WScript or CScript Dropper
              Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svcost.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svcost.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4056, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svcost.vbs" , ProcessId: 7680, ProcessName: wscript.exe
              Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
              Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svcost.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svcost.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4056, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svcost.vbs" , ProcessId: 7680, ProcessName: wscript.exe

              Data Obfuscation

              barindex
              Sigma detected: Drops script at startup location
              Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\jbuESggTv0.exe, ProcessId: 7252, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svcost.vbs

              Suricata Signatures

              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-11-25T15:00:45.976455+010028033053Unknown Traffic192.168.2.749772172.67.177.134443TCP
              2024-11-25T15:00:55.551038+010028033053Unknown Traffic192.168.2.749799172.67.177.134443TCP
              2024-11-25T15:00:58.571496+010028033053Unknown Traffic192.168.2.749812172.67.177.134443TCP
              2024-11-25T15:00:59.872135+010028033053Unknown Traffic192.168.2.749813172.67.177.134443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-11-25T15:00:41.582843+010028032742Potentially Bad Traffic192.168.2.749760158.101.44.24280TCP
              2024-11-25T15:00:44.301616+010028032742Potentially Bad Traffic192.168.2.749760158.101.44.24280TCP
              2024-11-25T15:00:47.395427+010028032742Potentially Bad Traffic192.168.2.749778158.101.44.24280TCP
              2024-11-25T15:00:54.723537+010028032742Potentially Bad Traffic192.168.2.749793158.101.44.24280TCP
              2024-11-25T15:00:56.895465+010028032742Potentially Bad Traffic192.168.2.749793158.101.44.24280TCP
              2024-11-25T15:01:01.098589+010028032742Potentially Bad Traffic192.168.2.749815158.101.44.24280TCP

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Antivirus detection for dropped file
              Source: C:\Users\user\AppData\Roaming\svcost.exeAvira: detection malicious, Label: HEUR/AGEN.1310409
              Found malware configuration
              Source: 00000003.00000002.3816754828.0000000000402000.00000040.00000400.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "SMTP", "Username": "sendpcamill@juguly.shop", "Password": "rEBS93U9rKLG", "Host": "juguly.shop", "Port": "587", "Version": "5.1"}
              Multi AV Scanner detection for submitted file
              Source: jbuESggTv0.exeReversingLabs: Detection: 68%
              AI detected suspicious sample
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
              Machine Learning detection for dropped file
              Source: C:\Users\user\AppData\Roaming\svcost.exeJoe Sandbox ML: detected
              Machine Learning detection for sample
              Source: jbuESggTv0.exeJoe Sandbox ML: detected

              Location Tracking

              barindex
              Tries to detect the country of the analysis system (by using the IP)
              Source: unknownDNS query: name: reallyfreegeoip.org
              Source: jbuESggTv0.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: unknownHTTPS traffic detected: 172.67.177.134:443 -> 192.168.2.7:49766 version: TLS 1.0
              Source: unknownHTTPS traffic detected: 172.67.177.134:443 -> 192.168.2.7:49805 version: TLS 1.0
              Source: jbuESggTv0.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
              Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: jbuESggTv0.exe, 00000000.00000002.1593158495.000000000436B000.00000004.00000800.00020000.00000000.sdmp, jbuESggTv0.exe, 00000000.00000002.1593158495.00000000042B2000.00000004.00000800.00020000.00000000.sdmp, jbuESggTv0.exe, 00000000.00000002.1594608307.0000000005BE0000.00000004.08000000.00040000.00000000.sdmp
              Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: jbuESggTv0.exe, 00000000.00000002.1593158495.000000000436B000.00000004.00000800.00020000.00000000.sdmp, jbuESggTv0.exe, 00000000.00000002.1593158495.00000000042B2000.00000004.00000800.00020000.00000000.sdmp, jbuESggTv0.exe, 00000000.00000002.1594608307.0000000005BE0000.00000004.08000000.00040000.00000000.sdmp
              Source: Binary string: protobuf-net.pdbSHA256}Lq source: jbuESggTv0.exe, 00000000.00000002.1602327042.00000000061C0000.00000004.08000000.00040000.00000000.sdmp, jbuESggTv0.exe, 00000000.00000002.1593158495.00000000042B2000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000005.00000002.1721691566.0000000004231000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: protobuf-net.pdb source: jbuESggTv0.exe, 00000000.00000002.1602327042.00000000061C0000.00000004.08000000.00040000.00000000.sdmp, jbuESggTv0.exe, 00000000.00000002.1593158495.00000000042B2000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000005.00000002.1721691566.0000000004231000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: \.PDb source: svcost.exe.0.dr
              Source: C:\Users\user\Desktop\jbuESggTv0.exeCode function: 4x nop then jmp 02FD1C50h0_2_02FD1B98
              Source: C:\Users\user\Desktop\jbuESggTv0.exeCode function: 4x nop then jmp 02FD1C50h0_2_02FD1B91
              Source: C:\Users\user\Desktop\jbuESggTv0.exeCode function: 4x nop then jmp 05BC0A1Ch0_2_05BC0D2E
              Source: C:\Users\user\Desktop\jbuESggTv0.exeCode function: 4x nop then jmp 05BC0A1Ch0_2_05BC0980
              Source: C:\Users\user\Desktop\jbuESggTv0.exeCode function: 4x nop then jmp 05BC0A1Ch0_2_05BC0931
              Source: C:\Users\user\Desktop\jbuESggTv0.exeCode function: 4x nop then jmp 05BC0A1Ch0_2_05BC0971
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0289F206h3_2_0289F017
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0289FB90h3_2_0289F017
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h3_2_0289E538
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h3_2_0289EB6B
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h3_2_0289ED4C
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05641011h3_2_05640D60
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0564F009h3_2_0564ED60
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0564C041h3_2_0564BD98
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0564DEA9h3_2_0564DC00
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0564B791h3_2_0564B4E8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05640751h3_2_056404A0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0564E759h3_2_0564E4B0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0564DA51h3_2_0564D7A8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0564C8F1h3_2_0564C648
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05641A38h3_2_05641620
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0564F8B9h3_2_0564F610
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05641A38h3_2_05641610
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0564D1A1h3_2_0564CEF8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05641A38h3_2_05641966
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0564BBE9h3_2_0564B940
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05640BB1h3_2_05640900
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0564EBB1h3_2_0564E908
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0564C499h3_2_0564C1F0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05641471h3_2_056411C0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0564F461h3_2_0564F1B8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 056402F1h3_2_05640040
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0564E301h3_2_0564E058
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0564D5F9h3_2_0564D350
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0564FD11h3_2_0564FA68
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0564CD49h3_2_0564CAA0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 065A8945h3_2_065A8608
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 065A5D19h3_2_065A5A70
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 065A58C1h3_2_065A5618
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 065A6171h3_2_065A5EC8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]3_2_065A36CE
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 065A6A21h3_2_065A6778
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 065A65C9h3_2_065A6320
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 065A6E79h3_2_065A6BD0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]3_2_065A33B8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]3_2_065A33A8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 065A72FAh3_2_065A7050
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 065A02E9h3_2_065A0040
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 065A0B99h3_2_065A08F0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 065A0741h3_2_065A0498
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 065A7751h3_2_065A74A8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 065A8001h3_2_065A7D58
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 065A0FF1h3_2_065A0D48
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 065A7BA9h3_2_065A7900
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 065A5441h3_2_065A5198
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 065A8459h3_2_065A81B0
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 4x nop then jmp 05C7F5B8h5_2_05C7F500
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 4x nop then jmp 05C70A1Ch5_2_05C70D2E
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 4x nop then jmp 05C7F5B8h5_2_05C7F4F9
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 4x nop then jmp 05C70A1Ch5_2_05C70980
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 4x nop then jmp 05C70A1Ch5_2_05C70971
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 4x nop then jmp 05C70A1Ch5_2_05C70931
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 4x nop then jmp 05C70A1Ch5_2_05C70BD6
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 00CAF1F6h6_2_00CAF007
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 00CAFB80h6_2_00CAF491
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h6_2_00CAE528
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05288945h6_2_05288608
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05287BA9h6_2_05287900
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05280FF1h6_2_05280D48
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05288001h6_2_05287D58
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05288459h6_2_052881B0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05285441h6_2_05285198
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 052802E9h6_2_05280040
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 052872FAh6_2_05287050
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05287751h6_2_052874A8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05280741h6_2_05280498
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05280B99h6_2_052808F0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 052865C9h6_2_05286320
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05286A21h6_2_05286778
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]6_2_052833A8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]6_2_052833B8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05286E79h6_2_05286BD0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 052858C1h6_2_05285618
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05285D19h6_2_05285A70
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05286171h6_2_05285EC8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]6_2_052836CE

              Networking

              barindex
              Yara detected Generic Downloader
              Source: Yara matchFile source: 0.2.jbuESggTv0.exe.4235570.2.raw.unpack, type: UNPACKEDPE
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: Joe Sandbox ViewIP Address: 158.101.44.242 158.101.44.242
              Source: Joe Sandbox ViewIP Address: 172.67.177.134 172.67.177.134
              Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
              Source: unknownDNS query: name: checkip.dyndns.org
              Source: unknownDNS query: name: reallyfreegeoip.org
              Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.7:49815 -> 158.101.44.242:80
              Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.7:49793 -> 158.101.44.242:80
              Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.7:49760 -> 158.101.44.242:80
              Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.7:49778 -> 158.101.44.242:80
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49772 -> 172.67.177.134:443
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49812 -> 172.67.177.134:443
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49799 -> 172.67.177.134:443
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49813 -> 172.67.177.134:443
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: unknownHTTPS traffic detected: 172.67.177.134:443 -> 192.168.2.7:49766 version: TLS 1.0
              Source: unknownHTTPS traffic detected: 172.67.177.134:443 -> 192.168.2.7:49805 version: TLS 1.0
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
              Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
              Source: jbuESggTv0.exe, svcost.exe.0.drString found in binary or memory: http://cert.ssl.com/SSL.com-timeStamping-I-RSA-R1.cer0Q
              Source: jbuESggTv0.exe, svcost.exe.0.drString found in binary or memory: http://cert.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.cer0
              Source: InstallUtil.exe, 00000003.00000002.3819753587.0000000002C60000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002C17000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002C24000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002C51000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002B68000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002C09000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002BFB000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.0000000002843000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.00000000028D6000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.00000000028FF000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.000000000293B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.000000000292D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.00000000028E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.com
              Source: InstallUtil.exe, 00000003.00000002.3819753587.0000000002C60000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002C17000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002C24000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002C51000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002AB1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002BAB000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002C32000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002B68000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002C09000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002BFB000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.0000000002843000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.00000000028D6000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.00000000028FF000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.000000000293B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.0000000002837000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.000000000292D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.00000000028E4000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.000000000290D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.0000000002886000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
              Source: InstallUtil.exe, 00000003.00000002.3819753587.0000000002AB1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.0000000002781000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
              Source: jbuESggTv0.exe, 00000000.00000002.1593158495.00000000042B2000.00000004.00000800.00020000.00000000.sdmp, jbuESggTv0.exe, 00000000.00000002.1593158495.0000000004231000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3816754828.0000000000402000.00000040.00000400.00020000.00000000.sdmp, svcost.exe, 00000005.00000002.1721691566.00000000043BA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
              Source: jbuESggTv0.exe, svcost.exe.0.drString found in binary or memory: http://crls.ssl.com/SSL.com-timeStamping-I-RSA-R1.crl0
              Source: jbuESggTv0.exe, svcost.exe.0.drString found in binary or memory: http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl0
              Source: jbuESggTv0.exe, svcost.exe.0.drString found in binary or memory: http://crls.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.crl0
              Source: jbuESggTv0.exe, svcost.exe.0.drString found in binary or memory: http://crls.ssl.com/ssl.com-rsa-RootCA.crl0
              Source: jbuESggTv0.exe, svcost.exe.0.drString found in binary or memory: http://ocsps.ssl.com0
              Source: jbuESggTv0.exe, svcost.exe.0.drString found in binary or memory: http://ocsps.ssl.com0?
              Source: jbuESggTv0.exe, svcost.exe.0.drString found in binary or memory: http://ocsps.ssl.com0_
              Source: InstallUtil.exe, 00000003.00000002.3819753587.0000000002C60000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002C17000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002C24000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002C51000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002C09000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002BFB000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.00000000028D6000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.00000000028FF000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.000000000293B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.000000000292D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.00000000028E4000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.000000000285B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://reallyfreegeoip.org
              Source: jbuESggTv0.exe, 00000000.00000002.1580157490.0000000003293000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002AB1000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000005.00000002.1711136967.0000000003293000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.0000000002781000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
              Source: jbuESggTv0.exe, svcost.exe.0.drString found in binary or memory: http://www.ssl.com/repository/SSLcom-RootCA-EV-RSA-4096-R2.crt0
              Source: jbuESggTv0.exe, svcost.exe.0.drString found in binary or memory: http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt0
              Source: jbuESggTv0.exe, 00000000.00000002.1602327042.00000000061C0000.00000004.08000000.00040000.00000000.sdmp, jbuESggTv0.exe, 00000000.00000002.1593158495.00000000042B2000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000005.00000002.1721691566.0000000004231000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
              Source: jbuESggTv0.exe, 00000000.00000002.1602327042.00000000061C0000.00000004.08000000.00040000.00000000.sdmp, jbuESggTv0.exe, 00000000.00000002.1593158495.00000000042B2000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000005.00000002.1721691566.0000000004231000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
              Source: jbuESggTv0.exe, 00000000.00000002.1602327042.00000000061C0000.00000004.08000000.00040000.00000000.sdmp, jbuESggTv0.exe, 00000000.00000002.1593158495.00000000042B2000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000005.00000002.1721691566.0000000004231000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
              Source: InstallUtil.exe, 00000003.00000002.3819753587.0000000002C60000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002C17000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002C24000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002C51000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002BAB000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002B68000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002C09000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002BFB000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.0000000002843000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.00000000028D6000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.00000000028FF000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.000000000293B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.000000000292D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.00000000028E4000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.0000000002886000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
              Source: jbuESggTv0.exe, 00000000.00000002.1593158495.00000000042B2000.00000004.00000800.00020000.00000000.sdmp, jbuESggTv0.exe, 00000000.00000002.1593158495.0000000004231000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3816754828.0000000000402000.00000040.00000400.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002B68000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000005.00000002.1721691566.00000000043BA000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.0000000002843000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
              Source: InstallUtil.exe, 00000006.00000002.3819172841.0000000002886000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.75
              Source: InstallUtil.exe, 00000003.00000002.3819753587.0000000002C60000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002C17000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002C24000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002C51000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002BAB000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002C09000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002BFB000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.00000000028D6000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.00000000028FF000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.000000000293B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.000000000292D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.00000000028E4000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.0000000002886000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.75$
              Source: jbuESggTv0.exe, 00000000.00000002.1602327042.00000000061C0000.00000004.08000000.00040000.00000000.sdmp, jbuESggTv0.exe, 00000000.00000002.1593158495.00000000042B2000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000005.00000002.1721691566.0000000004231000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
              Source: jbuESggTv0.exe, 00000000.00000002.1602327042.00000000061C0000.00000004.08000000.00040000.00000000.sdmp, jbuESggTv0.exe, 00000000.00000002.1593158495.00000000042B2000.00000004.00000800.00020000.00000000.sdmp, jbuESggTv0.exe, 00000000.00000002.1580157490.0000000003293000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000005.00000002.1711136967.0000000003293000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000005.00000002.1721691566.0000000004231000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
              Source: jbuESggTv0.exe, 00000000.00000002.1602327042.00000000061C0000.00000004.08000000.00040000.00000000.sdmp, jbuESggTv0.exe, 00000000.00000002.1593158495.00000000042B2000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000005.00000002.1721691566.0000000004231000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
              Source: jbuESggTv0.exe, svcost.exe.0.drString found in binary or memory: https://www.ssl.com/repository0
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
              Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
              Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
              Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
              Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
              Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
              Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
              Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
              Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822

              System Summary

              barindex
              Malicious sample detected (through community Yara rule)
              Source: 0.2.jbuESggTv0.exe.4235570.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: 0.2.jbuESggTv0.exe.4235570.2.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
              Source: 0.2.jbuESggTv0.exe.4235570.2.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
              Source: 0.2.jbuESggTv0.exe.4235570.2.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: 3.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: 3.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
              Source: 3.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
              Source: 3.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: 0.2.jbuESggTv0.exe.4235570.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: 0.2.jbuESggTv0.exe.4235570.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
              Source: 0.2.jbuESggTv0.exe.4235570.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
              Source: 0.2.jbuESggTv0.exe.4235570.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: 00000003.00000002.3816754828.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: 00000003.00000002.3816754828.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: 00000000.00000002.1593158495.0000000004231000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: 00000000.00000002.1593158495.0000000004231000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: 00000005.00000002.1721691566.00000000043BA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: 00000005.00000002.1721691566.00000000043BA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: 00000000.00000002.1593158495.00000000042B2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: 00000000.00000002.1593158495.00000000042B2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: Process Memory Space: jbuESggTv0.exe PID: 7252, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: Process Memory Space: jbuESggTv0.exe PID: 7252, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: Process Memory Space: InstallUtil.exe PID: 7636, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: Process Memory Space: InstallUtil.exe PID: 7636, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: Process Memory Space: svcost.exe PID: 7740, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: Process Memory Space: svcost.exe PID: 7740, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
              Drops large PE files
              Source: C:\Users\user\Desktop\jbuESggTv0.exeFile dump: svcost.exe.0.dr 285155438Jump to dropped file
              Windows Scripting host queries suspicious COM object (likely to drop second stage)
              Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeCode function: 0_2_02FD5F68 NtResumeThread,0_2_02FD5F68
              Source: C:\Users\user\Desktop\jbuESggTv0.exeCode function: 0_2_02FD3498 NtProtectVirtualMemory,0_2_02FD3498
              Source: C:\Users\user\Desktop\jbuESggTv0.exeCode function: 0_2_02FD5F61 NtResumeThread,0_2_02FD5F61
              Source: C:\Users\user\Desktop\jbuESggTv0.exeCode function: 0_2_02FD3490 NtProtectVirtualMemory,0_2_02FD3490
              Source: C:\Users\user\Desktop\jbuESggTv0.exeCode function: 0_2_01798A180_2_01798A18
              Source: C:\Users\user\Desktop\jbuESggTv0.exeCode function: 0_2_0179CAE00_2_0179CAE0
              Source: C:\Users\user\Desktop\jbuESggTv0.exeCode function: 0_2_01798A0B0_2_01798A0B
              Source: C:\Users\user\Desktop\jbuESggTv0.exeCode function: 0_2_02FD00400_2_02FD0040
              Source: C:\Users\user\Desktop\jbuESggTv0.exeCode function: 0_2_02FD6A300_2_02FD6A30
              Source: C:\Users\user\Desktop\jbuESggTv0.exeCode function: 0_2_02FD6A210_2_02FD6A21
              Source: C:\Users\user\Desktop\jbuESggTv0.exeCode function: 0_2_02FD70780_2_02FD7078
              Source: C:\Users\user\Desktop\jbuESggTv0.exeCode function: 0_2_02FD70690_2_02FD7069
              Source: C:\Users\user\Desktop\jbuESggTv0.exeCode function: 0_2_02FD003F0_2_02FD003F
              Source: C:\Users\user\Desktop\jbuESggTv0.exeCode function: 0_2_05BC0D2E0_2_05BC0D2E
              Source: C:\Users\user\Desktop\jbuESggTv0.exeCode function: 0_2_05BC09800_2_05BC0980
              Source: C:\Users\user\Desktop\jbuESggTv0.exeCode function: 0_2_05BC09310_2_05BC0931
              Source: C:\Users\user\Desktop\jbuESggTv0.exeCode function: 0_2_05BC09710_2_05BC0971
              Source: C:\Users\user\Desktop\jbuESggTv0.exeCode function: 0_2_06C2DEF80_2_06C2DEF8
              Source: C:\Users\user\Desktop\jbuESggTv0.exeCode function: 0_2_06C2E3500_2_06C2E350
              Source: C:\Users\user\Desktop\jbuESggTv0.exeCode function: 0_2_06C100400_2_06C10040
              Source: C:\Users\user\Desktop\jbuESggTv0.exeCode function: 0_2_06C100070_2_06C10007
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0289B3383_2_0289B338
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0289F0173_2_0289F017
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_028961203_2_02896120
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_028946D93_2_028946D9
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0289B7E23_2_0289B7E2
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_028967483_2_02896748
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0289C7623_2_0289C762
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0289C4573_2_0289C457
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0289BAC03_2_0289BAC0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0289CA423_2_0289CA42
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_028998683_2_02899868
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0289BDA03_2_0289BDA0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0289C4803_2_0289C480
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0289B5023_2_0289B502
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0289E5273_2_0289E527
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0289E5383_2_0289E538
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_028935723_2_02893572
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_05647D903_2_05647D90
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_056484603_2_05648460
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_056438703_2_05643870
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_05640D603_2_05640D60
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0564ED603_2_0564ED60
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0564ED503_2_0564ED50
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_05640D513_2_05640D51
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0564BD883_2_0564BD88
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0564BD983_2_0564BD98
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0564DC003_2_0564DC00
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0564B4E83_2_0564B4E8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0564B4D73_2_0564B4D7
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_056404A03_2_056404A0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0564E4A03_2_0564E4A0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0564E4B03_2_0564E4B0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_056404903_2_05640490
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0564D7A83_2_0564D7A8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0564D7983_2_0564D798
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0564C6483_2_0564C648
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0564C6383_2_0564C638
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0564F6003_2_0564F600
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0564F6103_2_0564F610
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0564CEEA3_2_0564CEEA
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0564CEF83_2_0564CEF8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0564B9403_2_0564B940
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0564B9303_2_0564B930
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_056409003_2_05640900
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0564E9083_2_0564E908
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0564C1E03_2_0564C1E0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0564C1F03_2_0564C1F0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_056411C03_2_056411C0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0564F1A93_2_0564F1A9
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_056411B03_2_056411B0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0564F1B83_2_0564F1B8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_056438603_2_05643860
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_056400403_2_05640040
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0564E0493_2_0564E049
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0564E0583_2_0564E058
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0564001A3_2_0564001A
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_056408F03_2_056408F0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0564E8F83_2_0564E8F8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0564D3403_2_0564D340
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0564D3503_2_0564D350
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_056473E83_2_056473E8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0564DBF13_2_0564DBF1
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0564FA683_2_0564FA68
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0564FA593_2_0564FA59
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0564CAA03_2_0564CAA0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0564CA903_2_0564CA90
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065AAA583_2_065AAA58
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065AD6703_2_065AD670
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065A86083_2_065A8608
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065AB6E83_2_065AB6E8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065AC3883_2_065AC388
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065A8C513_2_065A8C51
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065AA4083_2_065AA408
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065AD0283_2_065AD028
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065AB0A03_2_065AB0A0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065ABD383_2_065ABD38
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065AC9D83_2_065AC9D8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065A11A03_2_065A11A0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065AAA483_2_065AAA48
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065A5A703_2_065A5A70
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065AD6623_2_065AD662
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065A5A603_2_065A5A60
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065A56183_2_065A5618
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065A560A3_2_065A560A
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065A86023_2_065A8602
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065AB6D93_2_065AB6D9
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065A5EC83_2_065A5EC8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065A5EB83_2_065A5EB8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065A67783_2_065A6778
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065AC3783_2_065AC378
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065A67763_2_065A6776
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065A63123_2_065A6312
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065A37303_2_065A3730
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065A63203_2_065A6320
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065A6BD03_2_065A6BD0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065A6BC13_2_065A6BC1
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065AA3F83_2_065AA3F8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065A33B83_2_065A33B8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065A33A83_2_065A33A8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065A70503_2_065A7050
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065A70493_2_065A7049
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065A00403_2_065A0040
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065A28183_2_065A2818
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065AD0183_2_065AD018
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065A00063_2_065A0006
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065A28073_2_065A2807
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065A44303_2_065A4430
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065A08F03_2_065A08F0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065A78F03_2_065A78F0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065A08E03_2_065A08E0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065A04983_2_065A0498
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065AB0903_2_065AB090
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065A74973_2_065A7497
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065A04883_2_065A0488
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065A74A83_2_065A74A8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065A7D583_2_065A7D58
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065A0D483_2_065A0D48
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065A7D483_2_065A7D48
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065A79003_2_065A7900
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065A0D393_2_065A0D39
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065ABD283_2_065ABD28
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065AC9C83_2_065AC9C8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065A51983_2_065A5198
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065A11913_2_065A1191
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065A518A3_2_065A518A
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065A81B03_2_065A81B0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065A81A03_2_065A81A0
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 5_2_03098A185_2_03098A18
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 5_2_0309CAE05_2_0309CAE0
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 5_2_03098A1D5_2_03098A1D
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 5_2_05C7D9A85_2_05C7D9A8
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 5_2_05C70D2E5_2_05C70D2E
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 5_2_05C709805_2_05C70980
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 5_2_05C7D9985_2_05C7D998
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 5_2_05C709715_2_05C70971
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 5_2_05C709315_2_05C70931
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 5_2_06D1DEF85_2_06D1DEF8
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 5_2_06D1E3505_2_06D1E350
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 5_2_06D000405_2_06D00040
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 5_2_06D000075_2_06D00007
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00CAF0076_2_00CAF007
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00CAC1906_2_00CAC190
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00CA61086_2_00CA6108
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00CAB4F36_2_00CAB4F3
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00CAC4706_2_00CAC470
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00CAC7536_2_00CAC753
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00CA67306_2_00CA6730
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00CA98586_2_00CA9858
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00CA4AD96_2_00CA4AD9
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00CACA336_2_00CACA33
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00CABBD36_2_00CABBD3
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00CABEB06_2_00CABEB0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00CAE5176_2_00CAE517
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00CAE5286_2_00CAE528
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_0528BD386_2_0528BD38
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_0528C9D86_2_0528C9D8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_0528D0286_2_0528D028
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_0528A4086_2_0528A408
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_0528B0A06_2_0528B0A0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05288B586_2_05288B58
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_0528C3886_2_0528C388
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_052886086_2_05288608
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_0528D6706_2_0528D670
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_0528AA586_2_0528AA58
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_0528B6E86_2_0528B6E8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_0528BD286_2_0528BD28
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05280D396_2_05280D39
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_052879006_2_05287900
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05280D486_2_05280D48
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05287D486_2_05287D48
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05287D586_2_05287D58
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_052811A06_2_052811A0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_052881A06_2_052881A0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_052881B06_2_052881B0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_0528518A6_2_0528518A
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_052851986_2_05285198
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_052811916_2_05281191
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_052885FC6_2_052885FC
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_0528C9C86_2_0528C9C8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_052844306_2_05284430
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_052800076_2_05280007
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_052828076_2_05282807
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_052828186_2_05282818
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_0528D0186_2_0528D018
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_052800406_2_05280040
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_052870406_2_05287040
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_052870506_2_05287050
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_052874A86_2_052874A8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_052804886_2_05280488
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_0528B08F6_2_0528B08F
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_052804986_2_05280498
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_052874976_2_05287497
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_052808E06_2_052808E0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_052808F06_2_052808F0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_052878F06_2_052878F0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_052863206_2_05286320
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_052837306_2_05283730
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_052863126_2_05286312
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_0528676A6_2_0528676A
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_052867786_2_05286778
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_0528C3786_2_0528C378
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_052833A86_2_052833A8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_052833B86_2_052833B8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_0528A3F86_2_0528A3F8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05286BC16_2_05286BC1
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05286BD06_2_05286BD0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_0528560A6_2_0528560A
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_052856186_2_05285618
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05285A606_2_05285A60
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_0528D6636_2_0528D663
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05285A706_2_05285A70
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_0528AA486_2_0528AA48
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05285EB86_2_05285EB8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05285EC86_2_05285EC8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_0528B6D96_2_0528B6D9
              Source: jbuESggTv0.exeStatic PE information: invalid certificate
              Source: jbuESggTv0.exe, 00000000.00000002.1593158495.000000000436B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs jbuESggTv0.exe
              Source: jbuESggTv0.exe, 00000000.00000002.1593158495.000000000436B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameEeuhgbvwp.dll" vs jbuESggTv0.exe
              Source: jbuESggTv0.exe, 00000000.00000002.1602327042.00000000061C0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs jbuESggTv0.exe
              Source: jbuESggTv0.exe, 00000000.00000002.1574182774.00000000011FE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs jbuESggTv0.exe
              Source: jbuESggTv0.exe, 00000000.00000000.1345094713.0000000000CC2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameRef#105.exe8 vs jbuESggTv0.exe
              Source: jbuESggTv0.exe, 00000000.00000002.1594888554.0000000005F30000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameEeuhgbvwp.dll" vs jbuESggTv0.exe
              Source: jbuESggTv0.exe, 00000000.00000002.1593158495.00000000042B2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs jbuESggTv0.exe
              Source: jbuESggTv0.exe, 00000000.00000002.1593158495.00000000042B2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs jbuESggTv0.exe
              Source: jbuESggTv0.exe, 00000000.00000002.1593158495.0000000004231000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs jbuESggTv0.exe
              Source: jbuESggTv0.exe, 00000000.00000002.1594608307.0000000005BE0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs jbuESggTv0.exe
              Source: jbuESggTv0.exe, 00000000.00000002.1580157490.0000000003231000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs jbuESggTv0.exe
              Source: jbuESggTv0.exe, 00000000.00000002.1580157490.0000000003293000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs jbuESggTv0.exe
              Source: jbuESggTv0.exe, 00000000.00000002.1580157490.0000000003814000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs jbuESggTv0.exe
              Source: jbuESggTv0.exeBinary or memory string: OriginalFilenameRef#105.exe8 vs jbuESggTv0.exe
              Source: jbuESggTv0.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: 0.2.jbuESggTv0.exe.4235570.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: 0.2.jbuESggTv0.exe.4235570.2.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 0.2.jbuESggTv0.exe.4235570.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
              Source: 0.2.jbuESggTv0.exe.4235570.2.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: 3.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: 3.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 3.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
              Source: 3.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: 0.2.jbuESggTv0.exe.4235570.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: 0.2.jbuESggTv0.exe.4235570.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 0.2.jbuESggTv0.exe.4235570.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
              Source: 0.2.jbuESggTv0.exe.4235570.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: 00000003.00000002.3816754828.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: 00000003.00000002.3816754828.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: 00000000.00000002.1593158495.0000000004231000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: 00000000.00000002.1593158495.0000000004231000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: 00000005.00000002.1721691566.00000000043BA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: 00000005.00000002.1721691566.00000000043BA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: 00000000.00000002.1593158495.00000000042B2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: 00000000.00000002.1593158495.00000000042B2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: Process Memory Space: jbuESggTv0.exe PID: 7252, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: Process Memory Space: jbuESggTv0.exe PID: 7252, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: Process Memory Space: InstallUtil.exe PID: 7636, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: Process Memory Space: InstallUtil.exe PID: 7636, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: Process Memory Space: svcost.exe PID: 7740, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: Process Memory Space: svcost.exe PID: 7740, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: jbuESggTv0.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: svcost.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: 0.2.jbuESggTv0.exe.436b830.3.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
              Source: 0.2.jbuESggTv0.exe.436b830.3.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
              Source: 0.2.jbuESggTv0.exe.436b830.3.raw.unpack, Task.csTask registration methods: 'RegisterChanges', 'CreateTask'
              Source: 0.2.jbuESggTv0.exe.436b830.3.raw.unpack, TaskService.csTask registration methods: 'CreateFromToken'
              Source: 0.2.jbuESggTv0.exe.431b810.1.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
              Source: 0.2.jbuESggTv0.exe.431b810.1.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
              Source: 0.2.jbuESggTv0.exe.431b810.1.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
              Source: 0.2.jbuESggTv0.exe.431b810.1.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
              Source: 0.2.jbuESggTv0.exe.431b810.1.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
              Source: 0.2.jbuESggTv0.exe.436b830.3.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
              Source: 0.2.jbuESggTv0.exe.436b830.3.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
              Source: 0.2.jbuESggTv0.exe.436b830.3.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
              Source: 0.2.jbuESggTv0.exe.436b830.3.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
              Source: 0.2.jbuESggTv0.exe.431b810.1.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
              Source: 0.2.jbuESggTv0.exe.431b810.1.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
              Source: 0.2.jbuESggTv0.exe.5be0000.5.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
              Source: 0.2.jbuESggTv0.exe.5be0000.5.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
              Source: 0.2.jbuESggTv0.exe.5be0000.5.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
              Source: 0.2.jbuESggTv0.exe.5be0000.5.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
              Source: 0.2.jbuESggTv0.exe.436b830.3.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
              Source: 0.2.jbuESggTv0.exe.5be0000.5.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
              Source: 0.2.jbuESggTv0.exe.5be0000.5.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
              Source: 0.2.jbuESggTv0.exe.431b810.1.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
              Source: 0.2.jbuESggTv0.exe.436b830.3.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
              Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winEXE@8/2@2/2
              Source: C:\Users\user\Desktop\jbuESggTv0.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svcost.vbsJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMutant created: NULL
              Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svcost.vbs"
              Source: jbuESggTv0.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: jbuESggTv0.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
              Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: InstallUtil.exe, 00000003.00000002.3819753587.0000000002CE7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002D2A000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002D1E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3823820604.0000000003B3A000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002CD8000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.00000000029BD000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.0000000002A00000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.00000000029CC000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.00000000029AE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
              Source: jbuESggTv0.exeReversingLabs: Detection: 68%
              Source: C:\Users\user\Desktop\jbuESggTv0.exeFile read: C:\Users\user\Desktop\jbuESggTv0.exeJump to behavior
              Source: unknownProcess created: C:\Users\user\Desktop\jbuESggTv0.exe "C:\Users\user\Desktop\jbuESggTv0.exe"
              Source: C:\Users\user\Desktop\jbuESggTv0.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
              Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svcost.vbs"
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\svcost.exe "C:\Users\user\AppData\Roaming\svcost.exe"
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
              Source: C:\Users\user\Desktop\jbuESggTv0.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\svcost.exe "C:\Users\user\AppData\Roaming\svcost.exe" Jump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wtsapi32.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winsta.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
              Source: jbuESggTv0.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
              Source: jbuESggTv0.exeStatic file information: File size 1072096 > 1048576
              Source: jbuESggTv0.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
              Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: jbuESggTv0.exe, 00000000.00000002.1593158495.000000000436B000.00000004.00000800.00020000.00000000.sdmp, jbuESggTv0.exe, 00000000.00000002.1593158495.00000000042B2000.00000004.00000800.00020000.00000000.sdmp, jbuESggTv0.exe, 00000000.00000002.1594608307.0000000005BE0000.00000004.08000000.00040000.00000000.sdmp
              Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: jbuESggTv0.exe, 00000000.00000002.1593158495.000000000436B000.00000004.00000800.00020000.00000000.sdmp, jbuESggTv0.exe, 00000000.00000002.1593158495.00000000042B2000.00000004.00000800.00020000.00000000.sdmp, jbuESggTv0.exe, 00000000.00000002.1594608307.0000000005BE0000.00000004.08000000.00040000.00000000.sdmp
              Source: Binary string: protobuf-net.pdbSHA256}Lq source: jbuESggTv0.exe, 00000000.00000002.1602327042.00000000061C0000.00000004.08000000.00040000.00000000.sdmp, jbuESggTv0.exe, 00000000.00000002.1593158495.00000000042B2000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000005.00000002.1721691566.0000000004231000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: protobuf-net.pdb source: jbuESggTv0.exe, 00000000.00000002.1602327042.00000000061C0000.00000004.08000000.00040000.00000000.sdmp, jbuESggTv0.exe, 00000000.00000002.1593158495.00000000042B2000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000005.00000002.1721691566.0000000004231000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: \.PDb source: svcost.exe.0.dr

              Data Obfuscation

              barindex
              .NET source code contains potential unpacker
              Source: 0.2.jbuESggTv0.exe.436b830.3.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
              Source: 0.2.jbuESggTv0.exe.436b830.3.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
              Source: 0.2.jbuESggTv0.exe.436b830.3.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
              Source: 0.2.jbuESggTv0.exe.431b810.1.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
              Source: 0.2.jbuESggTv0.exe.431b810.1.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
              Source: 0.2.jbuESggTv0.exe.431b810.1.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
              Source: 0.2.jbuESggTv0.exe.5be0000.5.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
              Source: 0.2.jbuESggTv0.exe.5be0000.5.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
              Source: 0.2.jbuESggTv0.exe.5be0000.5.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
              Yara detected Costura Assembly Loader
              Source: Yara matchFile source: 0.2.jbuESggTv0.exe.6320000.8.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000002.1605150480.0000000006320000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.1711136967.0000000003293000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.1580157490.0000000003293000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: jbuESggTv0.exe PID: 7252, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: svcost.exe PID: 7740, type: MEMORYSTR
              Source: C:\Users\user\Desktop\jbuESggTv0.exeCode function: 0_2_05BC807D push eax; ret 0_2_05BC8141
              Source: C:\Users\user\Desktop\jbuESggTv0.exeCode function: 0_2_06C135A6 push edi; retf 0_2_06C135AC
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_028924B9 push 8BFFFFFFh; retf 3_2_028924BF
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_05642E60 push esp; iretd 3_2_05642E79
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_065A3181 push ebx; retf 3_2_065A3182
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 5_2_05C78F95 push eax; ret 5_2_05C78FD9
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 5_2_06D035A6 push edi; retf 5_2_06D035AC
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00CA24B9 push 8BFFFFFFh; retf 6_2_00CA24BF
              Source: jbuESggTv0.exeStatic PE information: section name: .text entropy: 7.764858525500812
              Source: svcost.exe.0.drStatic PE information: section name: .text entropy: 7.764858525500812
              Source: C:\Users\user\Desktop\jbuESggTv0.exeFile created: C:\Users\user\AppData\Roaming\svcost.exeJump to dropped file

              Boot Survival

              barindex
              Drops VBS files to the startup folder
              Source: C:\Users\user\Desktop\jbuESggTv0.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svcost.vbsJump to dropped file
              Source: C:\Users\user\Desktop\jbuESggTv0.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svcost.vbsJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svcost.vbsJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

              Malware Analysis System Evasion

              barindex
              Yara detected AntiVM3
              Source: Yara matchFile source: Process Memory Space: jbuESggTv0.exe PID: 7252, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: svcost.exe PID: 7740, type: MEMORYSTR
              Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
              Source: jbuESggTv0.exe, 00000000.00000002.1580157490.0000000003293000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000005.00000002.1711136967.0000000003293000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
              Source: C:\Users\user\Desktop\jbuESggTv0.exeMemory allocated: 1750000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeMemory allocated: 3230000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeMemory allocated: 2F70000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeMemory allocated: 6C60000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeMemory allocated: 17C60000 memory reserve | memory write watchJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2850000 memory reserve | memory write watchJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2AB0000 memory reserve | memory write watchJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 28D0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeMemory allocated: 2FF0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeMemory allocated: 3230000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeMemory allocated: 2FF0000 memory reserve | memory write watchJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: CA0000 memory reserve | memory write watchJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2780000 memory reserve | memory write watchJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 26A0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 600000Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599890Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599776Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599656Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599546Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599430Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599312Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599203Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599093Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598984Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598874Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598765Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598656Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598546Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598437Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598328Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598209Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598078Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597966Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597841Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597733Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597612Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597495Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597375Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597265Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597156Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597043Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596937Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596828Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596718Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596609Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596499Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596389Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596281Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596171Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596062Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595953Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595843Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595734Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595624Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595515Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595406Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595296Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595187Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595078Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594968Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594859Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594750Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594640Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594531Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594421Jump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 600000Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599891Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599766Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599656Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599547Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599438Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599297Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599172Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599063Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598938Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598813Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598703Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598594Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598469Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598359Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598250Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598141Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598031Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597922Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597812Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597703Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597594Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597469Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597359Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597250Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597141Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597032Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596907Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596782Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596672Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596563Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596438Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596313Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596188Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596063Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595953Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595844Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595719Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595609Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595500Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595375Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595266Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595123Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594985Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594860Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594735Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594610Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594485Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594360Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594235Jump to behavior
              Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 2021Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 7830Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 7057Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 2784Jump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exe TID: 7320Thread sleep time: -1844674407370954s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exe TID: 7332Thread sleep count: 215 > 30Jump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exe TID: 7348Thread sleep count: 85 > 30Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7820Thread sleep time: -27670116110564310s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7820Thread sleep time: -600000s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7820Thread sleep time: -599890s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7824Thread sleep count: 2021 > 30Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7824Thread sleep count: 7830 > 30Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7820Thread sleep time: -599776s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7820Thread sleep time: -599656s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7820Thread sleep time: -599546s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7820Thread sleep time: -599430s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7820Thread sleep time: -599312s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7820Thread sleep time: -599203s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7820Thread sleep time: -599093s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7820Thread sleep time: -598984s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7820Thread sleep time: -598874s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7820Thread sleep time: -598765s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7820Thread sleep time: -598656s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7820Thread sleep time: -598546s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7820Thread sleep time: -598437s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7820Thread sleep time: -598328s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7820Thread sleep time: -598209s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7820Thread sleep time: -598078s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7820Thread sleep time: -597966s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7820Thread sleep time: -597841s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7820Thread sleep time: -597733s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7820Thread sleep time: -597612s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7820Thread sleep time: -597495s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7820Thread sleep time: -597375s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7820Thread sleep time: -597265s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7820Thread sleep time: -597156s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7820Thread sleep time: -597043s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7820Thread sleep time: -596937s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7820Thread sleep time: -596828s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7820Thread sleep time: -596718s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7820Thread sleep time: -596609s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7820Thread sleep time: -596499s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7820Thread sleep time: -596389s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7820Thread sleep time: -596281s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7820Thread sleep time: -596171s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7820Thread sleep time: -596062s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7820Thread sleep time: -595953s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7820Thread sleep time: -595843s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7820Thread sleep time: -595734s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7820Thread sleep time: -595624s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7820Thread sleep time: -595515s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7820Thread sleep time: -595406s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7820Thread sleep time: -595296s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7820Thread sleep time: -595187s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7820Thread sleep time: -595078s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7820Thread sleep time: -594968s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7820Thread sleep time: -594859s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7820Thread sleep time: -594750s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7820Thread sleep time: -594640s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7820Thread sleep time: -594531s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7820Thread sleep time: -594421s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exe TID: 7776Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exe TID: 7780Thread sleep count: 193 > 30Jump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exe TID: 7796Thread sleep count: 101 > 30Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7924Thread sleep count: 36 > 30Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7924Thread sleep time: -33204139332677172s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7924Thread sleep time: -600000s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7924Thread sleep time: -599891s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7928Thread sleep count: 7057 > 30Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7928Thread sleep count: 2784 > 30Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7924Thread sleep time: -599766s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7924Thread sleep time: -599656s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7924Thread sleep time: -599547s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7924Thread sleep time: -599438s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7924Thread sleep time: -599297s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7924Thread sleep time: -599172s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7924Thread sleep time: -599063s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7924Thread sleep time: -598938s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7924Thread sleep time: -598813s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7924Thread sleep time: -598703s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7924Thread sleep time: -598594s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7924Thread sleep time: -598469s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7924Thread sleep time: -598359s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7924Thread sleep time: -598250s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7924Thread sleep time: -598141s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7924Thread sleep time: -598031s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7924Thread sleep time: -597922s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7924Thread sleep time: -597812s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7924Thread sleep time: -597703s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7924Thread sleep time: -597594s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7924Thread sleep time: -597469s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7924Thread sleep time: -597359s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7924Thread sleep time: -597250s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7924Thread sleep time: -597141s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7924Thread sleep time: -597032s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7924Thread sleep time: -596907s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7924Thread sleep time: -596782s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7924Thread sleep time: -596672s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7924Thread sleep time: -596563s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7924Thread sleep time: -596438s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7924Thread sleep time: -596313s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7924Thread sleep time: -596188s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7924Thread sleep time: -596063s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7924Thread sleep time: -595953s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7924Thread sleep time: -595844s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7924Thread sleep time: -595719s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7924Thread sleep time: -595609s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7924Thread sleep time: -595500s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7924Thread sleep time: -595375s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7924Thread sleep time: -595266s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7924Thread sleep time: -595123s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7924Thread sleep time: -594985s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7924Thread sleep time: -594860s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7924Thread sleep time: -594735s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7924Thread sleep time: -594610s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7924Thread sleep time: -594485s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7924Thread sleep time: -594360s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7924Thread sleep time: -594235s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 600000Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599890Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599776Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599656Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599546Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599430Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599312Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599203Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599093Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598984Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598874Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598765Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598656Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598546Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598437Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598328Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598209Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598078Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597966Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597841Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597733Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597612Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597495Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597375Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597265Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597156Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597043Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596937Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596828Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596718Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596609Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596499Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596389Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596281Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596171Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596062Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595953Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595843Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595734Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595624Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595515Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595406Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595296Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595187Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595078Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594968Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594859Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594750Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594640Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594531Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594421Jump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 600000Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599891Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599766Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599656Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599547Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599438Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599297Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599172Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599063Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598938Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598813Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598703Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598594Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598469Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598359Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598250Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598141Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598031Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597922Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597812Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597703Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597594Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597469Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597359Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597250Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597141Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597032Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596907Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596782Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596672Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596563Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596438Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596313Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596188Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596063Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595953Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595844Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595719Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595609Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595500Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595375Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595266Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595123Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594985Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594860Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594735Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594610Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594485Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594360Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594235Jump to behavior
              Source: wscript.exe, 00000004.00000002.1594613273.0000014D79C44000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\y
              Source: svcost.exe, 00000005.00000002.1711136967.0000000003293000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SerialNumber0VMware|VIRTUAL|A M I|XenDselect * from Win32_ComputerSystem
              Source: svcost.exe, 00000005.00000002.1711136967.0000000003293000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: model0Microsoft|VMWare|Virtual
              Source: InstallUtil.exe, 00000006.00000002.3817176112.0000000000A17000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllj
              Source: InstallUtil.exe, 00000003.00000002.3817322474.0000000000CFD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
              Source: C:\Users\user\Desktop\jbuESggTv0.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_05647D90 LdrInitializeThunk,3_2_05647D90
              Source: C:\Users\user\Desktop\jbuESggTv0.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeMemory allocated: page read and write | page guardJump to behavior

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Injects a PE file into a foreign processes
              Source: C:\Users\user\Desktop\jbuESggTv0.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5AJump to behavior
              Writes to foreign memory regions
              Source: C:\Users\user\Desktop\jbuESggTv0.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000Jump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000Jump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 422000Jump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 424000Jump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 9F6008Jump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\svcost.exe "C:\Users\user\AppData\Roaming\svcost.exe" Jump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeQueries volume information: C:\Users\user\Desktop\jbuESggTv0.exe VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeQueries volume information: C:\Users\user\AppData\Roaming\svcost.exe VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\jbuESggTv0.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

              Stealing of Sensitive Information

              barindex
              Yara detected Snake Keylogger
              Source: Yara matchFile source: 0.2.jbuESggTv0.exe.4235570.2.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 3.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.jbuESggTv0.exe.4235570.2.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000003.00000002.3816754828.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000002.3819753587.0000000002C6E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.1593158495.0000000004231000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000002.3819172841.0000000002949000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.1721691566.00000000043BA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.1593158495.00000000042B2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000002.3819753587.0000000002AB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000002.3819172841.0000000002781000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: jbuESggTv0.exe PID: 7252, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7636, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: svcost.exe PID: 7740, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7864, type: MEMORYSTR
              Tries to harvest and steal browser information (history, passwords, etc)
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
              Tries to steal Mail credentials (via file / registry access)
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
              Source: Yara matchFile source: 0.2.jbuESggTv0.exe.4235570.2.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 3.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.jbuESggTv0.exe.4235570.2.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000003.00000002.3816754828.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.1593158495.0000000004231000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.1721691566.00000000043BA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.1593158495.00000000042B2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: jbuESggTv0.exe PID: 7252, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7636, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: svcost.exe PID: 7740, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7864, type: MEMORYSTR

              Remote Access Functionality

              barindex
              Yara detected Snake Keylogger
              Source: Yara matchFile source: 0.2.jbuESggTv0.exe.4235570.2.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 3.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.jbuESggTv0.exe.4235570.2.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000003.00000002.3816754828.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000002.3819753587.0000000002C6E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.1593158495.0000000004231000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000002.3819172841.0000000002949000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.1721691566.00000000043BA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.1593158495.00000000042B2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000002.3819753587.0000000002AB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000002.3819172841.0000000002781000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: jbuESggTv0.exe PID: 7252, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7636, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: svcost.exe PID: 7740, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7864, type: MEMORYSTR

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity Information111
              Scripting              		Valid Accounts1
              Scheduled Task/Job              		111
              Scripting              		211
              Process Injection              		1
              Masquerading              		1
              OS Credential Dumping              		11
              Security Software Discovery              		Remote Services1
              Email Collection              		11
              Encrypted Channel              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault AccountsScheduled Task/Job1
              Scheduled Task/Job              		1
              Scheduled Task/Job              		1
              Disable or Modify Tools              		LSASS Memory1
              Process Discovery              		Remote Desktop Protocol1
              Archive Collected Data              		1
              Ingress Tool Transfer              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAt2
              Registry Run Keys / Startup Folder              		2
              Registry Run Keys / Startup Folder              		31
              Virtualization/Sandbox Evasion              		Security Account Manager31
              Virtualization/Sandbox Evasion              		SMB/Windows Admin Shares1
              Data from Local System              		2
              Non-Application Layer Protocol              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCron1
              DLL Side-Loading              		1
              DLL Side-Loading              		211
              Process Injection              		NTDS1
              Application Window Discovery              		Distributed Component Object ModelInput Capture13
              Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script3
              Obfuscated Files or Information              		LSA Secrets1
              System Network Configuration Discovery              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts12
              Software Packing              		Cached Domain Credentials1
              File and Directory Discovery              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
              DLL Side-Loading              		DCSync13
              System Information Discovery              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1562382 Sample: jbuESggTv0.exe Startdate: 25/11/2024 Architecture: WINDOWS Score: 100 27 reallyfreegeoip.org 2->27 29 checkip.dyndns.org 2->29 31 checkip.dyndns.com 2->31 37 Found malware configuration 2->37 39 Malicious sample detected (through community Yara rule) 2->39 41 Multi AV Scanner detection for submitted file 2->41 45 9 other signatures 2->45 8 jbuESggTv0.exe 4 2->8         started        12 wscript.exe 1 2->12         started        signatures3 43 Tries to detect the country of the analysis system (by using the IP) 27->43 process4 file5 23 C:\Users\user\AppData\Roaming\svcost.exe, PE32 8->23 dropped 25 C:\Users\user\AppData\Roaming\...\svcost.vbs, ASCII 8->25 dropped 51 Drops VBS files to the startup folder 8->51 53 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 8->53 55 Writes to foreign memory regions 8->55 59 2 other signatures 8->59 14 InstallUtil.exe 15 2 8->14         started        57 Windows Scripting host queries suspicious COM object (likely to drop second stage) 12->57 18 svcost.exe 2 12->18         started        signatures6 process7 dnsIp8 33 checkip.dyndns.com 158.101.44.242, 49760, 49778, 49785 ORACLE-BMC-31898US United States 14->33 35 reallyfreegeoip.org 172.67.177.134, 443, 49766, 49772 CLOUDFLARENETUS United States 14->35 61 Tries to steal Mail credentials (via file / registry access) 14->61 63 Antivirus detection for dropped file 18->63 65 Machine Learning detection for dropped file 18->65 20 InstallUtil.exe 2 18->20         started        signatures9 process10 signatures11 47 Tries to steal Mail credentials (via file / registry access) 20->47 49 Tries to harvest and steal browser information (history, passwords, etc) 20->49

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              jbuESggTv0.exe68%ReversingLabsByteCode-MSIL.Trojan.RedLineStealer
              jbuESggTv0.exe100%Joe Sandbox ML

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Users\user\AppData\Roaming\svcost.exe100%AviraHEUR/AGEN.1310409
              C:\Users\user\AppData\Roaming\svcost.exe100%Joe Sandbox ML

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              No Antivirus matches

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              reallyfreegeoip.org
              		172.67.177.134
              		truefalse
                		high
                checkip.dyndns.com
                		158.101.44.242
                		truefalse
                  		high
                  checkip.dyndns.org
                  		unknown
                  		unknownfalse
                    		high

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    https://reallyfreegeoip.org/xml/8.46.123.75false
                      		high
                      http://checkip.dyndns.org/false
                        		high

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        https://stackoverflow.com/q/14436606/23354jbuESggTv0.exe, 00000000.00000002.1602327042.00000000061C0000.00000004.08000000.00040000.00000000.sdmp, jbuESggTv0.exe, 00000000.00000002.1593158495.00000000042B2000.00000004.00000800.00020000.00000000.sdmp, jbuESggTv0.exe, 00000000.00000002.1580157490.0000000003293000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000005.00000002.1711136967.0000000003293000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000005.00000002.1721691566.0000000004231000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://github.com/mgravell/protobuf-netJjbuESggTv0.exe, 00000000.00000002.1602327042.00000000061C0000.00000004.08000000.00040000.00000000.sdmp, jbuESggTv0.exe, 00000000.00000002.1593158495.00000000042B2000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000005.00000002.1721691566.0000000004231000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://ocsps.ssl.com0?jbuESggTv0.exe, svcost.exe.0.drfalse
                              		high
                              http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt0jbuESggTv0.exe, svcost.exe.0.drfalse
                                		high
                                https://github.com/mgravell/protobuf-netjbuESggTv0.exe, 00000000.00000002.1602327042.00000000061C0000.00000004.08000000.00040000.00000000.sdmp, jbuESggTv0.exe, 00000000.00000002.1593158495.00000000042B2000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000005.00000002.1721691566.0000000004231000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://cert.ssl.com/SSL.com-timeStamping-I-RSA-R1.cer0QjbuESggTv0.exe, svcost.exe.0.drfalse
                                    		high
                                    http://ocsps.ssl.com0jbuESggTv0.exe, svcost.exe.0.drfalse
                                      		high
                                      http://cert.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.cer0jbuESggTv0.exe, svcost.exe.0.drfalse
                                        		high
                                        http://checkip.dyndns.orgInstallUtil.exe, 00000003.00000002.3819753587.0000000002C60000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002C17000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002C24000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002C51000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002AB1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002BAB000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002C32000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002B68000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002C09000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002BFB000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.0000000002843000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.00000000028D6000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.00000000028FF000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.000000000293B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.0000000002837000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.000000000292D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.00000000028E4000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.000000000290D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.0000000002886000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl0jbuESggTv0.exe, svcost.exe.0.drfalse
                                            		high
                                            http://crls.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.crl0jbuESggTv0.exe, svcost.exe.0.drfalse
                                              		high
                                              http://crls.ssl.com/ssl.com-rsa-RootCA.crl0jbuESggTv0.exe, svcost.exe.0.drfalse
                                                		high
                                                https://github.com/mgravell/protobuf-netijbuESggTv0.exe, 00000000.00000002.1602327042.00000000061C0000.00000004.08000000.00040000.00000000.sdmp, jbuESggTv0.exe, 00000000.00000002.1593158495.00000000042B2000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000005.00000002.1721691566.0000000004231000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://crls.ssl.com/SSL.com-timeStamping-I-RSA-R1.crl0jbuESggTv0.exe, svcost.exe.0.drfalse
                                                    		high
                                                    https://reallyfreegeoip.org/xml/8.46.123.75$InstallUtil.exe, 00000003.00000002.3819753587.0000000002C60000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002C17000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002C24000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002C51000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002BAB000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002C09000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002BFB000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.00000000028D6000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.00000000028FF000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.000000000293B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.000000000292D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.00000000028E4000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.0000000002886000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://stackoverflow.com/q/11564914/23354;jbuESggTv0.exe, 00000000.00000002.1602327042.00000000061C0000.00000004.08000000.00040000.00000000.sdmp, jbuESggTv0.exe, 00000000.00000002.1593158495.00000000042B2000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000005.00000002.1721691566.0000000004231000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://stackoverflow.com/q/2152978/23354jbuESggTv0.exe, 00000000.00000002.1602327042.00000000061C0000.00000004.08000000.00040000.00000000.sdmp, jbuESggTv0.exe, 00000000.00000002.1593158495.00000000042B2000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000005.00000002.1721691566.0000000004231000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://checkip.dyndns.org/qjbuESggTv0.exe, 00000000.00000002.1593158495.00000000042B2000.00000004.00000800.00020000.00000000.sdmp, jbuESggTv0.exe, 00000000.00000002.1593158495.0000000004231000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3816754828.0000000000402000.00000040.00000400.00020000.00000000.sdmp, svcost.exe, 00000005.00000002.1721691566.00000000043BA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://www.ssl.com/repository0jbuESggTv0.exe, svcost.exe.0.drfalse
                                                              		high
                                                              http://ocsps.ssl.com0_jbuESggTv0.exe, svcost.exe.0.drfalse
                                                                		high
                                                                http://reallyfreegeoip.orgInstallUtil.exe, 00000003.00000002.3819753587.0000000002C60000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002C17000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002C24000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002C51000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002C09000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002BFB000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.00000000028D6000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.00000000028FF000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.000000000293B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.000000000292D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.00000000028E4000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.000000000285B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://reallyfreegeoip.orgInstallUtil.exe, 00000003.00000002.3819753587.0000000002C60000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002C17000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002C24000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002C51000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002BAB000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002B68000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002C09000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002BFB000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.0000000002843000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.00000000028D6000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.00000000028FF000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.000000000293B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.000000000292D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.00000000028E4000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.0000000002886000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://checkip.dyndns.comInstallUtil.exe, 00000003.00000002.3819753587.0000000002C60000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002C17000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002C24000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002C51000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002B68000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002C09000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002BFB000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.0000000002843000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.00000000028D6000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.00000000028FF000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.000000000293B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.000000000292D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.00000000028E4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namejbuESggTv0.exe, 00000000.00000002.1580157490.0000000003293000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002AB1000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000005.00000002.1711136967.0000000003293000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.0000000002781000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://www.ssl.com/repository/SSLcom-RootCA-EV-RSA-4096-R2.crt0jbuESggTv0.exe, svcost.exe.0.drfalse
                                                                          		high
                                                                          https://reallyfreegeoip.org/xml/jbuESggTv0.exe, 00000000.00000002.1593158495.00000000042B2000.00000004.00000800.00020000.00000000.sdmp, jbuESggTv0.exe, 00000000.00000002.1593158495.0000000004231000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3816754828.0000000000402000.00000040.00000400.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3819753587.0000000002B68000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000005.00000002.1721691566.00000000043BA000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.3819172841.0000000002843000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high

                                                                            World Map of Contacted IPs

                                                                            • No. of IPs < 25%
                                                                            • 25% < No. of IPs < 50%
                                                                            • 50% < No. of IPs < 75%
                                                                            • 75% < No. of IPs

                                                                            Public IPs

                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                            158.101.44.242
                                                                            		checkip.dyndns.comUnited States
                                                                            		31898ORACLE-BMC-31898USfalse
                                                                            172.67.177.134
                                                                            		reallyfreegeoip.orgUnited States
                                                                            		13335CLOUDFLARENETUSfalse

                                                                            General Information

                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                            Analysis ID:1562382
                                                                            Start date and time:2024-11-25 14:59:10 +01:00
                                                                            Joe Sandbox product:CloudBasic
                                                                            Overall analysis duration:0h 10m 31s
                                                                            Hypervisor based Inspection enabled:false
                                                                            Report type:full
                                                                            Cookbook file name:default.jbs
                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                            Number of analysed new started processes analysed:11
                                                                            Number of new started drivers analysed:0
                                                                            Number of existing processes analysed:0
                                                                            Number of existing drivers analysed:0
                                                                            Number of injected processes analysed:0
                                                                            Technologies:
                                                                            • HCA enabled
                                                                            • EGA enabled
                                                                            • AMSI enabled
                                                                            Analysis Mode:default
                                                                            Analysis stop reason:Timeout
                                                                            Sample name:jbuESggTv0.exe
                                                                            renamed because original name is a hash value
                                                                            Original Sample Name:13cb2135790780947be355c3c9ed42be1987c9e64d6cd0c43a5a4c5ae289dc30.exe
                                                                            Detection:MAL
                                                                            Classification:mal100.troj.spyw.expl.evad.winEXE@8/2@2/2
                                                                            EGA Information:
                                                                            • Successful, ratio: 50%
                                                                            HCA Information:
                                                                            • Successful, ratio: 97%
                                                                            • Number of executed functions: 501
                                                                            • Number of non-executed functions: 15
                                                                            Cookbook Comments:
                                                                            • Found application associated with file extension: .exe
                                                                            • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                            Warnings

                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, backgroundTaskHost.exe
                                                                            • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                                                                            • Execution Graph export aborted for target InstallUtil.exe, PID 7864 because it is empty
                                                                            • Execution Graph export aborted for target svcost.exe, PID 7740 because it is empty
                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                            • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                            • VT rate limit hit for: jbuESggTv0.exe

                                                                            Simulations

                                                                            Behavior and APIs

                                                                            TimeTypeDescription
                                                                            09:00:44API Interceptor9911288x Sleep call for process: InstallUtil.exe modified
                                                                            15:00:30AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svcost.vbs

                                                                            Joe Sandbox View / Context

                                                                            IPs

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                            158.101.44.242F7Xu8bRnXT.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                            • checkip.dyndns.org/
                                                                            Pigroots.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                            • checkip.dyndns.org/
                                                                            Updated Invoice_0755404645-2024_pdf.exeGet hashmaliciousUnknownBrowse
                                                                            • checkip.dyndns.org/
                                                                            ORDER 20240986 OA.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                            • checkip.dyndns.org/
                                                                            Quote document and order list.exeGet hashmaliciousGuLoaderBrowse
                                                                            • checkip.dyndns.org/
                                                                            FACTURA A00072-24.- TPC CORPORATE EVENTS SL - PILAR FORGA.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                            • checkip.dyndns.org/
                                                                            Request for Quotation MK FMHS.RFQ.24.11.20.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                            • checkip.dyndns.org/
                                                                            MB267382625AE.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                            • checkip.dyndns.org/
                                                                            Xkl0PnD8zFPjfh1.wiz.rtfGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                            • checkip.dyndns.org/
                                                                            rPO_1079021908.exeGet hashmaliciousMassLogger RATBrowse
                                                                            • checkip.dyndns.org/
                                                                            172.67.177.134tJzfnaqOxj.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                              LAQfpnQvPQ.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                November Quotation.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                  F7Xu8bRnXT.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                    dekont 25.11.2024 PDF.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                      Ziraat_Bankasi_Swift_Mesaji_BXB04958T.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                        IMG-20241119-WA0006(162KB).Pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                          NEW P.O.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                            MC8017774DOCS.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                              Shave.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse

                                                                                                Domains

                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                checkip.dyndns.comLAQfpnQvPQ.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                • 193.122.130.0
                                                                                                November Quotation.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                • 193.122.130.0
                                                                                                #U06a9#U067e#U06cc #U067e#U0631#U062f#U0627#U062e#U062a - 19112024,jpg.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                • 193.122.6.168
                                                                                                F7Xu8bRnXT.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                • 158.101.44.242
                                                                                                dekont 25.11.2024 PDF.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                • 132.226.8.169
                                                                                                AWB NO - 09804480383.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                                                                                • 132.226.247.73
                                                                                                denizbank 25.11.2024 E80 aspc.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                • 193.122.130.0
                                                                                                Ziraat_Bankasi_Swift_Mesaji_BXB04958T.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                • 193.122.6.168
                                                                                                VSP469620.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                • 193.122.130.0
                                                                                                order requirements CIF-TRC809910645210.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                • 132.226.8.169
                                                                                                reallyfreegeoip.orgLAQfpnQvPQ.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                • 172.67.177.134
                                                                                                November Quotation.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                • 172.67.177.134
                                                                                                #U06a9#U067e#U06cc #U067e#U0631#U062f#U0627#U062e#U062a - 19112024,jpg.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                • 104.21.67.152
                                                                                                F7Xu8bRnXT.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                • 172.67.177.134
                                                                                                dekont 25.11.2024 PDF.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                • 172.67.177.134
                                                                                                AWB NO - 09804480383.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                                                                                • 104.21.67.152
                                                                                                denizbank 25.11.2024 E80 aspc.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                • 104.21.67.152
                                                                                                Ziraat_Bankasi_Swift_Mesaji_BXB04958T.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                • 172.67.177.134
                                                                                                VSP469620.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                • 104.21.67.152
                                                                                                order requirements CIF-TRC809910645210.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                • 104.21.67.152

                                                                                                ASNs

                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                ORACLE-BMC-31898USLAQfpnQvPQ.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                • 193.122.130.0
                                                                                                la.bot.arm.elfGet hashmaliciousUnknownBrowse
                                                                                                • 193.123.91.33
                                                                                                November Quotation.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                • 193.122.130.0
                                                                                                #U06a9#U067e#U06cc #U067e#U0631#U062f#U0627#U062e#U062a - 19112024,jpg.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                • 193.122.6.168
                                                                                                F7Xu8bRnXT.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                • 158.101.44.242
                                                                                                denizbank 25.11.2024 E80 aspc.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                • 193.122.130.0
                                                                                                Ziraat_Bankasi_Swift_Mesaji_BXB04958T.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                • 193.122.6.168
                                                                                                VSP469620.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                • 193.122.130.0
                                                                                                IMG-20241119-WA0006(162KB).Pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                • 193.122.6.168
                                                                                                Pigroots.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                • 158.101.44.242
                                                                                                CLOUDFLARENETUStJzfnaqOxj.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                • 172.67.177.134
                                                                                                file.exeGet hashmaliciousNetSupport RATBrowse
                                                                                                • 104.26.1.231
                                                                                                LAQfpnQvPQ.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                • 172.67.177.134
                                                                                                DGTCkacbSz.xlsxGet hashmaliciousSnake KeyloggerBrowse
                                                                                                • 172.67.129.178
                                                                                                idk_1.ps1Get hashmaliciousUnknownBrowse
                                                                                                • 172.67.129.178
                                                                                                FreeCs2Skins.ps1Get hashmaliciousUnknownBrowse
                                                                                                • 172.67.129.178
                                                                                                Ref#2056119.exeGet hashmaliciousAgentTesla, XWormBrowse
                                                                                                • 104.26.13.205
                                                                                                file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                • 172.64.41.3
                                                                                                file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                • 172.67.155.47
                                                                                                PO#86637.exeGet hashmaliciousAgentTesla, PureLog Stealer, zgRATBrowse
                                                                                                • 104.26.13.205

                                                                                                JA3 Fingerprints

                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                54328bd36c14bd82ddaa0c04b25ed9adtJzfnaqOxj.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                • 172.67.177.134
                                                                                                LAQfpnQvPQ.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                • 172.67.177.134
                                                                                                November Quotation.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                • 172.67.177.134
                                                                                                #U06a9#U067e#U06cc #U067e#U0631#U062f#U0627#U062e#U062a - 19112024,jpg.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                • 172.67.177.134
                                                                                                F7Xu8bRnXT.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                • 172.67.177.134
                                                                                                dekont 25.11.2024 PDF.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                • 172.67.177.134
                                                                                                AWB NO - 09804480383.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                                                                                • 172.67.177.134
                                                                                                denizbank 25.11.2024 E80 aspc.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                • 172.67.177.134
                                                                                                Ziraat_Bankasi_Swift_Mesaji_BXB04958T.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                • 172.67.177.134
                                                                                                VSP469620.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                • 172.67.177.134

                                                                                                Dropped Files

                                                                                                No context

                                                                                                Created / dropped Files

                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svcost.vbs

                                                                                                Download File
                                                                                                Process:C:\Users\user\Desktop\jbuESggTv0.exe
                                                                                                File Type:ASCII text, with no line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):85
                                                                                                Entropy (8bit):4.803467483619845
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:FER/n0eFHHo0nacwREaKC51Hn:FER/lFHIcNwiaZ5t
                                                                                                MD5:4096CCC251FD19E0DE7DD1398C9511CE
                                                                                                SHA1:17E2940971C6E8C039651661B5D2F5B39CBA6DA5
                                                                                                SHA-256:EFB0BAB04E11A66A0593F881B8ACA9C2C46F36CE28CD627702D752761E2811DC
                                                                                                SHA-512:A7D390ECD981A8C6B8D00204815104141370E20742C5422CF97A1C07B27BAFCE98F6C826D879FBA28DA9EB335AC635FA60FECE3F81093815B677309AF3528ABA
                                                                                                Malicious:true
                                                                                                Reputation:low
                                                                                                Preview:CreateObject("WScript.Shell").Run """C:\Users\user\AppData\Roaming\svcost.exe"""

                                                                                                C:\Users\user\AppData\Roaming\svcost.exe

                                                                                                Download File
                                                                                                Process:C:\Users\user\Desktop\jbuESggTv0.exe
                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                Category:modified
                                                                                                Size (bytes):285155438
                                                                                                Entropy (8bit):7.9999921766059225
                                                                                                Encrypted:true
                                                                                                SSDEEP:6291456:PGFf0mwI1igVqZoPkI6FXF4rurA5BNaND8p1:Pmfd7TVqZoPvc1nE5fmIp1
                                                                                                MD5:1D3F574D5468B5AD753EF474761B993D
                                                                                                SHA1:3E0711A8EC94E549B3AFE146B75C074056C128F8
                                                                                                SHA-256:AF152031E08D8AC1E750E15DCBEB7A35DEE5645FFA770BB3AC88B9DA775E80BD
                                                                                                SHA-512:4C24FC4BF4C6CB223F2FBB8399A9DA418DEDB427D1C5C8988AF434C0FCEB9A59E383316A9D01040C513B127A615FB76472D63D9287D9E735436D443345250AD1
                                                                                                Malicious:true
                                                                                                Antivirus:
                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                Reputation:low
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....>g.....................J........... ... ....@.. ....................................`.................................\...O.... ..nF...........>............................................................... ............... ..H............text........ ...................... ..`.rsrc...nF... ...H..................@..@.reloc...............<..............@..B........................H........q.............................................................?.C.:....g|........>~.g?..!.....t}....]...W........>6#S....>.....`T?.(.>_'.>.......&!?.V!......>&..^..f.....O.n?T.>b,.>.......xcm?>.........7.._...h".......{..7?..&.......w..9..8f........f?.Q.>........+.d?Y.............<.'....?......r?a.G..`}>....*..>..N.G......r6a?.?.>.Y.>....z..?AH2?...>....-'....|..Yk.....g....8..7.O?.........:u>..A.....,J.>..I...n.....q.Z...a..l......PY?6..>+l.....H...../.

                                                                                                Static File Info

                                                                                                General

                                                                                                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                Entropy (8bit):7.751716236673022
                                                                                                TrID:
                                                                                                • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                                                                • Win32 Executable (generic) a (10002005/4) 49.97%
                                                                                                • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                • DOS Executable Generic (2002/1) 0.01%
                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                File name:jbuESggTv0.exe
                                                                                                File size:1'072'096 bytes
                                                                                                MD5:2ed7362e959d42385d4e6d231a6840dd
                                                                                                SHA1:b3cc47ac92296d978fc991d9658c771f225dbf18
                                                                                                SHA256:13cb2135790780947be355c3c9ed42be1987c9e64d6cd0c43a5a4c5ae289dc30
                                                                                                SHA512:66553bb74d63e2d8bb47751f87f93dee66c4acbe647115dea5148d6b301f0a6802ae972a3fc26c1bcf9412775f1fbfd6238c1b477f726e0386cdef183551b758
                                                                                                SSDEEP:24576:AY2YACYOYGYAAYAtY0YHYAkYAtYJYAAYoYA2YnYAqYDYAHONafeTZce9rlmxTfgX:UfeTZcYhmCBqKzSdG
                                                                                                TLSH:FF35F1240ADA56B5DA2EC33BDD94B5FAD16721FC3D03EA5B3E89F0587C1A300287456E
                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....>g.....................J........... ... ....@.. ....................................`................................

                                                                                                File Icon

                                                                                                Icon Hash:fcdc888888a498b8

                                                                                                Static PE Info

                                                                                                General

                                                                                                Entrypoint:0x5010ae
                                                                                                Entrypoint Section:.text
                                                                                                Digitally signed:true
                                                                                                Imagebase:0x400000
                                                                                                Subsystem:windows gui
                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                Time Stamp:0x673EFFFE [Thu Nov 21 09:40:14 2024 UTC]
                                                                                                TLS Callbacks:
                                                                                                CLR (.Net) Version:
                                                                                                OS Version Major:4
                                                                                                OS Version Minor:0
                                                                                                File Version Major:4
                                                                                                File Version Minor:0
                                                                                                Subsystem Version Major:4
                                                                                                Subsystem Version Minor:0
                                                                                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                Authenticode Signature

                                                                                                Signature Valid:false
                                                                                                Signature Issuer:CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US
                                                                                                Signature Validation Error:The digital signature of the object did not verify
                                                                                                Error Number:-2146869232
                                                                                                Not Before, Not After
                                                                                                • 04/07/2024 00:35:32 15/05/2027 11:15:04
                                                                                                Subject Chain
                                                                                                • OID.1.3.6.1.4.1.311.60.2.1.3=VN, OID.2.5.4.15=Private Organization, CN="DUC FABULOUS CO.,LTD", SERIALNUMBER=0105838409, O="DUC FABULOUS CO.,LTD", L=Hanoi, C=VN
                                                                                                Version:3
                                                                                                Thumbprint MD5:FF0E889D2A73C3A679605952D35452DC
                                                                                                Thumbprint SHA-1:2C1D12F8BBE0827400A8440AF74FFFA8DCC8097C
                                                                                                Thumbprint SHA-256:A73352D67693AA16BCE2F182B15891F0F23EA0485CC18938686AAFDEE7B743E3
                                                                                                Serial:6DD2E3173995F51BFAC1D9FB4CB200C1

                                                                                                Entrypoint Preview

                                                                                                Instruction
                                                                                                jmp dword ptr [00402000h]
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al

                                                                                                Data Directories

                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x10105c0x4f.text
                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x1020000x466e.rsrc
                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x103e000x1de0.rsrc
                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x1080000xc.reloc
                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                Sections

                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                .text0x20000xff0b40xff200036f1a259f7bf310c2738ee7e0f91384False0.8129669892209701data7.764858525500812IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                .rsrc0x1020000x466e0x4800dace11af2abbe954cc8548cd55c21cc0False0.1759982638888889data3.831292161119448IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                .reloc0x1080000xc0x200393a531f94333138fd748918b033fadfFalse0.044921875data0.09800417566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                Resources

                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                RT_ICON0x1021300x4028Device independent bitmap graphic, 64 x 128 x 32, image size 00.15172917681441792
                                                                                                RT_GROUP_ICON0x1061580x14data1.05
                                                                                                RT_VERSION0x10616c0x318data0.4457070707070707
                                                                                                RT_MANIFEST0x1064840x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                Imports

                                                                                                DLLImport
                                                                                                mscoree.dll_CorExeMain

                                                                                                Network Behavior

                                                                                                Suricata IDS Alerts

                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                2024-11-25T15:00:41.582843+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.749760158.101.44.24280TCP
                                                                                                2024-11-25T15:00:44.301616+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.749760158.101.44.24280TCP
                                                                                                2024-11-25T15:00:45.976455+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749772172.67.177.134443TCP
                                                                                                2024-11-25T15:00:47.395427+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.749778158.101.44.24280TCP
                                                                                                2024-11-25T15:00:54.723537+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.749793158.101.44.24280TCP
                                                                                                2024-11-25T15:00:55.551038+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749799172.67.177.134443TCP
                                                                                                2024-11-25T15:00:56.895465+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.749793158.101.44.24280TCP
                                                                                                2024-11-25T15:00:58.571496+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749812172.67.177.134443TCP
                                                                                                2024-11-25T15:00:59.872135+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749813172.67.177.134443TCP
                                                                                                2024-11-25T15:01:01.098589+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.749815158.101.44.24280TCP

                                                                                                Network Port Distribution

                                                                                                TCP Packets

                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                Nov 25, 2024 15:00:38.727288008 CET4976080192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:00:38.847950935 CET8049760158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:00:38.848031044 CET4976080192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:00:38.848310947 CET4976080192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:00:38.968133926 CET8049760158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:00:41.050646067 CET8049760158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:00:41.098468065 CET4976080192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:00:41.115252972 CET4976080192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:00:41.235374928 CET8049760158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:00:41.493541956 CET8049760158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:00:41.582843065 CET4976080192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:00:41.674930096 CET49766443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:00:41.674978018 CET44349766172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:00:41.675168991 CET49766443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:00:41.721328020 CET49766443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:00:41.721345901 CET44349766172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:00:43.054996014 CET44349766172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:00:43.055078030 CET49766443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:00:43.058931112 CET49766443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:00:43.058942080 CET44349766172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:00:43.059247017 CET44349766172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:00:43.122195959 CET49766443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:00:43.163331032 CET44349766172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:00:43.527230978 CET44349766172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:00:43.527334929 CET44349766172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:00:43.527465105 CET49766443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:00:43.580658913 CET49766443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:00:43.878870010 CET4976080192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:00:43.999056101 CET8049760158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:00:44.255458117 CET8049760158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:00:44.257941961 CET49772443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:00:44.257992983 CET44349772172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:00:44.258260965 CET49772443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:00:44.258624077 CET49772443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:00:44.258645058 CET44349772172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:00:44.301615953 CET4976080192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:00:45.518886089 CET44349772172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:00:45.521872044 CET49772443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:00:45.521903038 CET44349772172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:00:45.976492882 CET44349772172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:00:45.976569891 CET44349772172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:00:45.976639032 CET49772443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:00:45.977325916 CET49772443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:00:45.980573893 CET4976080192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:00:45.981709003 CET4977880192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:00:46.100830078 CET8049760158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:00:46.100903988 CET4976080192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:00:46.101706028 CET8049778158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:00:46.102056980 CET4977880192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:00:46.102056980 CET4977880192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:00:46.222096920 CET8049778158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:00:47.352147102 CET8049778158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:00:47.353768110 CET49780443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:00:47.353827000 CET44349780172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:00:47.353904009 CET49780443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:00:47.354196072 CET49780443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:00:47.354217052 CET44349780172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:00:47.395426989 CET4977880192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:00:48.610323906 CET44349780172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:00:48.615776062 CET49780443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:00:48.615808964 CET44349780172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:00:49.066992998 CET44349780172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:00:49.067065954 CET44349780172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:00:49.067157030 CET49780443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:00:49.067804098 CET49780443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:00:49.072845936 CET4978580192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:00:49.193178892 CET8049785158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:00:49.193355083 CET4978580192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:00:49.193505049 CET4978580192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:00:49.313719988 CET8049785158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:00:50.491127968 CET8049785158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:00:50.492573023 CET49791443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:00:50.492624998 CET44349791172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:00:50.492760897 CET49791443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:00:50.493009090 CET49791443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:00:50.493025064 CET44349791172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:00:50.536099911 CET4978580192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:00:51.834104061 CET44349791172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:00:51.835700035 CET49791443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:00:51.835727930 CET44349791172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:00:51.853645086 CET4979380192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:00:51.973670959 CET8049793158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:00:51.973813057 CET4979380192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:00:51.974251986 CET4979380192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:00:52.094186068 CET8049793158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:00:52.306164026 CET44349791172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:00:52.306238890 CET44349791172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:00:52.306281090 CET49791443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:00:52.306794882 CET49791443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:00:52.310379982 CET4978580192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:00:52.311523914 CET4979780192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:00:52.430695057 CET8049785158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:00:52.430762053 CET4978580192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:00:52.431519032 CET8049797158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:00:52.431602955 CET4979780192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:00:52.431760073 CET4979780192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:00:52.551903009 CET8049797158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:00:53.758670092 CET8049797158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:00:53.759907961 CET49799443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:00:53.759958982 CET44349799172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:00:53.760051012 CET49799443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:00:53.760322094 CET49799443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:00:53.760338068 CET44349799172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:00:53.801651955 CET4979780192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:00:54.271850109 CET8049793158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:00:54.278605938 CET4979380192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:00:54.403630972 CET8049793158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:00:54.668334007 CET8049793158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:00:54.701646090 CET49805443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:00:54.701679945 CET44349805172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:00:54.701756001 CET49805443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:00:54.705622911 CET49805443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:00:54.705637932 CET44349805172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:00:54.723536968 CET4979380192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:00:55.078521967 CET44349799172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:00:55.080384016 CET49799443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:00:55.080398083 CET44349799172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:00:55.551060915 CET44349799172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:00:55.551120996 CET44349799172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:00:55.551230907 CET49799443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:00:55.551712990 CET49799443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:00:55.554862976 CET4979780192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:00:55.556149960 CET4980680192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:00:55.675776005 CET8049797158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:00:55.675885916 CET4979780192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:00:55.676143885 CET8049806158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:00:55.676289082 CET4980680192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:00:55.676422119 CET4980680192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:00:55.796333075 CET8049806158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:00:55.991883039 CET44349805172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:00:55.992079020 CET49805443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:00:55.993530035 CET49805443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:00:55.993540049 CET44349805172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:00:55.993822098 CET44349805172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:00:56.036065102 CET49805443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:00:56.042159081 CET49805443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:00:56.087332964 CET44349805172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:00:56.453978062 CET44349805172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:00:56.454071045 CET44349805172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:00:56.454159975 CET49805443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:00:56.464536905 CET49805443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:00:56.467979908 CET4979380192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:00:56.588785887 CET8049793158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:00:56.851111889 CET8049793158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:00:56.853197098 CET49812443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:00:56.853239059 CET44349812172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:00:56.853312016 CET49812443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:00:56.853533030 CET49812443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:00:56.853549957 CET44349812172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:00:56.895464897 CET4979380192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:00:58.010442972 CET8049806158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:00:58.011665106 CET49813443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:00:58.011702061 CET44349813172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:00:58.011867046 CET49813443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:00:58.012217999 CET49813443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:00:58.012228966 CET44349813172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:00:58.051708937 CET4980680192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:00:58.112505913 CET44349812172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:00:58.114485979 CET49812443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:00:58.114511013 CET44349812172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:00:58.571536064 CET44349812172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:00:58.571611881 CET44349812172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:00:58.571671963 CET49812443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:00:58.572065115 CET49812443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:00:58.575227976 CET4979380192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:00:58.576399088 CET4981580192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:00:58.695713043 CET8049793158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:00:58.695902109 CET4979380192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:00:58.696320057 CET8049815158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:00:58.696419001 CET4981580192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:00:58.696674109 CET4981580192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:00:58.816540003 CET8049815158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:00:59.417598009 CET44349813172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:00:59.419378996 CET49813443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:00:59.419425964 CET44349813172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:00:59.872145891 CET44349813172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:00:59.872217894 CET44349813172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:00:59.872262955 CET49813443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:00:59.872798920 CET49813443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:00:59.876491070 CET4980680192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:00:59.877788067 CET4982080192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:00:59.996721983 CET8049806158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:00:59.996823072 CET4980680192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:00:59.997697115 CET8049820158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:00:59.997781992 CET4982080192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:00:59.997931957 CET4982080192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:01:00.117836952 CET8049820158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:01:01.043378115 CET8049815158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:01:01.044894934 CET49822443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:01:01.044948101 CET44349822172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:01:01.045048952 CET49822443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:01:01.045320034 CET49822443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:01:01.045336962 CET44349822172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:01:01.098588943 CET4981580192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:01:02.249867916 CET8049820158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:01:02.251076937 CET49827443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:01:02.251128912 CET44349827172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:01:02.251194000 CET49827443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:01:02.251503944 CET49827443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:01:02.251522064 CET44349827172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:01:02.301687956 CET4982080192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:01:02.318820000 CET44349822172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:01:02.320703983 CET49822443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:01:02.320739031 CET44349822172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:01:02.768520117 CET44349822172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:01:02.768590927 CET44349822172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:01:02.768743038 CET49822443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:01:02.769572973 CET49822443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:01:02.774764061 CET4982880192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:01:02.901642084 CET8049828158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:01:02.901715040 CET4982880192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:01:02.901856899 CET4982880192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:01:03.082099915 CET8049828158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:01:03.558017969 CET44349827172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:01:03.562975883 CET49827443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:01:03.563014984 CET44349827172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:01:04.031079054 CET44349827172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:01:04.031147003 CET44349827172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:01:04.031225920 CET49827443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:01:04.031758070 CET49827443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:01:04.035278082 CET4982080192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:01:04.036479950 CET4983380192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:01:04.155682087 CET8049820158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:01:04.155898094 CET4982080192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:01:04.156382084 CET8049833158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:01:04.156563044 CET4983380192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:01:04.156758070 CET4983380192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:01:04.167140961 CET8049828158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:01:04.168641090 CET49834443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:01:04.168679953 CET44349834172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:01:04.168770075 CET49834443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:01:04.169105053 CET49834443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:01:04.169121027 CET44349834172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:01:04.208015919 CET4982880192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:01:04.276873112 CET8049833158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:01:05.484947920 CET44349834172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:01:05.486815929 CET49834443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:01:05.486839056 CET44349834172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:01:05.545846939 CET8049833158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:01:05.547415018 CET49836443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:01:05.547446012 CET44349836172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:01:05.547535896 CET49836443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:01:05.547846079 CET49836443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:01:05.547857046 CET44349836172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:01:05.598618984 CET4983380192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:01:05.988823891 CET44349834172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:01:05.988934040 CET44349834172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:01:05.989048004 CET49834443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:01:05.989677906 CET49834443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:01:05.993105888 CET4982880192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:01:05.994260073 CET4983880192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:01:06.113445997 CET8049828158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:01:06.113547087 CET4982880192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:01:06.114309072 CET8049838158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:01:06.114418983 CET4983880192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:01:06.114547014 CET4983880192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:01:06.234757900 CET8049838158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:01:06.916297913 CET44349836172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:01:06.918246031 CET49836443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:01:06.918255091 CET44349836172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:01:07.321605921 CET8049838158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:01:07.323062897 CET49842443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:01:07.323121071 CET44349842172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:01:07.323266983 CET49842443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:01:07.323718071 CET49842443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:01:07.323733091 CET44349842172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:01:07.364212036 CET4983880192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:01:07.373950958 CET44349836172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:01:07.374049902 CET44349836172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:01:07.374196053 CET49836443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:01:07.374530077 CET49836443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:01:08.551397085 CET44349842172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:01:08.553169966 CET49842443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:01:08.553198099 CET44349842172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:01:09.043545961 CET44349842172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:01:09.043612957 CET44349842172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:01:09.043657064 CET49842443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:01:09.044214010 CET49842443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:01:09.047823906 CET4983880192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:01:09.048978090 CET4984880192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:01:09.168520927 CET8049838158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:01:09.168596029 CET4983880192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:01:09.169429064 CET8049848158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:01:09.169504881 CET4984880192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:01:09.169677973 CET4984880192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:01:09.289613008 CET8049848158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:01:10.628619909 CET8049848158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:01:10.630985022 CET49851443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:01:10.631031036 CET44349851172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:01:10.631103992 CET49851443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:01:10.631369114 CET49851443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:01:10.631381035 CET44349851172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:01:10.676733971 CET4984880192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:01:11.916671991 CET44349851172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:01:11.918303013 CET49851443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:01:11.918318987 CET44349851172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:01:12.414840937 CET44349851172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:01:12.414926052 CET44349851172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:01:12.415000916 CET49851443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:01:12.415422916 CET49851443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:01:12.419296026 CET4984880192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:01:12.419729948 CET4985680192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:01:12.754961014 CET4984880192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:01:12.758153915 CET8049848158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:01:12.758246899 CET8049856158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:01:12.758301973 CET4984880192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:01:12.758363962 CET4985680192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:01:12.758538961 CET4985680192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:01:12.894880056 CET8049848158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:01:12.895061970 CET8049856158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:01:14.022730112 CET8049856158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:01:14.024205923 CET49862443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:01:14.024245024 CET44349862172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:01:14.024331093 CET49862443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:01:14.024609089 CET49862443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:01:14.024625063 CET44349862172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:01:14.067444086 CET4985680192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:01:15.286770105 CET44349862172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:01:15.288400888 CET49862443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:01:15.288440943 CET44349862172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:01:15.750590086 CET44349862172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:01:15.750669003 CET44349862172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:01:15.750751019 CET49862443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:01:15.751281023 CET49862443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:01:15.754878044 CET4985680192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:01:15.756057024 CET4986680192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:01:15.875686884 CET8049856158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:01:15.875783920 CET4985680192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:01:15.876092911 CET8049866158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:01:15.876168966 CET4986680192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:01:15.876311064 CET4986680192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:01:15.996320963 CET8049866158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:01:17.161377907 CET8049866158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:01:17.162796974 CET49869443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:01:17.162851095 CET44349869172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:01:17.162928104 CET49869443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:01:17.163203955 CET49869443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:01:17.163218021 CET44349869172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:01:17.207998037 CET4986680192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:01:18.470001936 CET44349869172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:01:18.471884966 CET49869443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:01:18.471919060 CET44349869172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:01:19.110536098 CET44349869172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:01:19.110608101 CET44349869172.67.177.134192.168.2.7
                                                                                                Nov 25, 2024 15:01:19.110690117 CET49869443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:01:19.111145973 CET49869443192.168.2.7172.67.177.134
                                                                                                Nov 25, 2024 15:01:52.339931011 CET8049778158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:01:52.340069056 CET4977880192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:02:06.052526951 CET8049815158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:02:06.055618048 CET4981580192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:02:10.545944929 CET8049833158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:02:10.546039104 CET4983380192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:02:22.141804934 CET8049866158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:02:22.147444963 CET4986680192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:02:45.552683115 CET4983380192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:02:45.672714949 CET8049833158.101.44.242192.168.2.7
                                                                                                Nov 25, 2024 15:02:57.260241032 CET4986680192.168.2.7158.101.44.242
                                                                                                Nov 25, 2024 15:02:57.381371021 CET8049866158.101.44.242192.168.2.7

                                                                                                UDP Packets

                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                Nov 25, 2024 15:00:38.571990013 CET5535353192.168.2.71.1.1.1
                                                                                                Nov 25, 2024 15:00:38.709666014 CET53553531.1.1.1192.168.2.7
                                                                                                Nov 25, 2024 15:00:41.536428928 CET5943853192.168.2.71.1.1.1
                                                                                                Nov 25, 2024 15:00:41.674026966 CET53594381.1.1.1192.168.2.7

                                                                                                DNS Queries

                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                Nov 25, 2024 15:00:38.571990013 CET192.168.2.71.1.1.10x97adStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                Nov 25, 2024 15:00:41.536428928 CET192.168.2.71.1.1.10x6dbdStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false

                                                                                                DNS Answers

                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                Nov 25, 2024 15:00:38.709666014 CET1.1.1.1192.168.2.70x97adNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                Nov 25, 2024 15:00:38.709666014 CET1.1.1.1192.168.2.70x97adNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                Nov 25, 2024 15:00:38.709666014 CET1.1.1.1192.168.2.70x97adNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                Nov 25, 2024 15:00:38.709666014 CET1.1.1.1192.168.2.70x97adNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                Nov 25, 2024 15:00:38.709666014 CET1.1.1.1192.168.2.70x97adNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                Nov 25, 2024 15:00:38.709666014 CET1.1.1.1192.168.2.70x97adNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                Nov 25, 2024 15:00:41.674026966 CET1.1.1.1192.168.2.70x6dbdNo error (0)reallyfreegeoip.org172.67.177.134A (IP address)IN (0x0001)false
                                                                                                Nov 25, 2024 15:00:41.674026966 CET1.1.1.1192.168.2.70x6dbdNo error (0)reallyfreegeoip.org104.21.67.152A (IP address)IN (0x0001)false

                                                                                                HTTP Request Dependency Graph

                                                                                                • reallyfreegeoip.org
                                                                                                • checkip.dyndns.org

                                                                                                HTTP Packets

                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                0192.168.2.749760158.101.44.242807636C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 25, 2024 15:00:38.848310947 CET151OUTGET / HTTP/1.1
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                Host: checkip.dyndns.org
                                                                                                Connection: Keep-Alive
                                                                                                Nov 25, 2024 15:00:41.050646067 CET320INHTTP/1.1 200 OK
                                                                                                Date: Mon, 25 Nov 2024 14:00:40 GMT
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 103
                                                                                                Connection: keep-alive
                                                                                                Cache-Control: no-cache
                                                                                                Pragma: no-cache
                                                                                                X-Request-ID: 6c4aea0fa3760a284f46196c908da138
                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>
                                                                                                Nov 25, 2024 15:00:41.115252972 CET127OUTGET / HTTP/1.1
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                Host: checkip.dyndns.org
                                                                                                Nov 25, 2024 15:00:41.493541956 CET320INHTTP/1.1 200 OK
                                                                                                Date: Mon, 25 Nov 2024 14:00:41 GMT
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 103
                                                                                                Connection: keep-alive
                                                                                                Cache-Control: no-cache
                                                                                                Pragma: no-cache
                                                                                                X-Request-ID: a8a3731a03ea5e907cd2ad6e95ae7bd7
                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>
                                                                                                Nov 25, 2024 15:00:43.878870010 CET127OUTGET / HTTP/1.1
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                Host: checkip.dyndns.org
                                                                                                Nov 25, 2024 15:00:44.255458117 CET320INHTTP/1.1 200 OK
                                                                                                Date: Mon, 25 Nov 2024 14:00:44 GMT
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 103
                                                                                                Connection: keep-alive
                                                                                                Cache-Control: no-cache
                                                                                                Pragma: no-cache
                                                                                                X-Request-ID: 8ed24e77475cdd7d437063368c49eadd
                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                1192.168.2.749778158.101.44.242807636C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 25, 2024 15:00:46.102056980 CET127OUTGET / HTTP/1.1
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                Host: checkip.dyndns.org
                                                                                                Nov 25, 2024 15:00:47.352147102 CET320INHTTP/1.1 200 OK
                                                                                                Date: Mon, 25 Nov 2024 14:00:47 GMT
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 103
                                                                                                Connection: keep-alive
                                                                                                Cache-Control: no-cache
                                                                                                Pragma: no-cache
                                                                                                X-Request-ID: 8fd51b2306aa33609317f5b55b0aa0ac
                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                2192.168.2.749785158.101.44.242807636C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 25, 2024 15:00:49.193505049 CET151OUTGET / HTTP/1.1
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                Host: checkip.dyndns.org
                                                                                                Connection: Keep-Alive
                                                                                                Nov 25, 2024 15:00:50.491127968 CET320INHTTP/1.1 200 OK
                                                                                                Date: Mon, 25 Nov 2024 14:00:50 GMT
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 103
                                                                                                Connection: keep-alive
                                                                                                Cache-Control: no-cache
                                                                                                Pragma: no-cache
                                                                                                X-Request-ID: dbe2ee7b83bb46aa9f06aa223e6c7760
                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                3192.168.2.749793158.101.44.242807864C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 25, 2024 15:00:51.974251986 CET151OUTGET / HTTP/1.1
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                Host: checkip.dyndns.org
                                                                                                Connection: Keep-Alive
                                                                                                Nov 25, 2024 15:00:54.271850109 CET320INHTTP/1.1 200 OK
                                                                                                Date: Mon, 25 Nov 2024 14:00:54 GMT
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 103
                                                                                                Connection: keep-alive
                                                                                                Cache-Control: no-cache
                                                                                                Pragma: no-cache
                                                                                                X-Request-ID: 79df492e75b24b6bca16ac886ac80e43
                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>
                                                                                                Nov 25, 2024 15:00:54.278605938 CET127OUTGET / HTTP/1.1
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                Host: checkip.dyndns.org
                                                                                                Nov 25, 2024 15:00:54.668334007 CET320INHTTP/1.1 200 OK
                                                                                                Date: Mon, 25 Nov 2024 14:00:54 GMT
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 103
                                                                                                Connection: keep-alive
                                                                                                Cache-Control: no-cache
                                                                                                Pragma: no-cache
                                                                                                X-Request-ID: 3f4bca78b7cd0ceecfde46fb9faa1b49
                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>
                                                                                                Nov 25, 2024 15:00:56.467979908 CET127OUTGET / HTTP/1.1
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                Host: checkip.dyndns.org
                                                                                                Nov 25, 2024 15:00:56.851111889 CET320INHTTP/1.1 200 OK
                                                                                                Date: Mon, 25 Nov 2024 14:00:56 GMT
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 103
                                                                                                Connection: keep-alive
                                                                                                Cache-Control: no-cache
                                                                                                Pragma: no-cache
                                                                                                X-Request-ID: bc77d6cc832bc62dbfabdfd211fbdba9
                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                4192.168.2.749797158.101.44.242807636C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 25, 2024 15:00:52.431760073 CET151OUTGET / HTTP/1.1
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                Host: checkip.dyndns.org
                                                                                                Connection: Keep-Alive
                                                                                                Nov 25, 2024 15:00:53.758670092 CET320INHTTP/1.1 200 OK
                                                                                                Date: Mon, 25 Nov 2024 14:00:53 GMT
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 103
                                                                                                Connection: keep-alive
                                                                                                Cache-Control: no-cache
                                                                                                Pragma: no-cache
                                                                                                X-Request-ID: e4c45877ef1666d95e0aa79746ad83d5
                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                5192.168.2.749806158.101.44.242807636C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 25, 2024 15:00:55.676422119 CET151OUTGET / HTTP/1.1
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                Host: checkip.dyndns.org
                                                                                                Connection: Keep-Alive
                                                                                                Nov 25, 2024 15:00:58.010442972 CET320INHTTP/1.1 200 OK
                                                                                                Date: Mon, 25 Nov 2024 14:00:57 GMT
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 103
                                                                                                Connection: keep-alive
                                                                                                Cache-Control: no-cache
                                                                                                Pragma: no-cache
                                                                                                X-Request-ID: c3186367ebd1e662da7ed17840047f39
                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                6192.168.2.749815158.101.44.242807864C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 25, 2024 15:00:58.696674109 CET127OUTGET / HTTP/1.1
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                Host: checkip.dyndns.org
                                                                                                Nov 25, 2024 15:01:01.043378115 CET320INHTTP/1.1 200 OK
                                                                                                Date: Mon, 25 Nov 2024 14:01:00 GMT
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 103
                                                                                                Connection: keep-alive
                                                                                                Cache-Control: no-cache
                                                                                                Pragma: no-cache
                                                                                                X-Request-ID: 55079782daefa078c5d928dceb7282c8
                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                7192.168.2.749820158.101.44.242807636C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 25, 2024 15:00:59.997931957 CET151OUTGET / HTTP/1.1
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                Host: checkip.dyndns.org
                                                                                                Connection: Keep-Alive
                                                                                                Nov 25, 2024 15:01:02.249867916 CET320INHTTP/1.1 200 OK
                                                                                                Date: Mon, 25 Nov 2024 14:01:02 GMT
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 103
                                                                                                Connection: keep-alive
                                                                                                Cache-Control: no-cache
                                                                                                Pragma: no-cache
                                                                                                X-Request-ID: 4cb41ca3692f43d5a1106e443a91edc4
                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                8192.168.2.749828158.101.44.242807864C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 25, 2024 15:01:02.901856899 CET151OUTGET / HTTP/1.1
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                Host: checkip.dyndns.org
                                                                                                Connection: Keep-Alive
                                                                                                Nov 25, 2024 15:01:04.167140961 CET320INHTTP/1.1 200 OK
                                                                                                Date: Mon, 25 Nov 2024 14:01:03 GMT
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 103
                                                                                                Connection: keep-alive
                                                                                                Cache-Control: no-cache
                                                                                                Pragma: no-cache
                                                                                                X-Request-ID: 205257f1b157f67fc98eb61509cff801
                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                9192.168.2.749833158.101.44.242807636C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 25, 2024 15:01:04.156758070 CET151OUTGET / HTTP/1.1
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                Host: checkip.dyndns.org
                                                                                                Connection: Keep-Alive
                                                                                                Nov 25, 2024 15:01:05.545846939 CET320INHTTP/1.1 200 OK
                                                                                                Date: Mon, 25 Nov 2024 14:01:05 GMT
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 103
                                                                                                Connection: keep-alive
                                                                                                Cache-Control: no-cache
                                                                                                Pragma: no-cache
                                                                                                X-Request-ID: 0fc3d17f061db7b7254257752349738e
                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                10192.168.2.749838158.101.44.242807864C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 25, 2024 15:01:06.114547014 CET151OUTGET / HTTP/1.1
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                Host: checkip.dyndns.org
                                                                                                Connection: Keep-Alive
                                                                                                Nov 25, 2024 15:01:07.321605921 CET320INHTTP/1.1 200 OK
                                                                                                Date: Mon, 25 Nov 2024 14:01:07 GMT
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 103
                                                                                                Connection: keep-alive
                                                                                                Cache-Control: no-cache
                                                                                                Pragma: no-cache
                                                                                                X-Request-ID: ba6bd0b0877362aea315f2c62757656d
                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                11192.168.2.749848158.101.44.242807864C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 25, 2024 15:01:09.169677973 CET151OUTGET / HTTP/1.1
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                Host: checkip.dyndns.org
                                                                                                Connection: Keep-Alive
                                                                                                Nov 25, 2024 15:01:10.628619909 CET320INHTTP/1.1 200 OK
                                                                                                Date: Mon, 25 Nov 2024 14:01:10 GMT
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 103
                                                                                                Connection: keep-alive
                                                                                                Cache-Control: no-cache
                                                                                                Pragma: no-cache
                                                                                                X-Request-ID: 2ecf75bbce1bdcf597113d8ae9824440
                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                12192.168.2.749856158.101.44.242807864C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 25, 2024 15:01:12.758538961 CET151OUTGET / HTTP/1.1
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                Host: checkip.dyndns.org
                                                                                                Connection: Keep-Alive
                                                                                                Nov 25, 2024 15:01:14.022730112 CET320INHTTP/1.1 200 OK
                                                                                                Date: Mon, 25 Nov 2024 14:01:13 GMT
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 103
                                                                                                Connection: keep-alive
                                                                                                Cache-Control: no-cache
                                                                                                Pragma: no-cache
                                                                                                X-Request-ID: 9d459595e7795fbfda197bea934f1fe5
                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                13192.168.2.749866158.101.44.242807864C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 25, 2024 15:01:15.876311064 CET151OUTGET / HTTP/1.1
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                Host: checkip.dyndns.org
                                                                                                Connection: Keep-Alive
                                                                                                Nov 25, 2024 15:01:17.161377907 CET320INHTTP/1.1 200 OK
                                                                                                Date: Mon, 25 Nov 2024 14:01:16 GMT
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 103
                                                                                                Connection: keep-alive
                                                                                                Cache-Control: no-cache
                                                                                                Pragma: no-cache
                                                                                                X-Request-ID: e690f6d3a24c70bdb7b055776c1b82d7
                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                                                HTTPS Proxied Packets

                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                0192.168.2.749766172.67.177.1344437636C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-11-25 14:00:43 UTC84OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                                                Host: reallyfreegeoip.org
                                                                                                Connection: Keep-Alive
                                                                                                2024-11-25 14:00:43 UTC857INHTTP/1.1 200 OK
                                                                                                Date: Mon, 25 Nov 2024 14:00:43 GMT
                                                                                                Content-Type: text/xml
                                                                                                Content-Length: 361
                                                                                                Connection: close
                                                                                                Cache-Control: max-age=31536000
                                                                                                CF-Cache-Status: HIT
                                                                                                Age: 507152
                                                                                                Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                                                Accept-Ranges: bytes
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kNj%2FNVC7l58Sc5OfO5sOUKoriznoCmiysiyQPvXT%2B9nln%2BNRxvL2Id2ry8bdcAYwxHuZME66reaveL8KqvD36qD%2BsCgHQjlLtXf8%2FSYokS%2FscjmC9wXupaBuABoq2KdVCJFsEl2b"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 8e822aa6dc490f95-EWR
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1686&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2848&recv_bytes=698&delivery_rate=1784841&cwnd=169&unsent_bytes=0&cid=93c637fa035e3b5e&ts=486&x=0"
                                                                                                2024-11-25 14:00:43 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                                                Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                1192.168.2.749772172.67.177.1344437636C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-11-25 14:00:45 UTC60OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                                                Host: reallyfreegeoip.org
                                                                                                2024-11-25 14:00:45 UTC851INHTTP/1.1 200 OK
                                                                                                Date: Mon, 25 Nov 2024 14:00:45 GMT
                                                                                                Content-Type: text/xml
                                                                                                Content-Length: 361
                                                                                                Connection: close
                                                                                                Cache-Control: max-age=31536000
                                                                                                CF-Cache-Status: HIT
                                                                                                Age: 507154
                                                                                                Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                                                Accept-Ranges: bytes
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u5SaaWAGL7Tyhl5uWR%2FWojUgeik2ozSaABGBxhAZ60SThUs%2F8UKwrmHAB3hqxCxkerj4Jy8tFKXuUKrAIa2k%2F66xhBovb3MJ1N7BGfWUVOZ6wTaztQmBhZKCUriqpAqJgiL0QATy"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 8e822ab6384743d0-EWR
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1597&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=698&delivery_rate=1766485&cwnd=173&unsent_bytes=0&cid=c767f2e157e0a9a5&ts=464&x=0"
                                                                                                2024-11-25 14:00:45 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                                                Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                2192.168.2.749780172.67.177.1344437636C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-11-25 14:00:48 UTC84OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                                                Host: reallyfreegeoip.org
                                                                                                Connection: Keep-Alive
                                                                                                2024-11-25 14:00:49 UTC861INHTTP/1.1 200 OK
                                                                                                Date: Mon, 25 Nov 2024 14:00:48 GMT
                                                                                                Content-Type: text/xml
                                                                                                Content-Length: 361
                                                                                                Connection: close
                                                                                                Cache-Control: max-age=31536000
                                                                                                CF-Cache-Status: HIT
                                                                                                Age: 507157
                                                                                                Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                                                Accept-Ranges: bytes
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R6fWerXpvzlM%2B7l4BMZzubYngSxyl6i%2FWXoOyoyCKv4frv8CI71BNII5Ojv1R7%2FenR9YVpSQz0FkA3sXGlTUo7LH2jnnvb8%2FaDEdugKnK52ZS%2BEaG%2BtROOeEox63p5%2FBN8pva%2BE9"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 8e822ac99fa5de9a-EWR
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1463&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=698&delivery_rate=1904761&cwnd=231&unsent_bytes=0&cid=1093402e269242f4&ts=459&x=0"
                                                                                                2024-11-25 14:00:49 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                                                Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                3192.168.2.749791172.67.177.1344437636C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-11-25 14:00:51 UTC84OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                                                Host: reallyfreegeoip.org
                                                                                                Connection: Keep-Alive
                                                                                                2024-11-25 14:00:52 UTC851INHTTP/1.1 200 OK
                                                                                                Date: Mon, 25 Nov 2024 14:00:52 GMT
                                                                                                Content-Type: text/xml
                                                                                                Content-Length: 361
                                                                                                Connection: close
                                                                                                Cache-Control: max-age=31536000
                                                                                                CF-Cache-Status: HIT
                                                                                                Age: 507161
                                                                                                Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                                                Accept-Ranges: bytes
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RgiifoVXO3LetVBWgKBapyFKW68kf9%2BGRFpBQnTJsvGDXXx%2B1ICXdmJJW7UzAwwOcvXFjQRxiUn6G9LFboYAZbcUOu374p85V1ZY47xY9deN3mEQQcF5df%2ButcWiaLNSJF1nBfS4"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 8e822addc8308c54-EWR
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1990&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=698&delivery_rate=1444114&cwnd=176&unsent_bytes=0&cid=bb4092d10bfcbe5d&ts=477&x=0"
                                                                                                2024-11-25 14:00:52 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                                                Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                4192.168.2.749799172.67.177.1344437636C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-11-25 14:00:55 UTC60OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                                                Host: reallyfreegeoip.org
                                                                                                2024-11-25 14:00:55 UTC855INHTTP/1.1 200 OK
                                                                                                Date: Mon, 25 Nov 2024 14:00:55 GMT
                                                                                                Content-Type: text/xml
                                                                                                Content-Length: 361
                                                                                                Connection: close
                                                                                                Cache-Control: max-age=31536000
                                                                                                CF-Cache-Status: HIT
                                                                                                Age: 507164
                                                                                                Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                                                Accept-Ranges: bytes
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=drGcaza18GZl7%2BU%2FPwIQeipPREReoZ98ZtyZVlTGb7ZRqG81J8yg0SEMSOVODh%2Fmu3DVvEZtVgmEPypxBYiLGDMW3K2F2TPFJ7bJ7IQqzrgWuOdIOt7I%2F6xY3P2v%2B8hOOmhBqdBz"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 8e822af209cec411-EWR
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1520&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2850&recv_bytes=698&delivery_rate=1823860&cwnd=214&unsent_bytes=0&cid=608e4033fc4f053e&ts=479&x=0"
                                                                                                2024-11-25 14:00:55 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                                                Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                5192.168.2.749805172.67.177.1344437864C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-11-25 14:00:56 UTC84OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                                                Host: reallyfreegeoip.org
                                                                                                Connection: Keep-Alive
                                                                                                2024-11-25 14:00:56 UTC852INHTTP/1.1 200 OK
                                                                                                Date: Mon, 25 Nov 2024 14:00:56 GMT
                                                                                                Content-Type: text/xml
                                                                                                Content-Length: 361
                                                                                                Connection: close
                                                                                                Cache-Control: max-age=31536000
                                                                                                CF-Cache-Status: HIT
                                                                                                Age: 507165
                                                                                                Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                                                Accept-Ranges: bytes
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZXSZ0kN6T2JVibh2CPFLJFzz1u1cyJPgPRfdGIP7FafCWPU%2BSqJeSqbOPnrVV48OI%2FBZQCP9jUgvPApDTucaNQCqVyGSuZv5gXZbqRoCVmbQp6l5Kj1qutdeI%2BfZhL7S1C6M%2FHpr"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 8e822af7b8604268-EWR
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2039&sent=6&recv=8&lost=0&retrans=1&sent_bytes=4240&recv_bytes=698&delivery_rate=107112&cwnd=252&unsent_bytes=0&cid=c92771de296ba87b&ts=494&x=0"
                                                                                                2024-11-25 14:00:56 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                                                Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                6192.168.2.749812172.67.177.1344437864C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-11-25 14:00:58 UTC60OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                                                Host: reallyfreegeoip.org
                                                                                                2024-11-25 14:00:58 UTC847INHTTP/1.1 200 OK
                                                                                                Date: Mon, 25 Nov 2024 14:00:58 GMT
                                                                                                Content-Type: text/xml
                                                                                                Content-Length: 361
                                                                                                Connection: close
                                                                                                Cache-Control: max-age=31536000
                                                                                                CF-Cache-Status: HIT
                                                                                                Age: 507167
                                                                                                Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                                                Accept-Ranges: bytes
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YUJvgvWJZx92yYdEYPeIep8VlYBD4FkbMlWrDxqtp47XXPSMryXRbf7lpswtWAEonQmbvdS4maB53hAeffWx8JdCneBxEgQ7WVAV9q1nDZ0BmfpTUyTNgUXE%2BM9TXldm920rvQRh"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 8e822b04e9a20caa-EWR
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1680&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=698&delivery_rate=1635854&cwnd=238&unsent_bytes=0&cid=e35a2911e0152290&ts=466&x=0"
                                                                                                2024-11-25 14:00:58 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                                                Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                7192.168.2.749813172.67.177.1344437636C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-11-25 14:00:59 UTC60OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                                                Host: reallyfreegeoip.org
                                                                                                2024-11-25 14:00:59 UTC851INHTTP/1.1 200 OK
                                                                                                Date: Mon, 25 Nov 2024 14:00:59 GMT
                                                                                                Content-Type: text/xml
                                                                                                Content-Length: 361
                                                                                                Connection: close
                                                                                                Cache-Control: max-age=31536000
                                                                                                CF-Cache-Status: HIT
                                                                                                Age: 507168
                                                                                                Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                                                Accept-Ranges: bytes
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=beqCOletWZ2jE45THVAidAcNxMGFlZBCcCkEp9CMHOaZO9xNMCiOH5tUAc661QKIqRSrZ%2B0DfCgYCMFLnC1aUB59rtHogA0BBowb60ed1pd%2BVNlaVgRjXJ6DznEpo81OTiHZKRim"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 8e822b0d1cfb4268-EWR
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=119464&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=698&delivery_rate=1314723&cwnd=252&unsent_bytes=0&cid=d385060101e10552&ts=457&x=0"
                                                                                                2024-11-25 14:00:59 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                                                Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                8192.168.2.749822172.67.177.1344437864C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-11-25 14:01:02 UTC84OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                                                Host: reallyfreegeoip.org
                                                                                                Connection: Keep-Alive
                                                                                                2024-11-25 14:01:02 UTC851INHTTP/1.1 200 OK
                                                                                                Date: Mon, 25 Nov 2024 14:01:02 GMT
                                                                                                Content-Type: text/xml
                                                                                                Content-Length: 361
                                                                                                Connection: close
                                                                                                Cache-Control: max-age=31536000
                                                                                                CF-Cache-Status: HIT
                                                                                                Age: 507171
                                                                                                Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                                                Accept-Ranges: bytes
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y8qVTzxT1O3XTs%2BJoK2TUpCyFJKOt3Ryhmf2iKXpbaW63Wx2JmqDXsHjfvZPWs2BVHE3cpbM%2FA13gQ4r4%2FLzWF804jMK1ycgEGv7bJQWlUKLOvptO3UzGKKXi4wstxhndLAt9ZrA"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 8e822b1f3c978c5d-EWR
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=5322&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2850&recv_bytes=698&delivery_rate=1403846&cwnd=207&unsent_bytes=0&cid=1091cc3c33e60509&ts=459&x=0"
                                                                                                2024-11-25 14:01:02 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                                                Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                9192.168.2.749827172.67.177.1344437636C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-11-25 14:01:03 UTC84OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                                                Host: reallyfreegeoip.org
                                                                                                Connection: Keep-Alive
                                                                                                2024-11-25 14:01:04 UTC857INHTTP/1.1 200 OK
                                                                                                Date: Mon, 25 Nov 2024 14:01:03 GMT
                                                                                                Content-Type: text/xml
                                                                                                Content-Length: 361
                                                                                                Connection: close
                                                                                                Cache-Control: max-age=31536000
                                                                                                CF-Cache-Status: HIT
                                                                                                Age: 507172
                                                                                                Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                                                Accept-Ranges: bytes
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lS%2FzDlSItWylkSvHYi8CmsPAodG1iKBNp6GheSMWbEYqWQa8cGG%2Br5qBglkSkQHNJM9hLZdqngrvLk%2B01QbN5LPetF9cBVa4A1QTcLh%2FehjIVfHJEE57x3%2FcPgSsvlczOVuvLg%2Fs"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 8e822b270a7f0f45-EWR
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1614&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=698&delivery_rate=1727810&cwnd=157&unsent_bytes=0&cid=373d9f9621d4ed40&ts=481&x=0"
                                                                                                2024-11-25 14:01:04 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                                                Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                10192.168.2.749834172.67.177.1344437864C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-11-25 14:01:05 UTC84OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                                                Host: reallyfreegeoip.org
                                                                                                Connection: Keep-Alive
                                                                                                2024-11-25 14:01:05 UTC852INHTTP/1.1 200 OK
                                                                                                Date: Mon, 25 Nov 2024 14:01:05 GMT
                                                                                                Content-Type: text/xml
                                                                                                Content-Length: 361
                                                                                                Connection: close
                                                                                                Cache-Control: max-age=31536000
                                                                                                CF-Cache-Status: HIT
                                                                                                Age: 507174
                                                                                                Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                                                Accept-Ranges: bytes
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hG%2BpT2QEwxZb%2BK57o4sw6jHJ%2FVgKGxXVxonrjpBJkWPegBl2oUGNIS1WHYpIJsl0w2Wi6NDwhEf0zlHNgGXkzMvY3gphgEe5icPC9YlL48wWrCvcigHfzQCn%2Fg6qHPPWW8KExm2I"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 8e822b330ccc43c4-EWR
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2361&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=698&delivery_rate=788336&cwnd=219&unsent_bytes=0&cid=b881710f850c9007&ts=509&x=0"
                                                                                                2024-11-25 14:01:05 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                                                Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                11192.168.2.749836172.67.177.1344437636C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-11-25 14:01:06 UTC84OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                                                Host: reallyfreegeoip.org
                                                                                                Connection: Keep-Alive
                                                                                                2024-11-25 14:01:07 UTC847INHTTP/1.1 200 OK
                                                                                                Date: Mon, 25 Nov 2024 14:01:07 GMT
                                                                                                Content-Type: text/xml
                                                                                                Content-Length: 361
                                                                                                Connection: close
                                                                                                Cache-Control: max-age=31536000
                                                                                                CF-Cache-Status: HIT
                                                                                                Age: 507176
                                                                                                Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                                                Accept-Ranges: bytes
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1qyd6dP4peaKQK6bpcLpyZlQiQK%2Fa68aZ27LFt5o6ELTblpL2MTWEP2gMzNyo5Jm2zP8AKA6Ii91YHagmOmXQDwMvyuzU4GK5jdxAOspHfTtqK1pe66IHzP60j29P56eMNRGNE92"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 8e822b3c0e180f43-EWR
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1673&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2850&recv_bytes=698&delivery_rate=1707602&cwnd=178&unsent_bytes=0&cid=58e9eb0604f94a11&ts=571&x=0"
                                                                                                2024-11-25 14:01:07 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                                                Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                12192.168.2.749842172.67.177.1344437864C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-11-25 14:01:08 UTC84OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                                                Host: reallyfreegeoip.org
                                                                                                Connection: Keep-Alive
                                                                                                2024-11-25 14:01:09 UTC853INHTTP/1.1 200 OK
                                                                                                Date: Mon, 25 Nov 2024 14:01:08 GMT
                                                                                                Content-Type: text/xml
                                                                                                Content-Length: 361
                                                                                                Connection: close
                                                                                                Cache-Control: max-age=31536000
                                                                                                CF-Cache-Status: HIT
                                                                                                Age: 507177
                                                                                                Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                                                Accept-Ranges: bytes
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=krNXQnrqriNiVCtlZoVoQKTad5CmnM3vO6IvfTRV6JpcSVIMmd%2BPE8D1UTf20eeSqqIkJxVWIz%2FEP4TPKiDtz5qx9oJHyz5mNSmC%2Bb1%2F4p34F3Bpw9LBfvFicY3qI8mdF6Svw5rz"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 8e822b462a3642a3-EWR
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2615&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=698&delivery_rate=1172690&cwnd=154&unsent_bytes=0&cid=3d86d22174feb3fc&ts=507&x=0"
                                                                                                2024-11-25 14:01:09 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                                                Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                13192.168.2.749851172.67.177.1344437864C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-11-25 14:01:11 UTC84OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                                                Host: reallyfreegeoip.org
                                                                                                Connection: Keep-Alive
                                                                                                2024-11-25 14:01:12 UTC853INHTTP/1.1 200 OK
                                                                                                Date: Mon, 25 Nov 2024 14:01:12 GMT
                                                                                                Content-Type: text/xml
                                                                                                Content-Length: 361
                                                                                                Connection: close
                                                                                                Cache-Control: max-age=31536000
                                                                                                CF-Cache-Status: HIT
                                                                                                Age: 507181
                                                                                                Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                                                Accept-Ranges: bytes
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9gpJUANW5qLdy4duSvEknswRH6cCGtH5OC%2FJSNAwXgoXjHEDBH%2Fo4rsqfwj9t9EtvdDsch9o1kiuw0tX%2BzfHPmltNks6iEZ9LFkufYlj0F8vXoRThn0A3hOZqSnf0DLrLuQZNB%2FT"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 8e822b5b5a325e62-EWR
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=8472&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2850&recv_bytes=698&delivery_rate=1370892&cwnd=151&unsent_bytes=0&cid=63fd29780b3fb9e1&ts=505&x=0"
                                                                                                2024-11-25 14:01:12 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                                                Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                14192.168.2.749862172.67.177.1344437864C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-11-25 14:01:15 UTC84OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                                                Host: reallyfreegeoip.org
                                                                                                Connection: Keep-Alive
                                                                                                2024-11-25 14:01:15 UTC849INHTTP/1.1 200 OK
                                                                                                Date: Mon, 25 Nov 2024 14:01:15 GMT
                                                                                                Content-Type: text/xml
                                                                                                Content-Length: 361
                                                                                                Connection: close
                                                                                                Cache-Control: max-age=31536000
                                                                                                CF-Cache-Status: HIT
                                                                                                Age: 507184
                                                                                                Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                                                Accept-Ranges: bytes
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f7FWWsTsufQw9t2bgXDl%2FKijbla1aT00fOdcVu06DYdVGeI0SJ%2B3PpuKgmuexWtF6v4qCJ2GsEBO22os4zTc6nPWV17rgD54oZukK6EJ81kx7ro2CIHhGKCF5A6Sy0S9MUBqx9Jd"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 8e822b704f649e17-EWR
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2105&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=698&delivery_rate=1288614&cwnd=186&unsent_bytes=0&cid=360b7df2c7f991d5&ts=470&x=0"
                                                                                                2024-11-25 14:01:15 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                                                Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                15192.168.2.749869172.67.177.1344437864C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-11-25 14:01:18 UTC84OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                                                Host: reallyfreegeoip.org
                                                                                                Connection: Keep-Alive
                                                                                                2024-11-25 14:01:19 UTC857INHTTP/1.1 200 OK
                                                                                                Date: Mon, 25 Nov 2024 14:01:18 GMT
                                                                                                Content-Type: text/xml
                                                                                                Content-Length: 361
                                                                                                Connection: close
                                                                                                Cache-Control: max-age=31536000
                                                                                                CF-Cache-Status: HIT
                                                                                                Age: 507187
                                                                                                Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                                                Accept-Ranges: bytes
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y7knIWV3A%2F5FcaF93AXALf2aNaJEjoVB5YgpcT09kF3E0itam3BMwoM5uDbA%2Bo%2FEwb%2Fv2HRUlsosv1hZc3Ry%2FcLD2U6GKj9gS%2FNBIhPdlxNANKGRJJYMayw7yRFdT7GLaco2CLd1"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 8e822b853d6ec47c-EWR
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1510&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=698&delivery_rate=1859872&cwnd=210&unsent_bytes=0&cid=1ec5eda25dc29d76&ts=647&x=0"
                                                                                                2024-11-25 14:01:19 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                                                Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                                                Statistics

                                                                                                CPU Usage

                                                                                                Click to jump to process

                                                                                                Memory Usage

                                                                                                Click to jump to process

                                                                                                High Level Behavior Distribution

                                                                                                Click to dive into process behavior distribution

                                                                                                Behavior

                                                                                                Click to jump to process

                                                                                                System Behavior

                                                                                                General

                                                                                                Target ID:0
                                                                                                Start time:09:00:14
                                                                                                Start date:25/11/2024
                                                                                                Path:C:\Users\user\Desktop\jbuESggTv0.exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:"C:\Users\user\Desktop\jbuESggTv0.exe"
                                                                                                Imagebase:0xcc0000
                                                                                                File size:1'072'096 bytes
                                                                                                MD5 hash:2ED7362E959D42385D4E6D231A6840DD
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Yara matches:
                                                                                                • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1605150480.0000000006320000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1593158495.0000000004231000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000000.00000002.1593158495.0000000004231000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.1593158495.0000000004231000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000000.00000002.1593158495.0000000004231000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1593158495.00000000042B2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000000.00000002.1593158495.00000000042B2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.1593158495.00000000042B2000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000000.00000002.1593158495.00000000042B2000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1580157490.0000000003293000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                Reputation:low
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:3
                                                                                                Start time:09:00:38
                                                                                                Start date:25/11/2024
                                                                                                Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                                                                                Imagebase:0x720000
                                                                                                File size:42'064 bytes
                                                                                                MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                                                                Has elevated privileges:false
                                                                                                Has administrator privileges:false
                                                                                                Programmed in:C, C++ or other language
                                                                                                Yara matches:
                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.3816754828.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000003.00000002.3816754828.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000003.00000002.3816754828.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000003.00000002.3816754828.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000003.00000002.3819753587.0000000002C6E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000003.00000002.3819753587.0000000002AB1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                Reputation:moderate
                                                                                                Has exited:false

                                                                                                General

                                                                                                Target ID:4
                                                                                                Start time:09:00:38
                                                                                                Start date:25/11/2024
                                                                                                Path:C:\Windows\System32\wscript.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svcost.vbs"
                                                                                                Imagebase:0x7ff7b3360000
                                                                                                File size:170'496 bytes
                                                                                                MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                                                                Has elevated privileges:false
                                                                                                Has administrator privileges:false
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:high
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:5
                                                                                                Start time:09:00:40
                                                                                                Start date:25/11/2024
                                                                                                Path:C:\Users\user\AppData\Roaming\svcost.exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:"C:\Users\user\AppData\Roaming\svcost.exe"
                                                                                                Imagebase:0xdb0000
                                                                                                File size:285'155'438 bytes
                                                                                                MD5 hash:1D3F574D5468B5AD753EF474761B993D
                                                                                                Has elevated privileges:false
                                                                                                Has administrator privileges:false
                                                                                                Programmed in:C, C++ or other language
                                                                                                Yara matches:
                                                                                                • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000005.00000002.1711136967.0000000003293000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.1721691566.00000000043BA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000005.00000002.1721691566.00000000043BA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000005.00000002.1721691566.00000000043BA000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000005.00000002.1721691566.00000000043BA000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                Antivirus matches:
                                                                                                • Detection: 100%, Avira
                                                                                                • Detection: 100%, Joe Sandbox ML
                                                                                                Reputation:low
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:6
                                                                                                Start time:09:00:52
                                                                                                Start date:25/11/2024
                                                                                                Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                                                                                Imagebase:0x3f0000
                                                                                                File size:42'064 bytes
                                                                                                MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                                                                Has elevated privileges:false
                                                                                                Has administrator privileges:false
                                                                                                Programmed in:C, C++ or other language
                                                                                                Yara matches:
                                                                                                • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000006.00000002.3819172841.0000000002949000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000006.00000002.3819172841.0000000002781000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                Reputation:moderate
                                                                                                Has exited:false

                                                                                                Disassembly

                                                                                                Reset < >

                                                                                                  Execution Graph

                                                                                                  Execution Coverage:11.9%
                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                  Signature Coverage:5.4%
                                                                                                  Total number of Nodes:168
                                                                                                  Total number of Limit Nodes:6
                                                                                                  execution_graph 26426 2fd3498 26427 2fd34e7 NtProtectVirtualMemory 26426->26427 26429 2fd355f 26427->26429 26430 5bc9a40 26431 5bc9a45 26430->26431 26437 5bc9ba8 26431->26437 26441 5bc9a70 26431->26441 26445 5bc9a80 26431->26445 26449 5bc9c69 26431->26449 26432 5bc9a6b 26439 5bc9add 26437->26439 26438 5bc9aec 26438->26432 26439->26438 26453 5bcb400 26439->26453 26442 5bc9aaa 26441->26442 26443 5bc9aec 26442->26443 26444 5bcb400 10 API calls 26442->26444 26443->26432 26444->26442 26446 5bc9aaa 26445->26446 26447 5bc9aec 26446->26447 26448 5bcb400 10 API calls 26446->26448 26447->26432 26448->26446 26451 5bc9add 26449->26451 26450 5bc9aec 26450->26432 26451->26450 26452 5bcb400 10 API calls 26451->26452 26452->26451 26454 5bcb405 26453->26454 26459 5bcb657 26454->26459 26464 5bcb673 26454->26464 26469 5bcb7f0 26454->26469 26455 5bcb447 26455->26439 26460 5bcb65b 26459->26460 26461 5bcb4cb 26460->26461 26474 5bcbcb0 26460->26474 26489 5bcbca1 26460->26489 26461->26455 26465 5bcb68b 26464->26465 26467 5bcbcb0 10 API calls 26465->26467 26468 5bcbca1 10 API calls 26465->26468 26466 5bcb4cb 26466->26455 26467->26466 26468->26466 26470 5bcb672 26469->26470 26471 5bcb4cb 26469->26471 26472 5bcbcb0 10 API calls 26470->26472 26473 5bcbca1 10 API calls 26470->26473 26471->26455 26472->26471 26473->26471 26475 5bcbcc5 26474->26475 26476 5bcbce7 26475->26476 26504 5bcc89b 26475->26504 26509 5bccf1a 26475->26509 26514 5bcd1bd 26475->26514 26519 5bcc07c 26475->26519 26524 5bcc543 26475->26524 26529 5bcc4a5 26475->26529 26534 5bcbf4b 26475->26534 26539 5bcbee9 26475->26539 26544 5bccc6e 26475->26544 26549 5bcc716 26475->26549 26554 5bccdb5 26475->26554 26559 5bcc354 26475->26559 26476->26461 26490 5bcbcb0 26489->26490 26491 5bcc07c 2 API calls 26490->26491 26492 5bcd1bd 2 API calls 26490->26492 26493 5bccf1a 2 API calls 26490->26493 26494 5bcc89b 2 API calls 26490->26494 26495 5bcc354 2 API calls 26490->26495 26496 5bccdb5 2 API calls 26490->26496 26497 5bcc716 2 API calls 26490->26497 26498 5bccc6e 2 API calls 26490->26498 26499 5bcbee9 2 API calls 26490->26499 26500 5bcbf4b 2 API calls 26490->26500 26501 5bcc4a5 2 API calls 26490->26501 26502 5bcbce7 26490->26502 26503 5bcc543 2 API calls 26490->26503 26491->26502 26492->26502 26493->26502 26494->26502 26495->26502 26496->26502 26497->26502 26498->26502 26499->26502 26500->26502 26501->26502 26502->26461 26503->26502 26505 5bcc8a5 26504->26505 26564 2fd5f68 26505->26564 26568 2fd5f61 26505->26568 26506 5bcbdc7 26506->26476 26510 5bccf29 26509->26510 26572 2fd5d78 26510->26572 26577 2fd5d68 26510->26577 26511 5bccf53 26515 5bcc73c 26514->26515 26516 5bcbdc7 26514->26516 26590 2fd5638 26515->26590 26595 2fd5628 26515->26595 26516->26476 26520 5bcc094 26519->26520 26608 5bcd680 26520->26608 26612 5bcd670 26520->26612 26521 5bcbdc7 26521->26476 26525 5bcc552 26524->26525 26629 2fd5830 26525->26629 26633 2fd5838 26525->26633 26526 5bcc3fe 26530 5bcbeea 26529->26530 26531 5bcc4b2 26529->26531 26530->26529 26637 2fd4f29 26530->26637 26642 2fd4f38 26530->26642 26535 5bcc73c 26534->26535 26537 2fd5638 2 API calls 26535->26537 26538 2fd5628 2 API calls 26535->26538 26536 5bcbdc7 26536->26476 26537->26536 26538->26536 26540 5bcbeea 26539->26540 26541 5bcc4b2 26540->26541 26542 2fd4f29 2 API calls 26540->26542 26543 2fd4f38 2 API calls 26540->26543 26542->26540 26543->26540 26545 5bccc7d 26544->26545 26547 2fd5838 WriteProcessMemory 26545->26547 26548 2fd5830 WriteProcessMemory 26545->26548 26546 5bcbdc7 26546->26476 26547->26546 26548->26546 26550 5bcc720 26549->26550 26552 2fd5638 2 API calls 26550->26552 26553 2fd5628 2 API calls 26550->26553 26551 5bcbdc7 26551->26476 26552->26551 26553->26551 26555 5bccdc4 26554->26555 26557 2fd5838 WriteProcessMemory 26555->26557 26558 2fd5830 WriteProcessMemory 26555->26558 26556 5bcbdc7 26556->26476 26557->26556 26558->26556 26560 5bcbdc7 26559->26560 26563 5bcc8c1 26559->26563 26560->26476 26561 2fd5f68 NtResumeThread 26561->26560 26562 2fd5f61 NtResumeThread 26562->26560 26563->26561 26563->26562 26565 2fd5fb1 NtResumeThread 26564->26565 26567 2fd6008 26565->26567 26567->26506 26569 2fd5f68 NtResumeThread 26568->26569 26571 2fd6008 26569->26571 26571->26506 26573 2fd5d8d 26572->26573 26582 2fd4dd0 26573->26582 26586 2fd4dc9 26573->26586 26574 2fd5da6 26574->26511 26578 2fd5d8d 26577->26578 26580 2fd4dc9 Wow64SetThreadContext 26578->26580 26581 2fd4dd0 Wow64SetThreadContext 26578->26581 26579 2fd5da6 26579->26511 26580->26579 26581->26579 26583 2fd4e19 Wow64SetThreadContext 26582->26583 26585 2fd4e91 26583->26585 26585->26574 26587 2fd4dd0 Wow64SetThreadContext 26586->26587 26589 2fd4e91 26587->26589 26589->26574 26591 2fd564d 26590->26591 26600 2fd54d8 26591->26600 26604 2fd54d0 26591->26604 26592 2fd566f 26592->26516 26596 2fd564d 26595->26596 26598 2fd54d8 VirtualAllocEx 26596->26598 26599 2fd54d0 VirtualAllocEx 26596->26599 26597 2fd566f 26597->26516 26598->26597 26599->26597 26601 2fd551c VirtualAllocEx 26600->26601 26603 2fd5594 26601->26603 26603->26592 26605 2fd54d8 VirtualAllocEx 26604->26605 26607 2fd5594 26605->26607 26607->26592 26609 5bcd697 26608->26609 26610 5bcd6b9 26609->26610 26616 5bcde27 26609->26616 26610->26521 26613 5bcd697 26612->26613 26614 5bcd6b9 26613->26614 26615 5bcde27 2 API calls 26613->26615 26614->26521 26615->26614 26617 5bcde36 26616->26617 26621 2fd44bc 26617->26621 26625 2fd44c8 26617->26625 26622 2fd44c8 CreateProcessA 26621->26622 26624 2fd4744 26622->26624 26626 2fd4548 CreateProcessA 26625->26626 26628 2fd4744 26626->26628 26630 2fd5838 WriteProcessMemory 26629->26630 26632 2fd591d 26630->26632 26632->26526 26634 2fd5884 WriteProcessMemory 26633->26634 26636 2fd591d 26634->26636 26636->26526 26638 2fd4f4d 26637->26638 26640 2fd4dc9 Wow64SetThreadContext 26638->26640 26641 2fd4dd0 Wow64SetThreadContext 26638->26641 26639 2fd4f66 26639->26530 26640->26639 26641->26639 26643 2fd4f4d 26642->26643 26645 2fd4dc9 Wow64SetThreadContext 26643->26645 26646 2fd4dd0 Wow64SetThreadContext 26643->26646 26644 2fd4f66 26644->26530 26645->26644 26646->26644

                                                                                                  Executed Functions

                                                                                                  Function 0179CAE0 Relevance: 6.0, Strings: 4, Instructions: 983COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 85 179cae0-179cb01 86 179cb08-179cbef 85->86 87 179cb03 85->87 89 179d2f1-179d319 86->89 90 179cbf5-179cd36 call 1799030 86->90 87->86 93 179da1f-179da28 89->93 136 179d2ba-179d2e4 90->136 137 179cd3c-179cd97 90->137 94 179da2e-179da45 93->94 95 179d327-179d331 93->95 97 179d338-179d42c call 1799030 95->97 98 179d333 95->98 119 179d42e-179d43a 97->119 120 179d456 97->120 98->97 121 179d43c-179d442 119->121 122 179d444-179d44a 119->122 123 179d45c-179d47c 120->123 125 179d454 121->125 122->125 128 179d4dc-179d55c 123->128 129 179d47e-179d4d7 123->129 125->123 150 179d55e-179d5b1 128->150 151 179d5b3-179d5f6 call 1799030 128->151 140 179da1c 129->140 147 179d2ee 136->147 148 179d2e6 136->148 144 179cd99 137->144 145 179cd9c-179cda7 137->145 140->93 144->145 149 179d1cf-179d1d5 145->149 147->89 148->147 152 179d1db-179d257 call 1790eb4 149->152 153 179cdac-179cdca 149->153 180 179d601-179d60a 150->180 151->180 196 179d2a4-179d2aa 152->196 157 179cdcc-179cdd0 153->157 158 179ce21-179ce36 153->158 157->158 159 179cdd2-179cddd 157->159 161 179ce38 158->161 162 179ce3d-179ce53 158->162 163 179ce13-179ce19 159->163 161->162 167 179ce5a-179ce71 162->167 168 179ce55 162->168 171 179ce1b-179ce1c 163->171 172 179cddf-179cde3 163->172 169 179ce78-179ce8e 167->169 170 179ce73 167->170 168->167 176 179ce90 169->176 177 179ce95-179ce9c 169->177 170->169 179 179ce9f-179cf0a 171->179 174 179cde9-179ce01 172->174 175 179cde5 172->175 181 179ce08-179ce10 174->181 182 179ce03 174->182 175->174 176->177 177->179 183 179cf0c-179cf18 179->183 184 179cf1e-179d0d3 179->184 186 179d66a-179d679 180->186 181->163 182->181 183->184 194 179d0d5-179d0d9 184->194 195 179d137-179d14c 184->195 187 179d67b-179d703 186->187 188 179d60c-179d634 186->188 224 179d87c-179d888 187->224 191 179d63b-179d664 188->191 192 179d636 188->192 191->186 192->191 194->195 202 179d0db-179d0ea 194->202 200 179d14e 195->200 201 179d153-179d174 195->201 198 179d259-179d2a1 196->198 199 179d2ac-179d2b2 196->199 198->196 199->136 200->201 203 179d17b-179d19a 201->203 204 179d176 201->204 206 179d129-179d12f 202->206 210 179d19c 203->210 211 179d1a1-179d1c1 203->211 204->203 208 179d0ec-179d0f0 206->208 209 179d131-179d132 206->209 215 179d0fa-179d11b 208->215 216 179d0f2-179d0f6 208->216 213 179d1cc 209->213 210->211 217 179d1c8 211->217 218 179d1c3 211->218 213->149 219 179d11d 215->219 220 179d122-179d126 215->220 216->215 217->213 218->217 219->220 220->206 225 179d708-179d711 224->225 226 179d88e-179d8e9 224->226 227 179d71a-179d870 225->227 228 179d713 225->228 241 179d8eb-179d91e 226->241 242 179d920-179d94a 226->242 246 179d876 227->246 228->227 229 179d7aa-179d7ea 228->229 230 179d7ef-179d82f 228->230 231 179d720-179d760 228->231 232 179d765-179d7a5 228->232 229->246 230->246 231->246 232->246 250 179d953-179d9e6 241->250 242->250 246->224 254 179d9ed-179da0d 250->254 254->140
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1579664725.0000000001790000.00000040.00000800.00020000.00000000.sdmp, Offset: 01790000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1790000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: TJq$Teq$pq$xbq
                                                                                                  • API String ID: 0-2466396065
                                                                                                  • Opcode ID: 201111a573accbaebb231ea31f5f9563b10a31448a366953ce79c691a1a99c67
                                                                                                  • Instruction ID: 63cb0b8cb45fdcb97d5d60af1ccdc01bd9f849ad65b2d72d8b9dd9ba3b7369c5
                                                                                                  • Opcode Fuzzy Hash: 201111a573accbaebb231ea31f5f9563b10a31448a366953ce79c691a1a99c67
                                                                                                  • Instruction Fuzzy Hash: 82A2B275A00228CFDB65CF69C984AD9BBB2FF89300F1581E9D509AB365DB319E85CF40
                                                                                                  Function 02FD0040 Relevance: 3.1, Strings: 2, Instructions: 615COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 329 2fd0040-2fd0061 330 2fd0068-2fd00f2 329->330 331 2fd0063 329->331 418 2fd00f8 call 2fd0ba8 330->418 419 2fd00f8 call 2fd0b98 330->419 331->330 336 2fd00fe-2fd013b 338 2fd013d-2fd0148 336->338 339 2fd014a 336->339 340 2fd0154-2fd026f 338->340 339->340 351 2fd0281-2fd02ac 340->351 352 2fd0271-2fd0277 340->352 353 2fd0a78-2fd0a94 351->353 352->351 354 2fd0a9a-2fd0ab5 353->354 355 2fd02b1-2fd03f6 353->355 420 2fd03fc call 2fd20c8 355->420 421 2fd03fc call 2fd20b8 355->421 364 2fd0402-2fd0414 365 2fd0426-2fd05bb 364->365 366 2fd0416-2fd041c 364->366 376 2fd05bd-2fd05c1 365->376 377 2fd0620-2fd062a 365->377 366->365 378 2fd05c9-2fd061b 376->378 379 2fd05c3-2fd05c4 376->379 380 2fd0851-2fd0870 377->380 381 2fd08f6-2fd0961 378->381 379->381 382 2fd062f-2fd0775 380->382 383 2fd0876-2fd08a0 380->383 399 2fd0973-2fd09be 381->399 400 2fd0963-2fd0969 381->400 411 2fd077b-2fd0847 382->411 412 2fd084a-2fd084b 382->412 389 2fd08f3-2fd08f4 383->389 390 2fd08a2-2fd08f0 383->390 389->381 390->389 402 2fd0a5d-2fd0a75 399->402 403 2fd09c4-2fd0a5c 399->403 400->399 402->353 403->402 411->412 412->380 418->336 419->336 420->364 421->364
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1579906262.0000000002FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FD0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_2fd0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: fq$8
                                                                                                  • API String ID: 0-1651916650
                                                                                                  • Opcode ID: 37fdc024d09b5cd8aac16a49e7d0d0a42716e6917c99d12132f4bde1c533b060
                                                                                                  • Instruction ID: 86f1cbfea57593cef39fe5caa8f3d9538d125dd3cc7cd0f9054379ada43410f8
                                                                                                  • Opcode Fuzzy Hash: 37fdc024d09b5cd8aac16a49e7d0d0a42716e6917c99d12132f4bde1c533b060
                                                                                                  • Instruction Fuzzy Hash: 1252E775E002298FDB64DF69C894AD9B7B2FF89300F5485E9D909A7350DB34AE81CF90
                                                                                                  Function 01798A0B Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 509 1798a0b-1798a32 511 1798a39-1798a40 509->511 512 1798a34 509->512 513 1798a4b-1798cbe 511->513 512->511
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1579664725.0000000001790000.00000040.00000800.00020000.00000000.sdmp, Offset: 01790000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1790000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 4'q$4'q
                                                                                                  • API String ID: 0-1467158625
                                                                                                  • Opcode ID: 7a204e6e5b90446842497dcab29bbde02a4e193464aaa116e33cbc4a4af25255
                                                                                                  • Instruction ID: f5dc12d6e99cdb7ca0f2046fb0f5982d82cee64bb8d9675068a9f3bbccf5b52a
                                                                                                  • Opcode Fuzzy Hash: 7a204e6e5b90446842497dcab29bbde02a4e193464aaa116e33cbc4a4af25255
                                                                                                  • Instruction Fuzzy Hash: 91710B70E006099FD718DF6AEC486AABBF7FF88301F04D169D405AB368DB385946CB95
                                                                                                  Function 01798A18 Relevance: 2.7, Strings: 2, Instructions: 165COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 544 1798a18-1798a32 545 1798a39-1798a40 544->545 546 1798a34 544->546 547 1798a4b-1798cbe 545->547 546->545
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1579664725.0000000001790000.00000040.00000800.00020000.00000000.sdmp, Offset: 01790000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1790000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 4'q$4'q
                                                                                                  • API String ID: 0-1467158625
                                                                                                  • Opcode ID: 4324dd1e4348b55a230659d6def15b7b7f0d4d8245e9f36516ad38d4db4458f3
                                                                                                  • Instruction ID: 366dd1050689bdaab7580415ada416f02587f418b3694c99666a03f5712dce31
                                                                                                  • Opcode Fuzzy Hash: 4324dd1e4348b55a230659d6def15b7b7f0d4d8245e9f36516ad38d4db4458f3
                                                                                                  • Instruction Fuzzy Hash: 30711970E006099FE718DF6AEC486AABBF7FF88301F04D169D4049B268DB385946CB95
                                                                                                  Function 02FD003F Relevance: 2.7, Strings: 2, Instructions: 160COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 578 2fd003f-2fd0061 579 2fd0068-2fd00f2 578->579 580 2fd0063 578->580 667 2fd00f8 call 2fd0ba8 579->667 668 2fd00f8 call 2fd0b98 579->668 580->579 585 2fd00fe-2fd013b 587 2fd013d-2fd0148 585->587 588 2fd014a 585->588 589 2fd0154-2fd026f 587->589 588->589 600 2fd0281-2fd02ac 589->600 601 2fd0271-2fd0277 589->601 602 2fd0a78-2fd0a94 600->602 601->600 603 2fd0a9a-2fd0ab5 602->603 604 2fd02b1-2fd03f6 602->604 669 2fd03fc call 2fd20c8 604->669 670 2fd03fc call 2fd20b8 604->670 613 2fd0402-2fd0414 614 2fd0426-2fd05bb 613->614 615 2fd0416-2fd041c 613->615 625 2fd05bd-2fd05c1 614->625 626 2fd0620-2fd062a 614->626 615->614 627 2fd05c9-2fd061b 625->627 628 2fd05c3-2fd05c4 625->628 629 2fd0851-2fd0870 626->629 630 2fd08f6-2fd0961 627->630 628->630 631 2fd062f-2fd0775 629->631 632 2fd0876-2fd08a0 629->632 648 2fd0973-2fd09be 630->648 649 2fd0963-2fd0969 630->649 660 2fd077b-2fd0847 631->660 661 2fd084a-2fd084b 631->661 638 2fd08f3-2fd08f4 632->638 639 2fd08a2-2fd08f0 632->639 638->630 639->638 651 2fd0a5d-2fd0a75 648->651 652 2fd09c4-2fd0a5c 648->652 649->648 651->602 652->651 660->661 661->629 667->585 668->585 669->613 670->613
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1579906262.0000000002FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FD0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_2fd0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: fq$h
                                                                                                  • API String ID: 0-152923806
                                                                                                  • Opcode ID: 12d4172753b2b1a0676a578afb9729b9c4bbff685f9d0f2f2c091bdc6e1ac72d
                                                                                                  • Instruction ID: 4d58dfa8c296003299023e6e2c17caf970a7d9861743146083ad2b981ad804af
                                                                                                  • Opcode Fuzzy Hash: 12d4172753b2b1a0676a578afb9729b9c4bbff685f9d0f2f2c091bdc6e1ac72d
                                                                                                  • Instruction Fuzzy Hash: 2571F475E002298FDB64CF69D844BDAB7B2FF89300F5082AAD909A7254DB305E85CF50
                                                                                                  Function 02FD3490 Relevance: 1.6, APIs: 1, Instructions: 108nativeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 02FD354D
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1579906262.0000000002FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FD0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_2fd0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: MemoryProtectVirtual
                                                                                                  • String ID:
                                                                                                  • API String ID: 2706961497-0
                                                                                                  • Opcode ID: d37cf3a206b0855d45b5ba5f59ee20dd94eef27596b6edececc9d55cea563dc2
                                                                                                  • Instruction ID: 6326db669d8f7efddaf4bfa6df0ced32f2366ba2f0fbbd44e9c172457a8d44e3
                                                                                                  • Opcode Fuzzy Hash: d37cf3a206b0855d45b5ba5f59ee20dd94eef27596b6edececc9d55cea563dc2
                                                                                                  • Instruction Fuzzy Hash: 4B4196B9D052589FCF14CFAAD980ADEFBB1BB09310F14942AE915B7300D735A942CF69
                                                                                                  Function 02FD3498 Relevance: 1.6, APIs: 1, Instructions: 105nativeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 02FD354D
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1579906262.0000000002FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FD0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_2fd0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: MemoryProtectVirtual
                                                                                                  • String ID:
                                                                                                  • API String ID: 2706961497-0
                                                                                                  • Opcode ID: 6755f3c0d866e5f8900b2f14e7e4f42cd9ef7652138b731cd930d51d64673e55
                                                                                                  • Instruction ID: e3bdbc1259ebc381d5e177002eb09041dd2a4d58c4f138d94080bc2937c9f225
                                                                                                  • Opcode Fuzzy Hash: 6755f3c0d866e5f8900b2f14e7e4f42cd9ef7652138b731cd930d51d64673e55
                                                                                                  • Instruction Fuzzy Hash: 244187B9D042589FCF14CFAAD980ADEFBB1BB09310F14942AE914B7300D735A941CF69
                                                                                                  Function 02FD5F61 Relevance: 1.6, APIs: 1, Instructions: 84nativethreadCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • NtResumeThread.NTDLL(?,?), ref: 02FD5FF6
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1579906262.0000000002FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FD0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_2fd0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ResumeThread
                                                                                                  • String ID:
                                                                                                  • API String ID: 947044025-0
                                                                                                  • Opcode ID: 5ba901b932bb66c2c5bbbfd4c305a8155306396f764484a453148f0c1441c3bb
                                                                                                  • Instruction ID: 7e7fcd771eb38d22716160ba92e6f543233316616ae6c3b903debc3e336c1763
                                                                                                  • Opcode Fuzzy Hash: 5ba901b932bb66c2c5bbbfd4c305a8155306396f764484a453148f0c1441c3bb
                                                                                                  • Instruction Fuzzy Hash: B131DBB5D012189FCB20CFAAD980A9EFBF5BB48310F24842AE814B7200C735A941CFA4
                                                                                                  Function 02FD5F68 Relevance: 1.6, APIs: 1, Instructions: 82nativethreadCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • NtResumeThread.NTDLL(?,?), ref: 02FD5FF6
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1579906262.0000000002FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FD0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_2fd0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ResumeThread
                                                                                                  • String ID:
                                                                                                  • API String ID: 947044025-0
                                                                                                  • Opcode ID: 07d47595e14e0c894ae159f4547f93a36eab50f930466ba87107b3ea1f54e8df
                                                                                                  • Instruction ID: 2e24d8a554678ece7622a5848b792fa738ea6a83313ded12294d4cf3f2ea59e4
                                                                                                  • Opcode Fuzzy Hash: 07d47595e14e0c894ae159f4547f93a36eab50f930466ba87107b3ea1f54e8df
                                                                                                  • Instruction Fuzzy Hash: A431CCB5D012189FCB14CFAAD984A9EFBF5BF48310F14942AE814B7300C735A945CF94
                                                                                                  Function 05BC0931 Relevance: .2, Instructions: 246COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b3a5d5fc7ff4a4a68525fe4e62d286bb341bc706b8da8f27bb1fecf375959b78
                                                                                                  • Instruction ID: a6458be5c0e1b349ab4430e9fb92d752c600f96baa85074df9d5fd704f9f0a8d
                                                                                                  • Opcode Fuzzy Hash: b3a5d5fc7ff4a4a68525fe4e62d286bb341bc706b8da8f27bb1fecf375959b78
                                                                                                  • Instruction Fuzzy Hash: 8AA1F374A45208CFDB14DF69E888BADBBF2FB49311F1080AAE819A7351DB746D85CF04
                                                                                                  Function 0179E3E0 Relevance: 6.6, Strings: 5, Instructions: 345COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 0 179e3e0-179e408 2 179e40e-179e412 0->2 3 179e4f4-179e519 0->3 4 179e414-179e420 2->4 5 179e426-179e42a 2->5 10 179e520-179e544 3->10 4->5 4->10 6 179e54b-179e570 5->6 7 179e430-179e447 5->7 26 179e577-179e5ca 6->26 18 179e449-179e455 7->18 19 179e45b-179e45f 7->19 10->6 18->19 18->26 20 179e48b-179e4a4 19->20 21 179e461-179e47a call 17901f4 19->21 34 179e4cd-179e4f1 20->34 35 179e4a6-179e4ca 20->35 21->20 33 179e47c-179e47f 21->33 43 179e5cc-179e5ec 26->43 44 179e602-179e627 26->44 39 179e488 33->39 39->20 51 179e62e-179e682 43->51 52 179e5ee-179e5ff 43->52 44->51 58 179e729-179e777 51->58 59 179e688-179e694 51->59 73 179e779-179e79d 58->73 74 179e7a7-179e7ad 58->74 62 179e69e-179e6b2 59->62 63 179e696-179e69d 59->63 66 179e721-179e728 62->66 67 179e6b4-179e6d9 62->67 79 179e6db-179e6f5 67->79 80 179e71c-179e71f 67->80 73->74 75 179e79f 73->75 76 179e7bf-179e7ce 74->76 77 179e7af-179e7bc 74->77 75->74 79->80 82 179e6f7-179e700 79->82 80->66 80->67 83 179e70f-179e71b 82->83 84 179e702-179e705 82->84 84->83
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1579664725.0000000001790000.00000040.00000800.00020000.00000000.sdmp, Offset: 01790000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1790000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: (q$(q$(q$(q$(q
                                                                                                  • API String ID: 0-3203009404
                                                                                                  • Opcode ID: 7f1a70b93d072160b12ed40d07b77c13a45bbf5886f67b6e798b794ccbdcf261
                                                                                                  • Instruction ID: ccb7054374a9a1e66af1eb891d14212f54dd754e22502795ebe0abf0c1a0dc4c
                                                                                                  • Opcode Fuzzy Hash: 7f1a70b93d072160b12ed40d07b77c13a45bbf5886f67b6e798b794ccbdcf261
                                                                                                  • Instruction Fuzzy Hash: B0C1FF327042159FEB14DF68E844AAE7BA6EFC8710B28446AE905CB391CF35DC06C7E1
                                                                                                  Function 05BCCC6E Relevance: 3.8, Strings: 3, Instructions: 73COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 256 5bccc6e-5bcccec 278 5bcccef call 2fd5838 256->278 279 5bcccef call 2fd5830 256->279 261 5bcccf1-5bcccfe 262 5bccd04-5bccd23 261->262 263 5bcd1d7-5bcd1ef 261->263 264 5bccd29-5bccd34 262->264 265 5bcbe32-5bcbe3b 262->265 264->265 266 5bcbe3d 265->266 267 5bcbe44-5bccf04 265->267 268 5bcbdc7-5bcbdce 266->268 269 5bcbdd1-5bcbe1a 266->269 270 5bcc4c2-5bcc4f4 266->270 267->265 275 5bccf0a-5bccf15 267->275 269->265 277 5bcbe1c-5bcbe27 269->277 270->265 274 5bcc4fa-5bcc505 270->274 274->265 275->265 277->265 278->261 279->261
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: +$9$=
                                                                                                  • API String ID: 0-3713639113
                                                                                                  • Opcode ID: 2fd3372c9489063695af7ef960ecf33fbc15862d3a28bd7b99eedfc4f8ae9651
                                                                                                  • Instruction ID: e0fca8004c49f336f7f433501c484fee41a3121f58ab13eaa79873c3abec1fba
                                                                                                  • Opcode Fuzzy Hash: 2fd3372c9489063695af7ef960ecf33fbc15862d3a28bd7b99eedfc4f8ae9651
                                                                                                  • Instruction Fuzzy Hash: 2E31BF74A01269CFDB61CF68D888BDCBBB2FB49315F5084EAD909A7240C7756E85CF14
                                                                                                  Function 05BCC89B Relevance: 3.8, Strings: 3, Instructions: 61COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 280 5bcc89b-5bcc8d0 301 5bcc8d6 call 2fd5e01 280->301 302 5bcc8d6 call 2fd5e10 280->302 285 5bcc8dc-5bcc8f8 303 5bcc8fb call 2fd5f68 285->303 304 5bcc8fb call 2fd5f61 285->304 286 5bcc8fd-5bcc92e 287 5bcc934-5bcc93f 286->287 288 5bcbe32-5bcbe3b 286->288 287->288 289 5bcbe3d 288->289 290 5bcbe44-5bccf04 288->290 291 5bcbdc7-5bcbdce 289->291 292 5bcbdd1-5bcbe1a 289->292 293 5bcc4c2-5bcc4f4 289->293 290->288 298 5bccf0a-5bccf15 290->298 292->288 300 5bcbe1c-5bcbe27 292->300 293->288 297 5bcc4fa-5bcc505 293->297 297->288 298->288 300->288 301->285 302->285 303->286 304->286
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: +$,$D
                                                                                                  • API String ID: 0-4000123594
                                                                                                  • Opcode ID: 8487ca66c87ece1e6f47dc71cd6870a1ca9205f934a7feb60060c3903cca4e4c
                                                                                                  • Instruction ID: c57140bfb862250bdbcd0a0bd647b1793c57cdef8422e0ded4e869af6c67699d
                                                                                                  • Opcode Fuzzy Hash: 8487ca66c87ece1e6f47dc71cd6870a1ca9205f934a7feb60060c3903cca4e4c
                                                                                                  • Instruction Fuzzy Hash: 1A21D474A01259DFDB60DF58E989B9CBBB2FB49315F4084EAD509A7240C7356E81CF14
                                                                                                  Function 05BCC354 Relevance: 3.8, Strings: 3, Instructions: 59COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 305 5bcc354-5bcc35b 306 5bcc8c1-5bcc8d0 305->306 307 5bcc361-5bcc36c 305->307 327 5bcc8d6 call 2fd5e01 306->327 328 5bcc8d6 call 2fd5e10 306->328 308 5bcbe32-5bcbe3b 307->308 310 5bcbe3d 308->310 311 5bcbe44-5bccf04 308->311 312 5bcbdc7-5bcbdce 310->312 313 5bcbdd1-5bcbe1a 310->313 314 5bcc4c2-5bcc4f4 310->314 311->308 320 5bccf0a-5bccf15 311->320 313->308 323 5bcbe1c-5bcbe27 313->323 314->308 319 5bcc4fa-5bcc505 314->319 318 5bcc8dc-5bcc8f8 325 5bcc8fb call 2fd5f68 318->325 326 5bcc8fb call 2fd5f61 318->326 319->308 320->308 322 5bcc8fd-5bcc92e 322->308 324 5bcc934-5bcc93f 322->324 323->308 324->308 325->322 326->322 327->318 328->318
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: +$,$D
                                                                                                  • API String ID: 0-4000123594
                                                                                                  • Opcode ID: d6cd677b31235f6b0ce9e382cff76a2dc650cdf77c298099eba267a80ff78d31
                                                                                                  • Instruction ID: 7e95a55923f9cf0ea0d896933a81da15f2158903528da0fdbd542fb2e2286c72
                                                                                                  • Opcode Fuzzy Hash: d6cd677b31235f6b0ce9e382cff76a2dc650cdf77c298099eba267a80ff78d31
                                                                                                  • Instruction Fuzzy Hash: E821B075A01259CFDB20CF58D988BEDBBB2FB49315F4084EAD509A7240C7356E85CF04
                                                                                                  Function 0179FAD0 Relevance: 2.8, Strings: 2, Instructions: 341COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 422 179fad0-179fae2 423 179fb0c-179fb10 422->423 424 179fae4-179fb05 422->424 425 179fb1c-179fb2b 423->425 426 179fb12-179fb14 423->426 424->423 428 179fb2d 425->428 429 179fb37-179fb63 425->429 426->425 428->429 432 179fb69-179fb6f 429->432 433 179fd90-179fdd7 429->433 434 179fc41-179fc45 432->434 435 179fb75-179fb7b 432->435 464 179fdd9 433->464 465 179fded-179fdf9 433->465 438 179fc68-179fc71 434->438 439 179fc47-179fc50 434->439 435->433 437 179fb81-179fb8e 435->437 441 179fc20-179fc29 437->441 442 179fb94-179fb9d 437->442 444 179fc73-179fc93 438->444 445 179fc96-179fc99 438->445 439->433 443 179fc56-179fc66 439->443 441->433 446 179fc2f-179fc3b 441->446 442->433 447 179fba3-179fbbb 442->447 448 179fc9c-179fca2 443->448 444->445 445->448 446->434 446->435 450 179fbbd 447->450 451 179fbc7-179fbd9 447->451 448->433 453 179fca8-179fcbb 448->453 450->451 451->441 460 179fbdb-179fbe1 451->460 453->433 455 179fcc1-179fcd1 453->455 455->433 458 179fcd7-179fce4 455->458 458->433 459 179fcea-179fcff 458->459 459->433 473 179fd05-179fd28 459->473 462 179fbed-179fbf3 460->462 463 179fbe3 460->463 462->433 470 179fbf9-179fc1d 462->470 463->462 466 179fddc-179fdde 464->466 468 179fdfb 465->468 469 179fe05-179fe21 465->469 471 179fde0-179fdeb 466->471 472 179fe22-179fe4f 466->472 468->469 471->465 471->466 485 179fe51-179fe57 472->485 486 179fe67-179fe6b call 179fee8 472->486 473->433 478 179fd2a-179fd35 473->478 480 179fd37-179fd41 478->480 481 179fd86-179fd8d 478->481 480->481 487 179fd43-179fd59 480->487 488 179fe59 485->488 489 179fe5b-179fe5d 485->489 490 179fe71-179fe75 486->490 494 179fd5b 487->494 495 179fd65-179fd7e 487->495 488->486 489->486 492 179fec0-179fed0 490->492 493 179fe77-179fe8e 490->493 493->492 501 179fe90-179fe9a 493->501 494->495 495->481 503 179fead-179febd 501->503 504 179fe9c-179feab 501->504 504->503
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1579664725.0000000001790000.00000040.00000800.00020000.00000000.sdmp, Offset: 01790000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1790000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: (q$d
                                                                                                  • API String ID: 0-1617062230
                                                                                                  • Opcode ID: d736baf673b7c0f1638606bdd6e30b7f3f579b9c83e2f524ecc3696749bdf294
                                                                                                  • Instruction ID: c9fc284bf3fd35e62fd04597ae25fdc524d2dda19e555cb5c2c2526441d74475
                                                                                                  • Opcode Fuzzy Hash: d736baf673b7c0f1638606bdd6e30b7f3f579b9c83e2f524ecc3696749bdf294
                                                                                                  • Instruction Fuzzy Hash: C6D17D356006068FCB25DF28D4949AABBF2FF88310B19C969D55ACB756DB30FC46CB90
                                                                                                  Function 05BCCDB5 Relevance: 2.6, Strings: 2, Instructions: 83COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 671 5bccdb5-5bccdc4 698 5bccdca call 2fd56d8 671->698 699 5bccdca call 2fd56c8 671->699 673 5bccdd0-5bcce63 696 5bcce66 call 2fd5838 673->696 697 5bcce66 call 2fd5830 673->697 678 5bcce68-5bcce75 679 5bcd1fe-5bcd237 678->679 680 5bcce7b-5bcce82 678->680 682 5bcd23d-5bcd248 679->682 683 5bcbe32-5bcbe3b 679->683 680->679 682->683 684 5bcbe3d 683->684 685 5bcbe44-5bccf04 683->685 686 5bcbdc7-5bcbdce 684->686 687 5bcbdd1-5bcbe1a 684->687 688 5bcc4c2-5bcc4f4 684->688 685->683 693 5bccf0a-5bccf15 685->693 687->683 695 5bcbe1c-5bcbe27 687->695 688->683 692 5bcc4fa-5bcc505 688->692 692->683 693->683 695->683 696->678 697->678 698->673 699->673
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: ($+
                                                                                                  • API String ID: 0-2487998124
                                                                                                  • Opcode ID: d54c67c14221b88e26d9028bc37afca3ef930543dd9340e898b39e1f50051f1f
                                                                                                  • Instruction ID: b34455508c27721f20a0bce73662579edafd2e647ec9c0c68fcef19206cb4269
                                                                                                  • Opcode Fuzzy Hash: d54c67c14221b88e26d9028bc37afca3ef930543dd9340e898b39e1f50051f1f
                                                                                                  • Instruction Fuzzy Hash: E4419074A05259CFDB60DF58D948BEDBBB2FB49315F4080EAD509AB240C7755E85CF04
                                                                                                  Function 05BCC07C Relevance: 2.6, Strings: 2, Instructions: 54COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 700 5bcc07c-5bcc0a0 717 5bcc0a6 call 5bcd680 700->717 718 5bcc0a6 call 5bcd670 700->718 702 5bcc0ac-5bcc0e9 703 5bcc0ef-5bcc0fa 702->703 704 5bcbe32-5bcbe3b 702->704 703->704 705 5bcbe3d 704->705 706 5bcbe44-5bccf04 704->706 707 5bcbdc7-5bcbdce 705->707 708 5bcbdd1-5bcbe1a 705->708 709 5bcc4c2-5bcc4f4 705->709 706->704 714 5bccf0a-5bccf15 706->714 708->704 716 5bcbe1c-5bcbe27 708->716 709->704 713 5bcc4fa-5bcc505 709->713 713->704 714->704 716->704 717->702 718->702
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: +$/
                                                                                                  • API String ID: 0-2439032044
                                                                                                  • Opcode ID: 04a9a609ec4c80515b0d9815188ef758312fdbda7309c89a81ba02d7dbaf589e
                                                                                                  • Instruction ID: a7032b56389c2e4424841182022aa169caf48c61b64bbaee0ef3915f2b526430
                                                                                                  • Opcode Fuzzy Hash: 04a9a609ec4c80515b0d9815188ef758312fdbda7309c89a81ba02d7dbaf589e
                                                                                                  • Instruction Fuzzy Hash: AC21F735A4025ADFCB21CF98D848BDDBBB1FB49315F0085EAE909B7250C7756A85CF44
                                                                                                  Function 02FD44BC Relevance: 1.8, APIs: 1, Instructions: 264processCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 719 2fd44bc-2fd455a 722 2fd455c-2fd4573 719->722 723 2fd45a3-2fd45cb 719->723 722->723 728 2fd4575-2fd457a 722->728 726 2fd45cd-2fd45e1 723->726 727 2fd4611-2fd4667 723->727 726->727 735 2fd45e3-2fd45e8 726->735 737 2fd46ad-2fd4742 CreateProcessA 727->737 738 2fd4669-2fd467d 727->738 729 2fd459d-2fd45a0 728->729 730 2fd457c-2fd4586 728->730 729->723 732 2fd4588 730->732 733 2fd458a-2fd4599 730->733 732->733 733->733 736 2fd459b 733->736 739 2fd460b-2fd460e 735->739 740 2fd45ea-2fd45f4 735->740 736->729 752 2fd474b-2fd47c1 737->752 753 2fd4744-2fd474a 737->753 738->737 746 2fd467f-2fd4684 738->746 739->727 741 2fd45f8-2fd4607 740->741 742 2fd45f6 740->742 741->741 745 2fd4609 741->745 742->741 745->739 747 2fd46a7-2fd46aa 746->747 748 2fd4686-2fd4690 746->748 747->737 750 2fd4694-2fd46a3 748->750 751 2fd4692 748->751 750->750 754 2fd46a5 750->754 751->750 759 2fd47d1-2fd47d5 752->759 760 2fd47c3-2fd47c7 752->760 753->752 754->747 762 2fd47e5-2fd47e9 759->762 763 2fd47d7-2fd47db 759->763 760->759 761 2fd47c9 760->761 761->759 765 2fd47f9 762->765 766 2fd47eb-2fd47ef 762->766 763->762 764 2fd47dd 763->764 764->762 768 2fd47fa 765->768 766->765 767 2fd47f1 766->767 767->765 768->768
                                                                                                  APIs
                                                                                                  • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 02FD472F
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1579906262.0000000002FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FD0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_2fd0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CreateProcess
                                                                                                  • String ID:
                                                                                                  • API String ID: 963392458-0
                                                                                                  • Opcode ID: c2b807195aa45277e3ff8843b2b81b5db9ce6fb2edbe59bd1f85ebd445ffc061
                                                                                                  • Instruction ID: 1670bcacbae716a1a05268520124079923e6c288e2f8d91790854c375a6fbe29
                                                                                                  • Opcode Fuzzy Hash: c2b807195aa45277e3ff8843b2b81b5db9ce6fb2edbe59bd1f85ebd445ffc061
                                                                                                  • Instruction Fuzzy Hash: 79A102B5D0021C8FDB10CFA9C845BEEBBF2BF09344F149169E859A7280DB749985CF55
                                                                                                  Function 02FD44C8 Relevance: 1.8, APIs: 1, Instructions: 261processCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 769 2fd44c8-2fd455a 771 2fd455c-2fd4573 769->771 772 2fd45a3-2fd45cb 769->772 771->772 777 2fd4575-2fd457a 771->777 775 2fd45cd-2fd45e1 772->775 776 2fd4611-2fd4667 772->776 775->776 784 2fd45e3-2fd45e8 775->784 786 2fd46ad-2fd4742 CreateProcessA 776->786 787 2fd4669-2fd467d 776->787 778 2fd459d-2fd45a0 777->778 779 2fd457c-2fd4586 777->779 778->772 781 2fd4588 779->781 782 2fd458a-2fd4599 779->782 781->782 782->782 785 2fd459b 782->785 788 2fd460b-2fd460e 784->788 789 2fd45ea-2fd45f4 784->789 785->778 801 2fd474b-2fd47c1 786->801 802 2fd4744-2fd474a 786->802 787->786 795 2fd467f-2fd4684 787->795 788->776 790 2fd45f8-2fd4607 789->790 791 2fd45f6 789->791 790->790 794 2fd4609 790->794 791->790 794->788 796 2fd46a7-2fd46aa 795->796 797 2fd4686-2fd4690 795->797 796->786 799 2fd4694-2fd46a3 797->799 800 2fd4692 797->800 799->799 803 2fd46a5 799->803 800->799 808 2fd47d1-2fd47d5 801->808 809 2fd47c3-2fd47c7 801->809 802->801 803->796 811 2fd47e5-2fd47e9 808->811 812 2fd47d7-2fd47db 808->812 809->808 810 2fd47c9 809->810 810->808 814 2fd47f9 811->814 815 2fd47eb-2fd47ef 811->815 812->811 813 2fd47dd 812->813 813->811 817 2fd47fa 814->817 815->814 816 2fd47f1 815->816 816->814 817->817
                                                                                                  APIs
                                                                                                  • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 02FD472F
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1579906262.0000000002FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FD0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_2fd0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CreateProcess
                                                                                                  • String ID:
                                                                                                  • API String ID: 963392458-0
                                                                                                  • Opcode ID: 6363e5d57a74b7beb98e94b8ef2a8e7369d5232e070ba003c2ed26c8a706d885
                                                                                                  • Instruction ID: bb18db32a5540188318892f45b7a6c4af45a5c38904dc627888f759967d971d9
                                                                                                  • Opcode Fuzzy Hash: 6363e5d57a74b7beb98e94b8ef2a8e7369d5232e070ba003c2ed26c8a706d885
                                                                                                  • Instruction Fuzzy Hash: 8FA1F1B5D0021C8FDB20CFA9C885BEEBBF2BF09344F149169E859A7280DB749985CF55
                                                                                                  Function 02FD5830 Relevance: 1.6, APIs: 1, Instructions: 119injectionCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 818 2fd5830-2fd58a3 821 2fd58ba-2fd591b WriteProcessMemory 818->821 822 2fd58a5-2fd58b7 818->822 824 2fd591d-2fd5923 821->824 825 2fd5924-2fd5976 821->825 822->821 824->825
                                                                                                  APIs
                                                                                                  • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 02FD590B
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1579906262.0000000002FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FD0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_2fd0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: MemoryProcessWrite
                                                                                                  • String ID:
                                                                                                  • API String ID: 3559483778-0
                                                                                                  • Opcode ID: c12b9d63db9bb2d87d2d754f5d6203e7e12d473bdded062ac9aa8eeff0d26e70
                                                                                                  • Instruction ID: 900f25d2adfad21d19f2de0377adc7c46aad68ac41e0d89c978f027815ebe081
                                                                                                  • Opcode Fuzzy Hash: c12b9d63db9bb2d87d2d754f5d6203e7e12d473bdded062ac9aa8eeff0d26e70
                                                                                                  • Instruction Fuzzy Hash: 6641ABB5D012589FDF10CFA9D984ADEFBF1BB09314F14942AE818B7200D735AA45CF64
                                                                                                  Function 02FD5838 Relevance: 1.6, APIs: 1, Instructions: 116injectionCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 02FD590B
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1579906262.0000000002FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FD0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_2fd0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: MemoryProcessWrite
                                                                                                  • String ID:
                                                                                                  • API String ID: 3559483778-0
                                                                                                  • Opcode ID: 7de4b2e04ec4377c9de67d5a8eb335f9ce5dbb83e3d967068085846033b30ad1
                                                                                                  • Instruction ID: 03c8feae794c5486a035231a362ec470a0bbf837db95f6ad0176fa40146689e0
                                                                                                  • Opcode Fuzzy Hash: 7de4b2e04ec4377c9de67d5a8eb335f9ce5dbb83e3d967068085846033b30ad1
                                                                                                  • Instruction Fuzzy Hash: 5841BCB5D012589FDF10CFA9D980ADEFBF1BB09314F14902AE814B7200D735A945CF64
                                                                                                  Function 02FD54D0 Relevance: 1.6, APIs: 1, Instructions: 104memoryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 02FD5582
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1579906262.0000000002FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FD0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_2fd0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AllocVirtual
                                                                                                  • String ID:
                                                                                                  • API String ID: 4275171209-0
                                                                                                  • Opcode ID: 1012cdfd7c628e489156097ff4f78e5ab3f4b520a00d1c666fb92d825f705c84
                                                                                                  • Instruction ID: f927d6f1bba07e417fbb06755e041c69c395234db8ae2a2d9a4bcca4cd0c1572
                                                                                                  • Opcode Fuzzy Hash: 1012cdfd7c628e489156097ff4f78e5ab3f4b520a00d1c666fb92d825f705c84
                                                                                                  • Instruction Fuzzy Hash: 0631B8B9D052589FCF14CFA9D980ADEFBB1BB09310F14942AE815BB300D735A941CF69
                                                                                                  Function 02FD54D8 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 02FD5582
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1579906262.0000000002FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FD0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_2fd0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AllocVirtual
                                                                                                  • String ID:
                                                                                                  • API String ID: 4275171209-0
                                                                                                  • Opcode ID: 320e29cffb687fbde9f354f1e54063a6b455bdc6f37da5864d78995d48e9040d
                                                                                                  • Instruction ID: 004cd06329506420a8c82a6c3f5320cb50d71bb857bc533ccbc35e73ebb988dc
                                                                                                  • Opcode Fuzzy Hash: 320e29cffb687fbde9f354f1e54063a6b455bdc6f37da5864d78995d48e9040d
                                                                                                  • Instruction Fuzzy Hash: 0F3197B9D042589FCF14CFA9D980A9EFBB1BB09314F14942AE815BB300D735A941CF68
                                                                                                  Function 02FD4DC9 Relevance: 1.6, APIs: 1, Instructions: 95threadCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • Wow64SetThreadContext.KERNEL32(?,?), ref: 02FD4E7F
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1579906262.0000000002FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FD0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_2fd0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ContextThreadWow64
                                                                                                  • String ID:
                                                                                                  • API String ID: 983334009-0
                                                                                                  • Opcode ID: 6b6c612369dcc0be79204ecd85022ec22ed08b4676133c23971b54554d6f3c82
                                                                                                  • Instruction ID: f60896bab8ff40529878f772840db9aba58c5cfbab1f6622da6dbab4a26d08f9
                                                                                                  • Opcode Fuzzy Hash: 6b6c612369dcc0be79204ecd85022ec22ed08b4676133c23971b54554d6f3c82
                                                                                                  • Instruction Fuzzy Hash: BE41CBB5D012589FDB14CFAAD884AEEFBF1BF48314F14802AE419B7240C778A945CFA4
                                                                                                  Function 02FD4DD0 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • Wow64SetThreadContext.KERNEL32(?,?), ref: 02FD4E7F
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1579906262.0000000002FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FD0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_2fd0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ContextThreadWow64
                                                                                                  • String ID:
                                                                                                  • API String ID: 983334009-0
                                                                                                  • Opcode ID: e4c096f5d739353158cb2802a55c2aeecb2ca70d0c4d2f8f085e6dccf8b7e262
                                                                                                  • Instruction ID: 3ba6b55ed137a6fb0355bfe338def50238179d21315b25da74480687b0439a3c
                                                                                                  • Opcode Fuzzy Hash: e4c096f5d739353158cb2802a55c2aeecb2ca70d0c4d2f8f085e6dccf8b7e262
                                                                                                  • Instruction Fuzzy Hash: 5831ABB5D012589FDB14CFAAD984AEEFBF1BF48314F14802AE418B7240D779A945CFA4
                                                                                                  Function 05BC76F4 Relevance: 1.5, Strings: 1, Instructions: 252COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: LRq
                                                                                                  • API String ID: 0-3187445251
                                                                                                  • Opcode ID: a9a190d4ef014f9d18d435d4901d3af48b42bfd6061aaba4a79a001da4153022
                                                                                                  • Instruction ID: 72762807359489b311a7fd9f8d566b999dff4203f4121693e2285d1e1b439b42
                                                                                                  • Opcode Fuzzy Hash: a9a190d4ef014f9d18d435d4901d3af48b42bfd6061aaba4a79a001da4153022
                                                                                                  • Instruction Fuzzy Hash: 61B1CF74A45218CFDB14CFA9D884BADBBF2FB49315F1081AED409A7251DB746D85CF08
                                                                                                  Function 06C10347 Relevance: 1.3, Strings: 1, Instructions: 83COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1605598655.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6c10000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: T
                                                                                                  • API String ID: 0-3187964512
                                                                                                  • Opcode ID: ced22e86893c943a864dd98c8af46fae7c144ed2a23c2a3b22aae3b325e0fecb
                                                                                                  • Instruction ID: abed7f1f8f3f268b1c3e17cc7b5fb0c60b21b4f6b89f1c89bec20449dc2d9636
                                                                                                  • Opcode Fuzzy Hash: ced22e86893c943a864dd98c8af46fae7c144ed2a23c2a3b22aae3b325e0fecb
                                                                                                  • Instruction Fuzzy Hash: 6E41F674E09219CFCB64DF58C994AA9BBF1FF49301F1044EAD509AB345C738AE818F15
                                                                                                  Function 05BCF008 Relevance: 1.3, Strings: 1, Instructions: 75COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: ILuV
                                                                                                  • API String ID: 0-1855505789
                                                                                                  • Opcode ID: e60d5545cbe5ac6e1a89ec4282b6673067256a83630e1df84e16dd8bf58d7e56
                                                                                                  • Instruction ID: 6eaca68ae9ba818cce3d69dd658ffcf5b12c9fbba0277511b7cf84765d15f724
                                                                                                  • Opcode Fuzzy Hash: e60d5545cbe5ac6e1a89ec4282b6673067256a83630e1df84e16dd8bf58d7e56
                                                                                                  • Instruction Fuzzy Hash: E3211770E04209DFDB44CFA9E844ABEBBF2EB88711F1084A9D419A7250E774AA41CF54
                                                                                                  Function 05BCF018 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: ILuV
                                                                                                  • API String ID: 0-1855505789
                                                                                                  • Opcode ID: 5319d3207ec03cb51ef4a3110ba7aff3b8699bcb5917fa6f56c998fb0f031317
                                                                                                  • Instruction ID: fc13e678f25b6abf7732c3afee5befde22370a7bc3d9f8c08956e870c2f59072
                                                                                                  • Opcode Fuzzy Hash: 5319d3207ec03cb51ef4a3110ba7aff3b8699bcb5917fa6f56c998fb0f031317
                                                                                                  • Instruction Fuzzy Hash: FC211970E04209DFDB44CFA9D845ABEBBF2EB88711F1084E9D419A7250E775AA41CF98
                                                                                                  Function 05BCC716 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: +
                                                                                                  • API String ID: 0-2126386893
                                                                                                  • Opcode ID: af9e9df4fedd94e1053fc7c1757f1bad4622e9a81afa44b19adebcbf348eee7f
                                                                                                  • Instruction ID: 60a7a7ad1822452dbbc01912ee7941a6eacaa5f403be8168a4e2b7f09fd5dbfa
                                                                                                  • Opcode Fuzzy Hash: af9e9df4fedd94e1053fc7c1757f1bad4622e9a81afa44b19adebcbf348eee7f
                                                                                                  • Instruction Fuzzy Hash: 2531AD74A01259CFDB64DF68D889BDDBBB2FB89301F4040EADA09A7250CB356E80CF04
                                                                                                  Function 05BCD1BD Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: +
                                                                                                  • API String ID: 0-2126386893
                                                                                                  • Opcode ID: d03aae4323445a2cdd6b9a2c23f766a0d9ce6bcc53b809b3f1d1515346b8a87f
                                                                                                  • Instruction ID: 59d820288b278c7808668e2bc5633f7a2581bd447446707b48d63c31b8c6ed3c
                                                                                                  • Opcode Fuzzy Hash: d03aae4323445a2cdd6b9a2c23f766a0d9ce6bcc53b809b3f1d1515346b8a87f
                                                                                                  • Instruction Fuzzy Hash: 7C31AD74A41258CFDB60CF58D889BDDBBB2FB49315F4044EADA09A7250C7746E84CF04
                                                                                                  Function 05BCBF4B Relevance: 1.3, Strings: 1, Instructions: 65COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: +
                                                                                                  • API String ID: 0-2126386893
                                                                                                  • Opcode ID: 120a218ebf4a40eb24ca096772c259a9d9eee907cb883f797193d97acbb263f7
                                                                                                  • Instruction ID: 2fae54e82b0f8fc03dfcd733f16ec4eb72b3e629a0dce5269ebb48271d1acffb
                                                                                                  • Opcode Fuzzy Hash: 120a218ebf4a40eb24ca096772c259a9d9eee907cb883f797193d97acbb263f7
                                                                                                  • Instruction Fuzzy Hash: 2C319B74A01258CFDB60CF58D889BDDBBB2FB49315F4040EAEA09A7250C7756E81CF04
                                                                                                  Function 05BCC543 Relevance: 1.3, Strings: 1, Instructions: 56COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: !
                                                                                                  • API String ID: 0-2657877971
                                                                                                  • Opcode ID: e9b5ed60991fa1af952bb8973b4cfb874b66bf7d4f7ebc62511b0103d1a390d7
                                                                                                  • Instruction ID: c2ccc08bb8173eb03e6611c90786c915c82f9a0299ab02810a63668e77a6c0c3
                                                                                                  • Opcode Fuzzy Hash: e9b5ed60991fa1af952bb8973b4cfb874b66bf7d4f7ebc62511b0103d1a390d7
                                                                                                  • Instruction Fuzzy Hash: 3221E674A00259CFDB50DFA8DC88BEDBBB2FB89306F4080D99519AB380DA345E81DF00
                                                                                                  Function 05BCCAA5 Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: A
                                                                                                  • API String ID: 0-3554254475
                                                                                                  • Opcode ID: 56141a423dbec5b579712cb48e6beaf7619f4e2ff53b5c35a8cedcaf15db004f
                                                                                                  • Instruction ID: 534258cf0fb5b54ce9f597961476d486476e392192d8f4349b21c1e301c77052
                                                                                                  • Opcode Fuzzy Hash: 56141a423dbec5b579712cb48e6beaf7619f4e2ff53b5c35a8cedcaf15db004f
                                                                                                  • Instruction Fuzzy Hash: F811DD74A002198FDB50DF68DC987EEBBB2FB89305F1080E99519A7385CB745E81DF40
                                                                                                  Function 06C10445 Relevance: 1.3, Strings: 1, Instructions: 35COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1605598655.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6c10000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 5
                                                                                                  • API String ID: 0-2226203566
                                                                                                  • Opcode ID: 1ba057a330179e42365ddd4b9e549e570a7b3023a265124ad493c3a2ddfab4ed
                                                                                                  • Instruction ID: 2cceb838ae243a789a25b8309257c8d0e83be5fa125c197de1d16cf5cf4de011
                                                                                                  • Opcode Fuzzy Hash: 1ba057a330179e42365ddd4b9e549e570a7b3023a265124ad493c3a2ddfab4ed
                                                                                                  • Instruction Fuzzy Hash: C511C978B062198FCB65DF58D884A9AB7F2FB89700F1091D9994DA3748CA389F81CF51
                                                                                                  Function 06C10EA3 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1605598655.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6c10000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 6
                                                                                                  • API String ID: 0-498629140
                                                                                                  • Opcode ID: 256820f198e4d483ecf2a1326c090b176c7b39f3907136f6c147450def904dc1
                                                                                                  • Instruction ID: 0f4b5c74a92c6b1de5e0701ad225538910019bf30dce638862773f551822d0f0
                                                                                                  • Opcode Fuzzy Hash: 256820f198e4d483ecf2a1326c090b176c7b39f3907136f6c147450def904dc1
                                                                                                  • Instruction Fuzzy Hash: 5FF01774B051198FD765DF68D898A9AB7B2FB89614F1040D9A51DA7384CB389E828F10
                                                                                                  Function 05BC9A80 Relevance: .3, Instructions: 317COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: bd62bcba374b32526a1783b5a7cc31959e37a008edcdaf42a209e1ac1c7ccbd9
                                                                                                  • Instruction ID: 6761f70c882fad64e3b22d1720e8a7624829e2b2c997732ba4fc282bcdd57f67
                                                                                                  • Opcode Fuzzy Hash: bd62bcba374b32526a1783b5a7cc31959e37a008edcdaf42a209e1ac1c7ccbd9
                                                                                                  • Instruction Fuzzy Hash: 79E10374A01218DFDB54DF69E884BADBBB2FB89301F1080E9E419A7790DB346E85CF14
                                                                                                  Function 05BC9A70 Relevance: .3, Instructions: 306COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 92e49b9e1c60c093b9bf9e5babd64d564d4e455d07da79f06372e3d30eb628aa
                                                                                                  • Instruction ID: da3478a7913ab75e061600d818a9e5df084b929bb0e51373423124ccce5a754d
                                                                                                  • Opcode Fuzzy Hash: 92e49b9e1c60c093b9bf9e5babd64d564d4e455d07da79f06372e3d30eb628aa
                                                                                                  • Instruction Fuzzy Hash: 4BE1F474A01218DFDB54DF69E884BADBBB2FB89301F1080E9E419A7790DB346E85CF54
                                                                                                  Function 05BC9BA8 Relevance: .3, Instructions: 292COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 53a75b49321c62a9269f1ea8e823d5b0ba3767dc4a57ccd80860c20c16179963
                                                                                                  • Instruction ID: 9df38e67aa085776e76423029ba4182873730168b73f29a0950fab8bea140fe0
                                                                                                  • Opcode Fuzzy Hash: 53a75b49321c62a9269f1ea8e823d5b0ba3767dc4a57ccd80860c20c16179963
                                                                                                  • Instruction Fuzzy Hash: B8D1F474A05219DFDB54DF68E884BADBBB2FB89301F1080E9E409A7790DB346E85CF14
                                                                                                  Function 05BC9C69 Relevance: .3, Instructions: 277COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d0d9a20b20f853a391c2b74b44e27738cc651fb48a06ccff4fb272c1b5ebbe65
                                                                                                  • Instruction ID: c85da72af212ec046242cc55f39e78537fb57bc3e4bb116b3f111d77eaa1dbd6
                                                                                                  • Opcode Fuzzy Hash: d0d9a20b20f853a391c2b74b44e27738cc651fb48a06ccff4fb272c1b5ebbe65
                                                                                                  • Instruction Fuzzy Hash: E7D1F674A01218DFDB54DF68E884BADBBB2FB89301F1080E9E419A7790DB346E85CF54
                                                                                                  Function 05BCA975 Relevance: .3, Instructions: 261COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 8d7423d0e0d373bd7ac6e6a6ef33f1ed1e5c45f3b8893fce5f0b2fcc172ead4e
                                                                                                  • Instruction ID: 7af163f04d789905078b6cc3fb348ea4905611428ebc086e233a6d64183708fe
                                                                                                  • Opcode Fuzzy Hash: 8d7423d0e0d373bd7ac6e6a6ef33f1ed1e5c45f3b8893fce5f0b2fcc172ead4e
                                                                                                  • Instruction Fuzzy Hash: 39C1E570A16218CFDB54DF69D884BADBBB2FB89301F1080E9D409A7390DB346E82CF44
                                                                                                  Function 0179ECB0 Relevance: .2, Instructions: 208COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1579664725.0000000001790000.00000040.00000800.00020000.00000000.sdmp, Offset: 01790000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1790000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5271fba388e5267d6d263cb696f95d602e3ff93c2a3ea98f16c17e6debf3dd9e
                                                                                                  • Instruction ID: b6e866fe1007ea5cc11c07433b21f3446624d019c85d1d94300f0d1ddc6d2802
                                                                                                  • Opcode Fuzzy Hash: 5271fba388e5267d6d263cb696f95d602e3ff93c2a3ea98f16c17e6debf3dd9e
                                                                                                  • Instruction Fuzzy Hash: F3812A35A00618CFDB24DF69D484A9EB7F6FF88710F1581A9E9069B360DB30ED46CB90
                                                                                                  Function 05BC545A Relevance: .2, Instructions: 207COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: bc72c24b8fa2dd838628d39d964cada5ff5116c2d46299b58c65a45727896fd8
                                                                                                  • Instruction ID: ae55ab7a566454edd7c1fb65f01f27fc64f123a17422db1b26d88860cf62e097
                                                                                                  • Opcode Fuzzy Hash: bc72c24b8fa2dd838628d39d964cada5ff5116c2d46299b58c65a45727896fd8
                                                                                                  • Instruction Fuzzy Hash: 9CA1E570A05219CFDB24DF18D898BEEBBB2FB49315F1080E9D809A7794CB746E858F54
                                                                                                  Function 05BC5099 Relevance: .2, Instructions: 206COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 9717eba0a87caf3934c3c2f56d3f0480faf10f2881d9bc0f877590ab06b65fe5
                                                                                                  • Instruction ID: de830faf40c4cc4750ec73d5ed07879a75c0c2087a086777a9bb53fe47ec3169
                                                                                                  • Opcode Fuzzy Hash: 9717eba0a87caf3934c3c2f56d3f0480faf10f2881d9bc0f877590ab06b65fe5
                                                                                                  • Instruction Fuzzy Hash: 92A10570A05219CFDB65DF18D898BEEBBB2FB49315F1080E9D809A7384CB746E858F44
                                                                                                  Function 05BC8338 Relevance: .2, Instructions: 206COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: bb92f50ac06b232393151f67728d24a364b33bdab66527e42881996c61fa1bb7
                                                                                                  • Instruction ID: aa19b72d11b165eafa2a9c5e913006b9de4aec3f53a5d8a72c5fbbbc6ef98029
                                                                                                  • Opcode Fuzzy Hash: bb92f50ac06b232393151f67728d24a364b33bdab66527e42881996c61fa1bb7
                                                                                                  • Instruction Fuzzy Hash: D7910474E05218CFDB50CFA9D884BADBBF2FB88315F1090E9E409A7651DB386985CF58
                                                                                                  Function 05BC8328 Relevance: .2, Instructions: 206COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7b1a2577f6828b504d3dcea21c3ce13763d3a066666a5b5e8427389514bc7a79
                                                                                                  • Instruction ID: 795de8b17c5903db8db061a67f8f50fcc2721a77a7a14b875757705eb67a6adc
                                                                                                  • Opcode Fuzzy Hash: 7b1a2577f6828b504d3dcea21c3ce13763d3a066666a5b5e8427389514bc7a79
                                                                                                  • Instruction Fuzzy Hash: 4091F474E05218CFDB50CFA9D884BADBBF2FB88315F1090A9E409A7751DB786985CF48
                                                                                                  Function 05BC5218 Relevance: .2, Instructions: 205COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f454bcdadd9207856002dd0a06586d281521ca298897cf2bc507e77e02ed13e0
                                                                                                  • Instruction ID: 868dc3b6985bd69043cb14e37c2ed79422bb9326e52fc3b431dd619f618072c8
                                                                                                  • Opcode Fuzzy Hash: f454bcdadd9207856002dd0a06586d281521ca298897cf2bc507e77e02ed13e0
                                                                                                  • Instruction Fuzzy Hash: 02A1E574A01219CFDB65DF18D898BEEBBB2FB49315F1080E9D809A7754CB746E818F44
                                                                                                  Function 05BC5945 Relevance: .2, Instructions: 197COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 16e3d1384e68738ef5496fd2dd03be8e75818e911b6623c98bdbbe9ac6e8eedd
                                                                                                  • Instruction ID: 5f905eac1a22fa94acbf7e575167c02a87f65360355553178f6b7025c8e5bced
                                                                                                  • Opcode Fuzzy Hash: 16e3d1384e68738ef5496fd2dd03be8e75818e911b6623c98bdbbe9ac6e8eedd
                                                                                                  • Instruction Fuzzy Hash: 6C911774A05219CFDB65DF18D898BEEBBB2FB49315F1080E9D809A7784CB745E818F44
                                                                                                  Function 05BC563D Relevance: .2, Instructions: 189COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 3ec7ee7698dae66f9411965c6e0c4e22b8e5d703a019d6448ff8f16b5601c039
                                                                                                  • Instruction ID: 431376c4b5a3abd8b189c18455e35522561451f0120d43d519cf63eb2b69b6bf
                                                                                                  • Opcode Fuzzy Hash: 3ec7ee7698dae66f9411965c6e0c4e22b8e5d703a019d6448ff8f16b5601c039
                                                                                                  • Instruction Fuzzy Hash: 99910470A05219CFDB65DF18D898BEEBBB2FB49315F1080E9D809A7654CB746E818F44
                                                                                                  Function 05BC5343 Relevance: .2, Instructions: 182COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 290c117d8a21ca60277afc84de5e333a4ec515182207cd5fadfc7027cddbc501
                                                                                                  • Instruction ID: af67a74f3786da28e6a40e545ffdaf973b8bb0d2c6f7f3b2193db2209322c94f
                                                                                                  • Opcode Fuzzy Hash: 290c117d8a21ca60277afc84de5e333a4ec515182207cd5fadfc7027cddbc501
                                                                                                  • Instruction Fuzzy Hash: 6591E370A05219CFDB64DF18D898BEEBBB2FB49315F1080E9D809A7694CB746E81CF54
                                                                                                  Function 05BC5830 Relevance: .2, Instructions: 179COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 6527f80006eee7c4a777d22dfd330143acbe9082f6a09636c2d2cdd47985497b
                                                                                                  • Instruction ID: 2acbdf2eb75b6892af9084a9f376b787ec9af9b277cb9518ae4246cd654ef451
                                                                                                  • Opcode Fuzzy Hash: 6527f80006eee7c4a777d22dfd330143acbe9082f6a09636c2d2cdd47985497b
                                                                                                  • Instruction Fuzzy Hash: 39810570A05219CFDB25DF19D898BEEBBB2FB49315F1080E9D809A7794CB346E818F44
                                                                                                  Function 05BC57A4 Relevance: .2, Instructions: 177COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 8f5a1a29283f7fdc9ba981959400a8bef4239ba4cc48d6d1d899cb506ab3f278
                                                                                                  • Instruction ID: cbdf0850a8ac88d5e7d3b48da3623cd071f196a0f7e28c405a0e3ce4bdcf1717
                                                                                                  • Opcode Fuzzy Hash: 8f5a1a29283f7fdc9ba981959400a8bef4239ba4cc48d6d1d899cb506ab3f278
                                                                                                  • Instruction Fuzzy Hash: B5810570A05219CFDB24DF18D898BAEBBF2FB49315F1080E9D809A7644CB746E81CF44
                                                                                                  Function 05BC518B Relevance: .2, Instructions: 177COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: a6528c84a84747c963074e787356f0d66cccee9f812d4594a555d7b266cbd849
                                                                                                  • Instruction ID: e185caf92384fbfeab1e9e1f087934fb47eb1b832a3de750c87f91b228fbee2c
                                                                                                  • Opcode Fuzzy Hash: a6528c84a84747c963074e787356f0d66cccee9f812d4594a555d7b266cbd849
                                                                                                  • Instruction Fuzzy Hash: 3681F670A05219CFDB64DF19D898BEEBBB2FB49315F1080E9D809A7784CB746E818F54
                                                                                                  Function 05BC50FD Relevance: .2, Instructions: 177COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 73e6d65ead5900fc65c22e4670ab39f090c669cab9ca97563579e65de4f8d75f
                                                                                                  • Instruction ID: 56c2de558082a0732896df7c80c1df4156bd7691654ff330133406bedf55a313
                                                                                                  • Opcode Fuzzy Hash: 73e6d65ead5900fc65c22e4670ab39f090c669cab9ca97563579e65de4f8d75f
                                                                                                  • Instruction Fuzzy Hash: 7981F470A05219CFDB24DF18D898BEEBBB2FB49315F1080E9D809A7684CB746E818F44
                                                                                                  Function 05BC4CAC Relevance: .2, Instructions: 171COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 803384d36685db345c9d2df6bbe46ebeca907a2abaf7d8885a76ed97759ef674
                                                                                                  • Instruction ID: 12f6a2f5e69f51a20f1ac39aa197bd389a2a81a57906e21a4bac7267f751d610
                                                                                                  • Opcode Fuzzy Hash: 803384d36685db345c9d2df6bbe46ebeca907a2abaf7d8885a76ed97759ef674
                                                                                                  • Instruction Fuzzy Hash: FC810670A05219CFDB25DF18D998BEEBBB2FB49315F1080E9D809A7644CB746E818F54
                                                                                                  Function 05BCB7F0 Relevance: .1, Instructions: 117COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c023742f9895849e85a613f617f4545b735ddb21af466313cd35eb7b911f1cdc
                                                                                                  • Instruction ID: a27283684920f4a31009be5f08d02f6cc29f0874b2788cc0525b9bbea942c904
                                                                                                  • Opcode Fuzzy Hash: c023742f9895849e85a613f617f4545b735ddb21af466313cd35eb7b911f1cdc
                                                                                                  • Instruction Fuzzy Hash: 4751F674A05218CFDB50CFA8D849BADBBB2FF49315F5041E9D809A7290DB386E85CF58
                                                                                                  Function 01798CC1 Relevance: .1, Instructions: 116COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1579664725.0000000001790000.00000040.00000800.00020000.00000000.sdmp, Offset: 01790000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1790000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: a69021f51e4a47e81fd1221b552d1b31f5637195bab8d9cba9c8b39e5cf2ffc6
                                                                                                  • Instruction ID: 0392fb86aa0b22321a65a039b3b2e4afeeba42fe051f41ffe6b952c4be1ee4aa
                                                                                                  • Opcode Fuzzy Hash: a69021f51e4a47e81fd1221b552d1b31f5637195bab8d9cba9c8b39e5cf2ffc6
                                                                                                  • Instruction Fuzzy Hash: EA416CB0D052098FDB04CFAAE54959DFBF2FF8A300F14C4AAC415E7225E7345A89CB52
                                                                                                  Function 01790870 Relevance: .1, Instructions: 101COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1579664725.0000000001790000.00000040.00000800.00020000.00000000.sdmp, Offset: 01790000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1790000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 09ace801cf7ed85bf5020f83d8507b50673e90b88a2e8e6183bac6c13c26d6eb
                                                                                                  • Instruction ID: b5a72a58c43476fc982c0cfc56c73e7785c1c236d7536edbb135c558d67231d9
                                                                                                  • Opcode Fuzzy Hash: 09ace801cf7ed85bf5020f83d8507b50673e90b88a2e8e6183bac6c13c26d6eb
                                                                                                  • Instruction Fuzzy Hash: 25319031E1030A8FCB04DFB8D8449EEFBB6FF89310F158599E505AB291E774A946CB91
                                                                                                  Function 05BC4ABD Relevance: .1, Instructions: 100COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: bb4991bd11fa8ff3e18b352f4eafbfb7133c353a1a144557005702056b110fc2
                                                                                                  • Instruction ID: 39d250377c92ca56ec29f0817c4606cb27377cd3b7dcfc895c7eec7c01551cb2
                                                                                                  • Opcode Fuzzy Hash: bb4991bd11fa8ff3e18b352f4eafbfb7133c353a1a144557005702056b110fc2
                                                                                                  • Instruction Fuzzy Hash: 27413D74B112198FC756DF2CDC98AAA7BB6FB8C701F1081E9A91997785CB349F818F40
                                                                                                  Function 05BCEA84 Relevance: .1, Instructions: 97COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 355f8cc09d894f4ef3f75e8bb441d58896b165adaa6265715254f143d87ab73d
                                                                                                  • Instruction ID: 758e7a8418713517ba2d80501fd7c26fdd4eb5c3de5c942a30d0cd645538e528
                                                                                                  • Opcode Fuzzy Hash: 355f8cc09d894f4ef3f75e8bb441d58896b165adaa6265715254f143d87ab73d
                                                                                                  • Instruction Fuzzy Hash: 7041BE74A05228CFDB61CFA8D944BADBBF2FB48305F1041E9D409AB291DB74AA84CF15
                                                                                                  Function 01790B18 Relevance: .1, Instructions: 92COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1579664725.0000000001790000.00000040.00000800.00020000.00000000.sdmp, Offset: 01790000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1790000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 3d1b7ccbc0b012e89b5a5c6508fb508903901a42d4fad847e88120912979712d
                                                                                                  • Instruction ID: 6f0be29bc509836c0880dbdf831bd1d6d57e32f7b6ed27093e250854ac70f164
                                                                                                  • Opcode Fuzzy Hash: 3d1b7ccbc0b012e89b5a5c6508fb508903901a42d4fad847e88120912979712d
                                                                                                  • Instruction Fuzzy Hash: E6316F71F002489FDB11DF68D880ADEFBF6FF89750B14816AE805A7355DB34AD458B90
                                                                                                  Function 01790C51 Relevance: .1, Instructions: 89COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1579664725.0000000001790000.00000040.00000800.00020000.00000000.sdmp, Offset: 01790000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1790000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ae8fbf24e21a3a169ec7eb7a30353dadea94f9309aba062206ac7980626977fe
                                                                                                  • Instruction ID: 56fe0bd231df45532084400729ef2e9dd5f78b1cfc52b0d1ab6647300f336a5d
                                                                                                  • Opcode Fuzzy Hash: ae8fbf24e21a3a169ec7eb7a30353dadea94f9309aba062206ac7980626977fe
                                                                                                  • Instruction Fuzzy Hash: FE312770A102189FCB11DBACE584AEDFBF5FF49314F5480AAE419AB251D730A885CFA5
                                                                                                  Function 017988C0 Relevance: .1, Instructions: 82COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1579664725.0000000001790000.00000040.00000800.00020000.00000000.sdmp, Offset: 01790000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1790000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e48e16430fdfa857d50e7b0e6187c2fb682f2d2535d3e717121273ed87af3f19
                                                                                                  • Instruction ID: b216eecbf5a76d8aeb0ad386ebbceb0ab60d5ada4b9766bd4fa51cfcc5ea1a88
                                                                                                  • Opcode Fuzzy Hash: e48e16430fdfa857d50e7b0e6187c2fb682f2d2535d3e717121273ed87af3f19
                                                                                                  • Instruction Fuzzy Hash: 24317CB090520DDFDB05DFA8D4887AEBFF1FB4A324F1085AAD415A3241DB784A89CF56
                                                                                                  Function 05BC4640 Relevance: .1, Instructions: 82COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e3216c8eb4fce347221d638014694deaca5d09bc4767ac27daacb82037720478
                                                                                                  • Instruction ID: bbbc7307dbc9013c18b4a86a0dc99b9417df618bb4d9c4557bf1d3ed91a594b2
                                                                                                  • Opcode Fuzzy Hash: e3216c8eb4fce347221d638014694deaca5d09bc4767ac27daacb82037720478
                                                                                                  • Instruction Fuzzy Hash: 0A311970E052298BDB64CF29D854BADBBB6FB89301F00C0EED459A7244DB745A848F14
                                                                                                  Function 01798CD0 Relevance: .1, Instructions: 79COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1579664725.0000000001790000.00000040.00000800.00020000.00000000.sdmp, Offset: 01790000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1790000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: cf4a6c12e72f19623971185f2b6a832cf7e1297503a79743f139416f1d327176
                                                                                                  • Instruction ID: 12abf6ba3ae3b6c06b2a1ab103e968f8f2fed41e6f1526825b55ffc6571e0f56
                                                                                                  • Opcode Fuzzy Hash: cf4a6c12e72f19623971185f2b6a832cf7e1297503a79743f139416f1d327176
                                                                                                  • Instruction Fuzzy Hash: DB31C574D00209DFDB04DFA9D58969DFBF1FB4A300F1484A9D515A7210EB749A88CF52
                                                                                                  Function 0179C938 Relevance: .1, Instructions: 76COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1579664725.0000000001790000.00000040.00000800.00020000.00000000.sdmp, Offset: 01790000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1790000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: dec7d62593e89cb51df30e79fba4f42a9ced7942ba75f38900286b9321fdb346
                                                                                                  • Instruction ID: d254ac0360d8c5f54ad2a99f0861d5060939c050a1a640749272debe79f160dc
                                                                                                  • Opcode Fuzzy Hash: dec7d62593e89cb51df30e79fba4f42a9ced7942ba75f38900286b9321fdb346
                                                                                                  • Instruction Fuzzy Hash: 352106B4E002098BEF05DFAAD8486EEFBF6FB89310F048469D515B7384DB7849498F55
                                                                                                  Function 05BCEC31 Relevance: .1, Instructions: 76COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b21d34ed1aba1a74a0da8a488e024f983eb89aeff04247872c21ddb7c491af1c
                                                                                                  • Instruction ID: bf2f9ad4ebc479af12304fc985e156c3e7b697814f678e8e2287fbffb5e317cd
                                                                                                  • Opcode Fuzzy Hash: b21d34ed1aba1a74a0da8a488e024f983eb89aeff04247872c21ddb7c491af1c
                                                                                                  • Instruction Fuzzy Hash: 9841AE74E05218CFDB65CFA8D844BACBBF2FB49315F1080E9D409AB265DB749A84CF04
                                                                                                  Function 017988D0 Relevance: .1, Instructions: 74COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1579664725.0000000001790000.00000040.00000800.00020000.00000000.sdmp, Offset: 01790000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1790000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c1d8a7ef0af16377cdd73a2cbbb21f41c527db50e314ec5e832ccfe9109cc351
                                                                                                  • Instruction ID: 89726f88a3670f5dc426ec1034297d945749f82b3fe292feee412794c77af803
                                                                                                  • Opcode Fuzzy Hash: c1d8a7ef0af16377cdd73a2cbbb21f41c527db50e314ec5e832ccfe9109cc351
                                                                                                  • Instruction Fuzzy Hash: 3631217090520CDFDB04DFA8D4887AEBBF1FB4A325F1085A9D415A3341DB794A88CF56
                                                                                                  Function 016CD048 Relevance: .1, Instructions: 74COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1578390153.00000000016CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 016CD000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_16cd000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e1c438baf4ff055073da4936632b96fc1a5f614ac705eeac9a4b3dac30faf923
                                                                                                  • Instruction ID: 3450468691ab5ae613cd178b123366413e31bfe0c3fe763333b8e2cca3c0adc0
                                                                                                  • Opcode Fuzzy Hash: e1c438baf4ff055073da4936632b96fc1a5f614ac705eeac9a4b3dac30faf923
                                                                                                  • Instruction Fuzzy Hash: 2621FF71604240AFDB15DF98DDC0B26BBA5FB84B14F20856DE90A0B342C336D447CAE2
                                                                                                  Function 01790A0F Relevance: .1, Instructions: 73COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1579664725.0000000001790000.00000040.00000800.00020000.00000000.sdmp, Offset: 01790000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1790000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 65cf344fe8ee42c8ef017435657704f67f66ec0b6280bac7631d6105ffa491de
                                                                                                  • Instruction ID: 4793bfcd35f6fb8e4a6a1e5cedb7156e03aeed4449fb62b25bb17fb7248a1264
                                                                                                  • Opcode Fuzzy Hash: 65cf344fe8ee42c8ef017435657704f67f66ec0b6280bac7631d6105ffa491de
                                                                                                  • Instruction Fuzzy Hash: F821B030B113159FDF25CF69DC046EEFBF9FF84610B14866EE446A7255DB24A908CBA0
                                                                                                  Function 05BCF3D8 Relevance: .1, Instructions: 73COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ecdffde66089a4755e2a48c8118cc7c6aca4dfd0c3986fcf4ebaa9606e55130c
                                                                                                  • Instruction ID: ea145e34b066d170cda6762c6dc71e436fadf53540683c76694e8e6806e4af71
                                                                                                  • Opcode Fuzzy Hash: ecdffde66089a4755e2a48c8118cc7c6aca4dfd0c3986fcf4ebaa9606e55130c
                                                                                                  • Instruction Fuzzy Hash: FF218B70A04209DFCB44CFA8E845ABEBBF2EB88301F1080E9D815E7351D774AA40CF54
                                                                                                  Function 05BCE9F4 Relevance: .1, Instructions: 72COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 75aaaa0aca417c6f38425df6d40b220ccf37e0e5b189bd3987b18848f57348b4
                                                                                                  • Instruction ID: 04b4fe82a64caf5df89728d0e0e5e97744d213c9c768ef44afe4781e883cba58
                                                                                                  • Opcode Fuzzy Hash: 75aaaa0aca417c6f38425df6d40b220ccf37e0e5b189bd3987b18848f57348b4
                                                                                                  • Instruction Fuzzy Hash: A231A374A05218CFDB25CFA8D944BECBBF6FB48315F1080EAD409AB291D775AA84CF14
                                                                                                  Function 05BCA180 Relevance: .1, Instructions: 71COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 9ec07a64bd2a7af925a0c5e649f819492ca0023c3e9582d0d3bec190ff5e958c
                                                                                                  • Instruction ID: d3360ec7ca985f66bcd610f480b6dc47faaa34778cb4328d296e9c760c273415
                                                                                                  • Opcode Fuzzy Hash: 9ec07a64bd2a7af925a0c5e649f819492ca0023c3e9582d0d3bec190ff5e958c
                                                                                                  • Instruction Fuzzy Hash: 1D212770E0420D9FDB04CFA9D8457BEBFF2FB89305F5084AAD415A3280DB786A458F55
                                                                                                  Function 05BCF3E8 Relevance: .1, Instructions: 71COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d96cdd3904b09caff381b8e9da4e0b428bdafc259165462eb20819f98d409157
                                                                                                  • Instruction ID: 0395f1473eb083688ad5cebd6fff302dbf561ea3dab0edba996a23e955f0e0f9
                                                                                                  • Opcode Fuzzy Hash: d96cdd3904b09caff381b8e9da4e0b428bdafc259165462eb20819f98d409157
                                                                                                  • Instruction Fuzzy Hash: 91214570A04209DFCB44CFA9E845ABEBBF2FB88311F1084E9D819A7350D774AA40CF94
                                                                                                  Function 01790A20 Relevance: .1, Instructions: 70COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1579664725.0000000001790000.00000040.00000800.00020000.00000000.sdmp, Offset: 01790000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1790000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7b51b8b39492e05820dc27197941cc358848d400cc1894dbf0e7b06c457bdf1f
                                                                                                  • Instruction ID: aa494fcf35c3d4fd9a238b1ee8a9a38ba8a6d1e5f089cdf3c1799619a69e3f3e
                                                                                                  • Opcode Fuzzy Hash: 7b51b8b39492e05820dc27197941cc358848d400cc1894dbf0e7b06c457bdf1f
                                                                                                  • Instruction Fuzzy Hash: 6B219D31A007158FDF24DF69CC44A9EBBF5FF88610B104A6DE496A7294DB34A948CBA0
                                                                                                  Function 0179FEE8 Relevance: .1, Instructions: 69COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1579664725.0000000001790000.00000040.00000800.00020000.00000000.sdmp, Offset: 01790000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1790000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b2dae79a3766e5b463da31097c598c8fde1f5eb7d04ebf6b1d1727f303c35108
                                                                                                  • Instruction ID: 6594974489a63c494c08f4e26a798c935a930ba6e5baadcc71b639d26b297b46
                                                                                                  • Opcode Fuzzy Hash: b2dae79a3766e5b463da31097c598c8fde1f5eb7d04ebf6b1d1727f303c35108
                                                                                                  • Instruction Fuzzy Hash: C8210475A002098FDB15DFA8D984ADDB7F2FF88311F2041A4E505BB2A1CB75AD45CBE0
                                                                                                  Function 05BCA190 Relevance: .1, Instructions: 68COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 92766777b92b479a04824500128c532b4e5edd5f6b52ce9e8242c25d9b7ed0f6
                                                                                                  • Instruction ID: 4afaa1fe647538bb572bdf3fe37bbe9f18adf12445acde0df072cce87bb54417
                                                                                                  • Opcode Fuzzy Hash: 92766777b92b479a04824500128c532b4e5edd5f6b52ce9e8242c25d9b7ed0f6
                                                                                                  • Instruction Fuzzy Hash: 55213670E0420D9FCB00CFA9D845BBEBBF6FB89300F5084A9D415A3280DB786A858F55
                                                                                                  Function 05BCE93D Relevance: .1, Instructions: 66COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f6e00a32e72d051efcffbd2b4aaf0c76f45d36c88e8586c1a86bfe0bc0408420
                                                                                                  • Instruction ID: b8f2ac73fea65c3f6504d8f2312e9dd31a73edfd0671b3e0c595b04e64134e88
                                                                                                  • Opcode Fuzzy Hash: f6e00a32e72d051efcffbd2b4aaf0c76f45d36c88e8586c1a86bfe0bc0408420
                                                                                                  • Instruction Fuzzy Hash: 9A31B270A05218CFDB61CFA8D944BECBBF5EB48315F1040EAD409AB291DB759A84CF14
                                                                                                  Function 01790861 Relevance: .1, Instructions: 58COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1579664725.0000000001790000.00000040.00000800.00020000.00000000.sdmp, Offset: 01790000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1790000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 9aba3d97b8694a0861b447c1bdd54d164fd454c5e3c42cf4e0cb791e5d02249b
                                                                                                  • Instruction ID: 15716915331a78b7394bc9892b0b61a1f87c50cbaf7792d246385eb1a506e27a
                                                                                                  • Opcode Fuzzy Hash: 9aba3d97b8694a0861b447c1bdd54d164fd454c5e3c42cf4e0cb791e5d02249b
                                                                                                  • Instruction Fuzzy Hash: 41110274E50209CFCB44DFA8C889AAEBBF2FF49300F1581A9E905DB361D735E8458B80
                                                                                                  Function 0179DD18 Relevance: .1, Instructions: 58COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1579664725.0000000001790000.00000040.00000800.00020000.00000000.sdmp, Offset: 01790000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1790000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d52370ea945955db46433d129f1adaf02fc06644534ee4c23bdd9d7f27c5acb8
                                                                                                  • Instruction ID: a402cf62a08a2ea054e342218c9049003d8858d2b5112cf30926b6903b864119
                                                                                                  • Opcode Fuzzy Hash: d52370ea945955db46433d129f1adaf02fc06644534ee4c23bdd9d7f27c5acb8
                                                                                                  • Instruction Fuzzy Hash: CF111270D00209CFCF28CFE9D8446EEFBB6AB88310F10806AD508A3250D7745A89CBA0
                                                                                                  Function 05BC6973 Relevance: .1, Instructions: 55COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 4fc17a5cbbe322453f84785e4bbb16b2d058d3dcedb64b8cadf3d1b9e7571ff7
                                                                                                  • Instruction ID: e00357f6e72702275b9acfc5e0b61fdab98b1f402be10f9f69aec7833127c430
                                                                                                  • Opcode Fuzzy Hash: 4fc17a5cbbe322453f84785e4bbb16b2d058d3dcedb64b8cadf3d1b9e7571ff7
                                                                                                  • Instruction Fuzzy Hash: 4221F974E042198FC720DF68D88479DBBB2FB88301F1080DAA419B3744CA745EC2CF10
                                                                                                  Function 05BC4811 Relevance: .1, Instructions: 55COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: cf826fee720aeb9e0c841d6c8bd9193a0b3cd40ce6889e46dcb40a144a5997f7
                                                                                                  • Instruction ID: cabca1bf2159fcb6bf45f7f154377ae0b947276feb512a1a910b72f8c696ea62
                                                                                                  • Opcode Fuzzy Hash: cf826fee720aeb9e0c841d6c8bd9193a0b3cd40ce6889e46dcb40a144a5997f7
                                                                                                  • Instruction Fuzzy Hash: B521CA74A41229CFCB61DF24E898BADBBB1FB89345F1081EA8819A7340DB345E81CF54
                                                                                                  Function 016CD043 Relevance: .1, Instructions: 55COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1578390153.00000000016CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 016CD000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_16cd000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c17b92067f9f392c36d9c2df8838e5273bef87ad497ca21dd9e73911e0fdf5c2
                                                                                                  • Instruction ID: a7fb1a32faf79a636c52535a96ed8c74b339aadea7122710c86ef2c0111ed9a9
                                                                                                  • Opcode Fuzzy Hash: c17b92067f9f392c36d9c2df8838e5273bef87ad497ca21dd9e73911e0fdf5c2
                                                                                                  • Instruction Fuzzy Hash: 7E11AC76504280CFCB16CF54D9C4B26BFB2FB84714F24C6ADD8494BA56C33AD41ACBA2
                                                                                                  Function 05BC6858 Relevance: .1, Instructions: 51COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: fbfa0bf9634f70fe86970a9df0a3708c71c1d57d1dc659aec82fe123872de0ea
                                                                                                  • Instruction ID: da2ec287a4840ba668611903adc2a750974e76188b9594e1cd67c7c7ce1b666d
                                                                                                  • Opcode Fuzzy Hash: fbfa0bf9634f70fe86970a9df0a3708c71c1d57d1dc659aec82fe123872de0ea
                                                                                                  • Instruction Fuzzy Hash: 2F21E674E142198FC760DF68D8847ADBBB2FB98301F1081EAA859B3744CA745EC2DF50
                                                                                                  Function 06C2F030 Relevance: .0, Instructions: 46COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1605598655.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6c10000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: bf4d2d51078bd3284186ad51af1b0af18508333ff3e2f7a3e5b5c9c2d8f5d40c
                                                                                                  • Instruction ID: e1e1069abcd8a259e64ea099e32eeaa3bbadad4b9c83cb3223bdf3452af1f84b
                                                                                                  • Opcode Fuzzy Hash: bf4d2d51078bd3284186ad51af1b0af18508333ff3e2f7a3e5b5c9c2d8f5d40c
                                                                                                  • Instruction Fuzzy Hash: AC11B7B0E0020A9FDB44DFA9C9457BFBBF5FF88300F14846A9418A7354EA305A418BA5
                                                                                                  Function 016BD01D Relevance: .0, Instructions: 45COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1578226531.00000000016BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 016BD000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_16bd000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: a35e619d84a3d4d2957974502a20bdbc089d4ac41c62560259ebd6489026bac1
                                                                                                  • Instruction ID: 068ddce4d2b28be6175556efdd8eb334435d3e33884dcad8566cbc6c9dff2dd3
                                                                                                  • Opcode Fuzzy Hash: a35e619d84a3d4d2957974502a20bdbc089d4ac41c62560259ebd6489026bac1
                                                                                                  • Instruction Fuzzy Hash: FA01A771408340ABE7204E65CCC4BA7BBD8DF412A8F188559ED490F282C37994C6CBB5
                                                                                                  Function 016BD006 Relevance: .0, Instructions: 44COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1578226531.00000000016BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 016BD000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_16bd000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 704b52f7c051c0954d119bc893a82384860b3807e2275b164890ec6702f2041c
                                                                                                  • Instruction ID: 4792cb133c6786d4b306a491e268e2672c73dfe1dbaaac9735e27c33cae760aa
                                                                                                  • Opcode Fuzzy Hash: 704b52f7c051c0954d119bc893a82384860b3807e2275b164890ec6702f2041c
                                                                                                  • Instruction Fuzzy Hash: 7001047140D3C05FD7168B258D94752BFB4DF43264F1981DBD9888F2A3C2695845C772
                                                                                                  Function 06C13967 Relevance: .0, Instructions: 44COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1605598655.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6c10000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 74c23fe462b8b99565024251ac23ba1da785b1e7c0ccace82db39a1b1fb111a1
                                                                                                  • Instruction ID: 6281877a5966e1e0dbaa25f27fb801f18b21e414bc4f98655ef6060a665a5921
                                                                                                  • Opcode Fuzzy Hash: 74c23fe462b8b99565024251ac23ba1da785b1e7c0ccace82db39a1b1fb111a1
                                                                                                  • Instruction Fuzzy Hash: 0F21FF34E41229CFEB68DF18C988AD9BBF1BF09304F5455E9E908AB340CB349E849F05
                                                                                                  Function 01790994 Relevance: .0, Instructions: 39COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1579664725.0000000001790000.00000040.00000800.00020000.00000000.sdmp, Offset: 01790000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1790000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2b3ec0329d4c109d946ef82177d92776d6a16c7602079da30d75e9eda697c8c5
                                                                                                  • Instruction ID: 738cc64acbd2868c27c42d1028d5300f960fe4a098a4dc757fa384ba2b38f2b7
                                                                                                  • Opcode Fuzzy Hash: 2b3ec0329d4c109d946ef82177d92776d6a16c7602079da30d75e9eda697c8c5
                                                                                                  • Instruction Fuzzy Hash: 5EF0C871E503489BDF15CBB0C8659FFBFBA9F84300F04C56AD402AB280DE746D0686D2
                                                                                                  Function 05BCDB8A Relevance: .0, Instructions: 37COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 90e67c4b0803e041fcef4aac0acc9a2780f49d06ab02ca6975b2454a1ef24284
                                                                                                  • Instruction ID: 235858d56e0362ede5f607ec1e42317c0e8077834c4d7bdd53bc9fe747c2b5a7
                                                                                                  • Opcode Fuzzy Hash: 90e67c4b0803e041fcef4aac0acc9a2780f49d06ab02ca6975b2454a1ef24284
                                                                                                  • Instruction Fuzzy Hash: AA111B78A05218CFDB64CF14D885BE9BBB2FB45315F1090EAD50AA7640C7745EC4CF48
                                                                                                  Function 05BCD670 Relevance: .0, Instructions: 34COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c1617806dfa0bdd9d6ae11cd9ac893d38a9f0fae8de8431d4e6eb558f6fb8a75
                                                                                                  • Instruction ID: 1b751b3db8cd0602222f1b72bebc4197740cfacf91ccae86f618c49e84ffe385
                                                                                                  • Opcode Fuzzy Hash: c1617806dfa0bdd9d6ae11cd9ac893d38a9f0fae8de8431d4e6eb558f6fb8a75
                                                                                                  • Instruction Fuzzy Hash: 580124B680024AABCF11EF94DC00AEDBB71FF49310F018569EA6837251E731A566DB90
                                                                                                  Function 05BCD680 Relevance: .0, Instructions: 32COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e24b3915d8499bcc02b3a1b4d6ba576b1246e09e4771272411925f1b46563804
                                                                                                  • Instruction ID: a9036189431030745a5c56b73254d6390b16c56cc52ebfec8423640972c49a26
                                                                                                  • Opcode Fuzzy Hash: e24b3915d8499bcc02b3a1b4d6ba576b1246e09e4771272411925f1b46563804
                                                                                                  • Instruction Fuzzy Hash: 06F0EC3580024ADBCF11DF95D8009EEBB75FF89314F00C569E95827210D731A565DF94
                                                                                                  Function 05BCDE27 Relevance: .0, Instructions: 32COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 686ff157508cc61921b0e5b66b6ef30c58334dad66f41b404ffff9731acf89cc
                                                                                                  • Instruction ID: bd00563867233def8d3caa8b8eed3124984af9e9f4f7c4ea4ddeb1db0fa7d1a1
                                                                                                  • Opcode Fuzzy Hash: 686ff157508cc61921b0e5b66b6ef30c58334dad66f41b404ffff9731acf89cc
                                                                                                  • Instruction Fuzzy Hash: A501F67590421D9FDB61CF54CC80BDAB7BAFB49304F1081DAA509A7280CB759AC9CF50
                                                                                                  Function 05BCB657 Relevance: .0, Instructions: 32COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 39f6887c86ce56767b65fd32a00c86e0988a3c6f81122f9b7008a9a8c5b45d9e
                                                                                                  • Instruction ID: a83c059f352c5d6888ed08448973a019ac1ac5507c3b863286ce88df23a0aefe
                                                                                                  • Opcode Fuzzy Hash: 39f6887c86ce56767b65fd32a00c86e0988a3c6f81122f9b7008a9a8c5b45d9e
                                                                                                  • Instruction Fuzzy Hash: 26F090B4A091488FCB41CF94C85D6EEBFB6FF0A314F1041D9E055A6251D638594ACF65
                                                                                                  Function 05BC8E09 Relevance: .0, Instructions: 31COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e72919cacad63f3f883840152b99feb5fc9249360b0a1277d35ab11187781057
                                                                                                  • Instruction ID: 2fa3599ecb9a3a2084cd771337bd19e123fef8d1b05d812973a0043783b6fbd7
                                                                                                  • Opcode Fuzzy Hash: e72919cacad63f3f883840152b99feb5fc9249360b0a1277d35ab11187781057
                                                                                                  • Instruction Fuzzy Hash: ABF0823654818AEFCB12CF50DD00EBABF62EB56305F1485DDEC1907261D633A926DB86
                                                                                                  Function 05BCE511 Relevance: .0, Instructions: 30COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 96dca0a799adf92793660438e8df5d5c660da73d9ffb6e3366982b6ef5f059d3
                                                                                                  • Instruction ID: 9528b27d9a48ba5489ce27984220f6704e9edf68af2473269518289cf3d503ce
                                                                                                  • Opcode Fuzzy Hash: 96dca0a799adf92793660438e8df5d5c660da73d9ffb6e3366982b6ef5f059d3
                                                                                                  • Instruction Fuzzy Hash: 4BF03A74804248EFCB01CF94D904AADBFB9EB49301F0481DED86457355E632AA11EB51
                                                                                                  Function 05BC00F8 Relevance: .0, Instructions: 29COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f2d86449f197cd0aceb75054dbfbd805a71a92f7b51c2b6f4a3bdfd7d2e431e2
                                                                                                  • Instruction ID: 6adea56c88b42fd1111b521e7599913d2132333ac6da7808283355f62fc8912d
                                                                                                  • Opcode Fuzzy Hash: f2d86449f197cd0aceb75054dbfbd805a71a92f7b51c2b6f4a3bdfd7d2e431e2
                                                                                                  • Instruction Fuzzy Hash: A4F0EC3050C348DFCB05DFA4D84466CFFF59B06205F2490DDE84457242C6315D56CB56
                                                                                                  Function 05BCE194 Relevance: .0, Instructions: 28COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 405fce81ec84f2836c738e3f6345da146f99146fdcf153001862b3cd383fd781
                                                                                                  • Instruction ID: 540859fbf73484aff28e9b0a2c8c228710d8dd3e3604279123f4f29f8ad55674
                                                                                                  • Opcode Fuzzy Hash: 405fce81ec84f2836c738e3f6345da146f99146fdcf153001862b3cd383fd781
                                                                                                  • Instruction Fuzzy Hash: C501F6749052198FCBA1CF18DC84BEABBF5FB08301F1040EAE419A7640D7359AC8CF54
                                                                                                  Function 05BCBCA1 Relevance: .0, Instructions: 27COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 89b7ac3d13f5300d4aaa3c9078c639ef104aa28a90915e33bcd0f2e1eea87242
                                                                                                  • Instruction ID: 94ada9881a95de556d545afa21f7fdaca466c1fb60f605732f2230f8faf68634
                                                                                                  • Opcode Fuzzy Hash: 89b7ac3d13f5300d4aaa3c9078c639ef104aa28a90915e33bcd0f2e1eea87242
                                                                                                  • Instruction Fuzzy Hash: FDF08C35804208EBCB00CF84D941EAEBFB1FB48300F10C4A9E84517350C732AA21EB55
                                                                                                  Function 05BC475E Relevance: .0, Instructions: 27COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 759c4942804d04a2cbdacb7365de209aee42c7100eb3ca8152cf1c2456668b8f
                                                                                                  • Instruction ID: f2b81381290ce257c6e342fce10df2b6ee4a507d87cca26a85eb69d29436ffaa
                                                                                                  • Opcode Fuzzy Hash: 759c4942804d04a2cbdacb7365de209aee42c7100eb3ca8152cf1c2456668b8f
                                                                                                  • Instruction Fuzzy Hash: C6F01434A402588FDB20DF28D899BADBBB6BB45300F1080DAE40DA7385CB745F818F08
                                                                                                  Function 05BC8EA0 Relevance: .0, Instructions: 27COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 951f7188f8c759db04ecaa7f591002874376addf052f746e4dab907a156e6cd1
                                                                                                  • Instruction ID: 13eaebda42b270f4e14f54aa67c213fd221aa0368a43f3665065f187be8437ca
                                                                                                  • Opcode Fuzzy Hash: 951f7188f8c759db04ecaa7f591002874376addf052f746e4dab907a156e6cd1
                                                                                                  • Instruction Fuzzy Hash: B1F01C79908208AFCB00DF94C940AA9BBB1EB59351F1095E9DC5957351D6329A52DF40
                                                                                                  Function 05BC1009 Relevance: .0, Instructions: 27COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c650a7e84a872bb55436a05b634011fb15d766c9d44447deca4c89734c102c22
                                                                                                  • Instruction ID: 5ce75a6220767b10c10bb47f6816f16ed8c88d185cfba046ab1e46641f1e5ddf
                                                                                                  • Opcode Fuzzy Hash: c650a7e84a872bb55436a05b634011fb15d766c9d44447deca4c89734c102c22
                                                                                                  • Instruction Fuzzy Hash: 22F06D34808284CFCB11CF64E8405B9BFF1EB4A351F6491EEC48597352C6325982DB55
                                                                                                  Function 05BC3CB1 Relevance: .0, Instructions: 26COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 8884eb7d8e8f7175cfcf8018188c81092923182a4592e4b19ba02c74c16d729a
                                                                                                  • Instruction ID: 0c453fb027ef4d7220549854e0149dfb969d7ce6a977070b38e7bfaa2d79dfb3
                                                                                                  • Opcode Fuzzy Hash: 8884eb7d8e8f7175cfcf8018188c81092923182a4592e4b19ba02c74c16d729a
                                                                                                  • Instruction Fuzzy Hash: EBF0ED35A49308EFC308DB60D944A6EBFF6EF46304F20D8ECD84517391D632A902CB85
                                                                                                  Function 05BCB400 Relevance: .0, Instructions: 26COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: bf082ca6b04839f582af7505918b71514912269387c890037ce6e5188f61a3e5
                                                                                                  • Instruction ID: 07263efaf7be5ba84016b70c2e41373fcf04f6ecc749e7b78effc3b171faf465
                                                                                                  • Opcode Fuzzy Hash: bf082ca6b04839f582af7505918b71514912269387c890037ce6e5188f61a3e5
                                                                                                  • Instruction Fuzzy Hash: F9F06D76508249EFCB06DF90DA419AD7FB2FB5A310F1484C9EC19472A2D6339D23EB51
                                                                                                  Function 05BC9A30 Relevance: .0, Instructions: 26COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2e5e7ac2e25a07248f90cd0715ad22554b8eb2cd2c93b47977deee4cea5322a9
                                                                                                  • Instruction ID: 7b7c306fc157cd45e7b7a161805bb48f65b06ab0313fc817e2919c365308e2aa
                                                                                                  • Opcode Fuzzy Hash: 2e5e7ac2e25a07248f90cd0715ad22554b8eb2cd2c93b47977deee4cea5322a9
                                                                                                  • Instruction Fuzzy Hash: BBF0ED30A0C248EFC709CBA4E848569BFB09B06300F14A0DDEC080B382E6327D16CB96
                                                                                                  Function 05BC2A31 Relevance: .0, Instructions: 26COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 62ca498e897da50cfb0393a8e4ccf6751336926c0bf92f81fec998f6058dc301
                                                                                                  • Instruction ID: e4ea96904d3e84a0b57cf275919c6cf1e548d6d7d018ccffa590a37703976f26
                                                                                                  • Opcode Fuzzy Hash: 62ca498e897da50cfb0393a8e4ccf6751336926c0bf92f81fec998f6058dc301
                                                                                                  • Instruction Fuzzy Hash: 56F0A938949284CFCB21CBA4D9406B8BFB0EB0A311B1490EEC48983B02C2320982CF91
                                                                                                  Function 05BC65A0 Relevance: .0, Instructions: 25COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 883d86d2ed18b8e2c61f40c43d0d50015d047b0078f6097710b99f23d4abae77
                                                                                                  • Instruction ID: a018b5802671a51faf8be9ad75879e9bc9063e41cfb29b4001af05b417f93f05
                                                                                                  • Opcode Fuzzy Hash: 883d86d2ed18b8e2c61f40c43d0d50015d047b0078f6097710b99f23d4abae77
                                                                                                  • Instruction Fuzzy Hash: 96E0DFBA9482489FC750DAE8C5012FC7FE0DB09356B2585EA884C87382E532AE07DB40
                                                                                                  Function 05BCF539 Relevance: .0, Instructions: 25COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ec61d42d1dd04c837ac5e9c8aedbfa62d1bf6fd66149ee9a7c5300173bab1670
                                                                                                  • Instruction ID: d5609e3580000d86cc8dd269587ab89b317bdd3512c08204bef7f45184158f94
                                                                                                  • Opcode Fuzzy Hash: ec61d42d1dd04c837ac5e9c8aedbfa62d1bf6fd66149ee9a7c5300173bab1670
                                                                                                  • Instruction Fuzzy Hash: BDE06D70908348AFC744EFA8E884BADBBF5EB08305F1080ED990897381FA319E45CB55
                                                                                                  Function 05BC3570 Relevance: .0, Instructions: 25COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b7124fcfa4710ef1414d8c53434c7bac3db843d576443fe75e6c0160ff4d2fbd
                                                                                                  • Instruction ID: 5734cab1b42b48db39f877a8b6c4d4967d21964247f6defae012e32bdc0385bf
                                                                                                  • Opcode Fuzzy Hash: b7124fcfa4710ef1414d8c53434c7bac3db843d576443fe75e6c0160ff4d2fbd
                                                                                                  • Instruction Fuzzy Hash: 95F0A934848344CFCB10CFA4C8485A8BFF0EB4A305B2494EEC4A987202C2328943CB21
                                                                                                  Function 05BCC4A5 Relevance: .0, Instructions: 25COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0976e7bbf743ec091c7022d88f21976158cc2a9fc3721fd5e337619754d95222
                                                                                                  • Instruction ID: ee9e4353a7107bc237ed8713782ecbbc915044191d491113dc12080ad2466407
                                                                                                  • Opcode Fuzzy Hash: 0976e7bbf743ec091c7022d88f21976158cc2a9fc3721fd5e337619754d95222
                                                                                                  • Instruction Fuzzy Hash: 73F0FF74902229CFDB20CF20D958BEDBBB2FB45305F1081EAC10A63280C7385A88CF04
                                                                                                  Function 05BCEFC0 Relevance: .0, Instructions: 25COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7f0164aeabed62666baa4a6451bf76b909521fea503bb7ec9b44a0204b8a2471
                                                                                                  • Instruction ID: 23b9a8d8ccb0cf646a4fe569f8ff2b5ad86711284880a70de4e59a5f20efa7ac
                                                                                                  • Opcode Fuzzy Hash: 7f0164aeabed62666baa4a6451bf76b909521fea503bb7ec9b44a0204b8a2471
                                                                                                  • Instruction Fuzzy Hash: 9FF06D71905208EFD740EFA8C944AA9BFF9EB48300F1084EDE80893381E671AA05CB51
                                                                                                  Function 05BCA771 Relevance: .0, Instructions: 25COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c0a0b47987c84c0858990088de6f9a1d96cb1281a4ffc82e8331c8dae079c9f7
                                                                                                  • Instruction ID: adb2c3aae2da6203bfd566bfafa22a235698823ca7c66175e2b2dca4fd1acbc0
                                                                                                  • Opcode Fuzzy Hash: c0a0b47987c84c0858990088de6f9a1d96cb1281a4ffc82e8331c8dae079c9f7
                                                                                                  • Instruction Fuzzy Hash: 94F0307584824C9FC711DBA0C9406BDBBB1EB59341F1491EB9C6953351D6315A12DF40
                                                                                                  Function 0179DAF0 Relevance: .0, Instructions: 24COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1579664725.0000000001790000.00000040.00000800.00020000.00000000.sdmp, Offset: 01790000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1790000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 3942f55a18ee3c3b7c927ad34d59e3a42392c0a83c697e2f44160a9af8ad4153
                                                                                                  • Instruction ID: 63695a4a6d60fa95fe70d1c5fc19f751fdc932798950753a0e4a2e43a692d6e7
                                                                                                  • Opcode Fuzzy Hash: 3942f55a18ee3c3b7c927ad34d59e3a42392c0a83c697e2f44160a9af8ad4153
                                                                                                  • Instruction Fuzzy Hash: A9F0C974E04208EFCB94DFA8D945AADFBF5EB48300F10C0AADC1893351D6329A55DF41
                                                                                                  Function 05BC7D69 Relevance: .0, Instructions: 24COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: a5be3235861ad09dada498463559fa893d45964848cc65f888dfab6923ae22be
                                                                                                  • Instruction ID: f3de27ac9eb4b068bd949dac574b1f95f44551e1ef7bc8f2c3d36df83142c9c8
                                                                                                  • Opcode Fuzzy Hash: a5be3235861ad09dada498463559fa893d45964848cc65f888dfab6923ae22be
                                                                                                  • Instruction Fuzzy Hash: 9DE0D871805308AFD710EFF0ED04BAB7AA4DB04200F0044E9840953140F9314A049BE6
                                                                                                  Function 05BC8F39 Relevance: .0, Instructions: 24COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2ca605d5fd084e92f39bf490259d0740f18754b3a35a31fad5aff28ce4270086
                                                                                                  • Instruction ID: deb17094dee89e5d1a615d8166aae43576d32ca4a3d66b3b8ad8150deebb9112
                                                                                                  • Opcode Fuzzy Hash: 2ca605d5fd084e92f39bf490259d0740f18754b3a35a31fad5aff28ce4270086
                                                                                                  • Instruction Fuzzy Hash: B6E0923490C348DFC714DF64D984AADBFB5EF4530AF1485DDE8082B342C6326A02DB85
                                                                                                  Function 05BCF391 Relevance: .0, Instructions: 24COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c0f210dbf9280eab83b7c414deff37c1eed901cf6022e2bfe957e8a249f780f9
                                                                                                  • Instruction ID: 4f1bf07af339c06e669952b70d3a33fe4459da51d0b3ac0fa3c63477f5765b9e
                                                                                                  • Opcode Fuzzy Hash: c0f210dbf9280eab83b7c414deff37c1eed901cf6022e2bfe957e8a249f780f9
                                                                                                  • Instruction Fuzzy Hash: CCE06D71D04208AFC750EBA8C995B6CBBF5EB88301F2044EDC808D3352E6319A11DB81
                                                                                                  Function 0179081F Relevance: .0, Instructions: 23COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1579664725.0000000001790000.00000040.00000800.00020000.00000000.sdmp, Offset: 01790000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1790000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 1bd8c3ee05508ca9a6f8443baa1ddcd9d5c98bd07467680200cfad4599c0684f
                                                                                                  • Instruction ID: ea49efe04854a44bda921e6242e0024b90c63e20d080785655dd47a7986a0d07
                                                                                                  • Opcode Fuzzy Hash: 1bd8c3ee05508ca9a6f8443baa1ddcd9d5c98bd07467680200cfad4599c0684f
                                                                                                  • Instruction Fuzzy Hash: DBE04F355593946FDB075BB49C684A53FB09E8322430F81DAC484DF453C9283C4BD7AA
                                                                                                  Function 05BCE520 Relevance: .0, Instructions: 23COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 65c516378ad1919515be09464666d3a1a53895e519e9763ec5eb530819a3fa98
                                                                                                  • Instruction ID: fcad519a03b2c303dc0b57cd2429533c10122ac37d95bd232c771ea7eb28de71
                                                                                                  • Opcode Fuzzy Hash: 65c516378ad1919515be09464666d3a1a53895e519e9763ec5eb530819a3fa98
                                                                                                  • Instruction Fuzzy Hash: FFF03938804208EFCB01CF94D840AADBFB5EB48300F10C0E9EC5453351D6329A61EF44
                                                                                                  Function 05BC7549 Relevance: .0, Instructions: 23COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c4eb2ada7f18a941b24fe54e690fd0512c57707f5bc16dc6f226c8d48a5abc92
                                                                                                  • Instruction ID: 93a2c1a27cf2c3ccac3436fb30215db3fd4caac1b78842eb3859028e835a2634
                                                                                                  • Opcode Fuzzy Hash: c4eb2ada7f18a941b24fe54e690fd0512c57707f5bc16dc6f226c8d48a5abc92
                                                                                                  • Instruction Fuzzy Hash: 6EF030349482889FCB21CBB8D950BADBFF0EF46314F1885D9D868A7392C6359A02CF45
                                                                                                  Function 05BCBCB0 Relevance: .0, Instructions: 23COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 46c8afa4ea089fc6980fc65878bcff12a55d4dff22fa5bf368ac677da7b6829a
                                                                                                  • Instruction ID: ec6f93cd1708e53f9450681b067bb17a5bd5e1f922b58861360d7bbd15ecdc19
                                                                                                  • Opcode Fuzzy Hash: 46c8afa4ea089fc6980fc65878bcff12a55d4dff22fa5bf368ac677da7b6829a
                                                                                                  • Instruction Fuzzy Hash: 85E0E535908208EFCB05DF94D945DAEBFB6FF49300F108499EC4527351CB32AA61EB95
                                                                                                  Function 05BC8CB3 Relevance: .0, Instructions: 23COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b5ea34150f1cec1b04dd439a5330890721b4be14f8e0ad37adaef6ce3b33cce8
                                                                                                  • Instruction ID: 66d43df35e532d54394d8157eb2153555cd4c61876a66d13c06436827bde00e6
                                                                                                  • Opcode Fuzzy Hash: b5ea34150f1cec1b04dd439a5330890721b4be14f8e0ad37adaef6ce3b33cce8
                                                                                                  • Instruction Fuzzy Hash: B2E02635549204DBC708DB80CA00BBABBB2EB05310F1494E9DC0853382C6339D03CA48
                                                                                                  Function 05BC1FD8 Relevance: .0, Instructions: 23COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2ad061b793b07f0a18bb47bdd84566e7933ced34bf66097140bf6a7571226ef8
                                                                                                  • Instruction ID: 9d48b1fb7389907842a422b7bd4706d98094be24faedcafb9ad53d47ff22b89e
                                                                                                  • Opcode Fuzzy Hash: 2ad061b793b07f0a18bb47bdd84566e7933ced34bf66097140bf6a7571226ef8
                                                                                                  • Instruction Fuzzy Hash: 27E09234A4D2449FCB05CFA4D9549B9FF71EB4A300F1491DEC84957341C6725A62CB95
                                                                                                  Function 05BCA140 Relevance: .0, Instructions: 23COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 3ef874f992f0b311ae351f4fe4264b9881bb057e9a48662299f9831b08bae2e0
                                                                                                  • Instruction ID: af0a0e985f35f346429bf0f0a648cb6b5b79fb4d23bd82c539eed32ca23dd429
                                                                                                  • Opcode Fuzzy Hash: 3ef874f992f0b311ae351f4fe4264b9881bb057e9a48662299f9831b08bae2e0
                                                                                                  • Instruction Fuzzy Hash: EFE0DF34848308AFC710DBA4C8556ADBFF4DB06200F5480EEC84497341E635AA02DB51
                                                                                                  Function 05BCEBAE Relevance: .0, Instructions: 23COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 3db816251a29d980ad290f10a29fab3099f8efb74672d26f50b60ccf34581df7
                                                                                                  • Instruction ID: b4b77cb821735667f42715c9513888c58c801bfd3e14e0606c9def83a8d7f9fe
                                                                                                  • Opcode Fuzzy Hash: 3db816251a29d980ad290f10a29fab3099f8efb74672d26f50b60ccf34581df7
                                                                                                  • Instruction Fuzzy Hash: 30F0B274A05219CFDB61CF58C8887DABAB6FB08311F1080D9E449AB295CB74AE85CF08
                                                                                                  Function 06C2A3D0 Relevance: .0, Instructions: 23COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1605598655.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6c10000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 044f96375dc473d238ebc86c42f67734f0c522987f244fd5ff2f0c861fae616a
                                                                                                  • Instruction ID: fde0a6d8eaff4e1994e05e95c652ecc1ca1c50f37e468c4a447b85077873a5c1
                                                                                                  • Opcode Fuzzy Hash: 044f96375dc473d238ebc86c42f67734f0c522987f244fd5ff2f0c861fae616a
                                                                                                  • Instruction Fuzzy Hash: 3BE0C974D04208EFCB84DFA9D944AADFBF4FB48300F10C0AA9C1893340D6319A51DF81
                                                                                                  Function 06C25C30 Relevance: .0, Instructions: 23COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1605598655.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6c10000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 044f96375dc473d238ebc86c42f67734f0c522987f244fd5ff2f0c861fae616a
                                                                                                  • Instruction ID: 8b8fb0327dd261d8fa967670def505158a8cf34fe43587ed820f2640e5833f09
                                                                                                  • Opcode Fuzzy Hash: 044f96375dc473d238ebc86c42f67734f0c522987f244fd5ff2f0c861fae616a
                                                                                                  • Instruction Fuzzy Hash: DCE0ED74D04208EFCB84DFA9D945AADFBF4EB48300F10C0A9DC18A3344E6319A51DF81
                                                                                                  Function 06C2D530 Relevance: .0, Instructions: 23COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1605598655.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6c10000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 044f96375dc473d238ebc86c42f67734f0c522987f244fd5ff2f0c861fae616a
                                                                                                  • Instruction ID: 34d9508a6722f49f10677526eb1b661db03e5cc8fabf653b45a137a0c847f302
                                                                                                  • Opcode Fuzzy Hash: 044f96375dc473d238ebc86c42f67734f0c522987f244fd5ff2f0c861fae616a
                                                                                                  • Instruction Fuzzy Hash: B1E0C9B4D04208EFCB84DFA9D945AADBBF4EB48304F10C0A9DC1993340D671AA51DF81
                                                                                                  Function 05BC7558 Relevance: .0, Instructions: 22COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 973e36d269bf9a94241c56fb93c5e8d8385fe98307d8817a4c136315637a31b4
                                                                                                  • Instruction ID: 0b0f27f6e6cbc699e58ffd4c3ca5c20aaf08ba78ff10219c544befc763fddc63
                                                                                                  • Opcode Fuzzy Hash: 973e36d269bf9a94241c56fb93c5e8d8385fe98307d8817a4c136315637a31b4
                                                                                                  • Instruction Fuzzy Hash: 03E0E574E04208EFCB44DFA8D944AADBBF4EB48300F10C4EDD81893340EA31AA02CF85
                                                                                                  Function 05BC8EB0 Relevance: .0, Instructions: 22COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 3884e833bcc1e6144b40f85ae544dd20f6891d3834fecbd71c43cbcf292f73bc
                                                                                                  • Instruction ID: c48f372a2e6745448b94cca105fba77b064cb093882553def34f361d396a0fe6
                                                                                                  • Opcode Fuzzy Hash: 3884e833bcc1e6144b40f85ae544dd20f6891d3834fecbd71c43cbcf292f73bc
                                                                                                  • Instruction Fuzzy Hash: 61E0C274D04208EFCB44DF98D940AADBBB5EB49310F10C0EAEC5857350D632AA51DF85
                                                                                                  Function 05BC8E18 Relevance: .0, Instructions: 22COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 84e2785c7c69e1efebcae21178732e526128a7b64a3920d1028aa6578ac540a0
                                                                                                  • Instruction ID: 260708431734dd7937682472c22f1fd2fcf6ebe922f5d6a621ca08539d8dcb43
                                                                                                  • Opcode Fuzzy Hash: 84e2785c7c69e1efebcae21178732e526128a7b64a3920d1028aa6578ac540a0
                                                                                                  • Instruction Fuzzy Hash: 71E0E535908209EBCB04DF94D9449AEBBB5EB49300F10809DEC0417350D632AA61EB95
                                                                                                  Function 05BCA888 Relevance: .0, Instructions: 22COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 97f8d8e053b584df396c2300d98a0752ae9b7da721f2772758717863cb386c74
                                                                                                  • Instruction ID: 26542afa23d38869bbaf03559b9e605531c3f16feb4846997d7782cfc55eed1c
                                                                                                  • Opcode Fuzzy Hash: 97f8d8e053b584df396c2300d98a0752ae9b7da721f2772758717863cb386c74
                                                                                                  • Instruction Fuzzy Hash: 9CE068704083498FC750C798E8807B87BE0DB09311F1411DD8C588B3C2D2325903CB01
                                                                                                  Function 05BC82E9 Relevance: .0, Instructions: 22COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 6ca267991ab42f6564fe34ee95c6892d6a5c1d4b238097df23aa2db883d5810b
                                                                                                  • Instruction ID: ec49f996190833adb6897dad03d2ce88bf8cecc16d8476c8890a2395ae8a3067
                                                                                                  • Opcode Fuzzy Hash: 6ca267991ab42f6564fe34ee95c6892d6a5c1d4b238097df23aa2db883d5810b
                                                                                                  • Instruction Fuzzy Hash: D4E0D87554C2C49FC751CBA4C51116C7FF09B55211F1984DD9C494B393D631AE03E745
                                                                                                  Function 05BC5E17 Relevance: .0, Instructions: 21COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 870ec5e0387601eac897ac4aad7f8c2428ee6a593671e8df0e9c4d3360eabe33
                                                                                                  • Instruction ID: 50abbe44e1b3713b038a5d3e5d6a403d56633da256a03392627a639fe555e6bb
                                                                                                  • Opcode Fuzzy Hash: 870ec5e0387601eac897ac4aad7f8c2428ee6a593671e8df0e9c4d3360eabe33
                                                                                                  • Instruction Fuzzy Hash: ACF0D434A00218CFCB20CF28D8657A9BBB1FB4A326F0040DAE519A7681D7785E848F14
                                                                                                  Function 05BC91A1 Relevance: .0, Instructions: 21COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 956ae95c34e286357eddad2f370ec9d443b444ed341178198b5a1b1f967024b0
                                                                                                  • Instruction ID: 77dfc79916933454885da44c787e5b394fa6ac88be9f547d4a71e11ddfeecdfc
                                                                                                  • Opcode Fuzzy Hash: 956ae95c34e286357eddad2f370ec9d443b444ed341178198b5a1b1f967024b0
                                                                                                  • Instruction Fuzzy Hash: 92E0263510C245DFC715CB94CD45BA97BA1EB42304F2494D8CC180B382C632BD03CF45
                                                                                                  Function 06C2FED8 Relevance: .0, Instructions: 21COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1605598655.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6c10000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: aa723c1f7887fdf7ed7b3e8e62bb49cbe92c6faea1ccae47cec244e89b56e748
                                                                                                  • Instruction ID: efc73a8658a4d17990053feab0bc211ca6b06b2ad85f0f356eaad403cdc57239
                                                                                                  • Opcode Fuzzy Hash: aa723c1f7887fdf7ed7b3e8e62bb49cbe92c6faea1ccae47cec244e89b56e748
                                                                                                  • Instruction Fuzzy Hash: 47E04F74908218EFD754DF94D94197DBBB8AB45300F2081ADDC5457341C6319A51DBD5
                                                                                                  Function 05BCF548 Relevance: .0, Instructions: 20COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 325d7131a9cb1e006d0eeb5ffd560c65cd718d8747a0123178a6d54e639e350c
                                                                                                  • Instruction ID: 31ecf718ddfaedb7efe89e2e37bbb2b1349efc8f9d033330608a1a32f742b750
                                                                                                  • Opcode Fuzzy Hash: 325d7131a9cb1e006d0eeb5ffd560c65cd718d8747a0123178a6d54e639e350c
                                                                                                  • Instruction Fuzzy Hash: 4FE0B674914208EFC784EFA8D985AADBBF5EB48204F2084ED891997341EA32AA51CB55
                                                                                                  Function 05BC5D41 Relevance: .0, Instructions: 20COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: fcc9c9efe9c356736bb0e29a03e63ba6bd7db39ad2dce2c0c63b0325afda362a
                                                                                                  • Instruction ID: 23fb8dd83d71e8566af114002359bafca58bad2f582b06e3876e757275f3e033
                                                                                                  • Opcode Fuzzy Hash: fcc9c9efe9c356736bb0e29a03e63ba6bd7db39ad2dce2c0c63b0325afda362a
                                                                                                  • Instruction Fuzzy Hash: 7BF0A5349441598BCB24CF68D8557AABEB2FB46315F4410DAE45A63281D7782A849F18
                                                                                                  Function 05BC8CC0 Relevance: .0, Instructions: 20COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e0b90a59041fb3c6c167f7e8630616b568a39174d91e8bcd3328f88b6209096f
                                                                                                  • Instruction ID: 6f4f19723a4b19eb0ef721e6365d531a375dcea003308116ac15dbdcc885b962
                                                                                                  • Opcode Fuzzy Hash: e0b90a59041fb3c6c167f7e8630616b568a39174d91e8bcd3328f88b6209096f
                                                                                                  • Instruction Fuzzy Hash: BEE04634909208EBCB04EF94D9409AEBBB6EB45300F1080EAE80423340C632AA52DB99
                                                                                                  Function 05BCEFD0 Relevance: .0, Instructions: 20COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 325d7131a9cb1e006d0eeb5ffd560c65cd718d8747a0123178a6d54e639e350c
                                                                                                  • Instruction ID: aa94f273095f59cc4f295d1fb245593024b519dfc51db19b8b97632ad0bc7652
                                                                                                  • Opcode Fuzzy Hash: 325d7131a9cb1e006d0eeb5ffd560c65cd718d8747a0123178a6d54e639e350c
                                                                                                  • Instruction Fuzzy Hash: D2E0E674904208DFD744DFA8D945A6DBBF9EB48204F1084EDD809D3341E731EE51CB55
                                                                                                  Function 05BCF3A0 Relevance: .0, Instructions: 20COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 325d7131a9cb1e006d0eeb5ffd560c65cd718d8747a0123178a6d54e639e350c
                                                                                                  • Instruction ID: 6f542324569fdd1e85c4d7d5807a34aeb846cd4ea65f6d0d6f125840bb2790a5
                                                                                                  • Opcode Fuzzy Hash: 325d7131a9cb1e006d0eeb5ffd560c65cd718d8747a0123178a6d54e639e350c
                                                                                                  • Instruction Fuzzy Hash: 85E0E675904208EFC754DFA8D95567DBBF5EB48344F1084EDC809D3341E631AE51CB95
                                                                                                  Function 06C2FB08 Relevance: .0, Instructions: 20COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1605598655.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6c10000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: aa0e350d7da2a1f4e9e9d157088b19479e977e4c40d03e701db64496d6d9ad4f
                                                                                                  • Instruction ID: bc645cd7353747c8d63d98c8db3e103679bbd84d6abf6259dd425cfb007b0442
                                                                                                  • Opcode Fuzzy Hash: aa0e350d7da2a1f4e9e9d157088b19479e977e4c40d03e701db64496d6d9ad4f
                                                                                                  • Instruction Fuzzy Hash: ECE01A34D04208AFC744DF95D5506ACBBF4EB48200F1080EDCC1853341D6319A11DF81
                                                                                                  Function 06C28818 Relevance: .0, Instructions: 20COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1605598655.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6c10000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: aa0e350d7da2a1f4e9e9d157088b19479e977e4c40d03e701db64496d6d9ad4f
                                                                                                  • Instruction ID: c6e9b9d2c99c93be68ddba5392c4682c46560729805c2effa687c07f52d2b9c9
                                                                                                  • Opcode Fuzzy Hash: aa0e350d7da2a1f4e9e9d157088b19479e977e4c40d03e701db64496d6d9ad4f
                                                                                                  • Instruction Fuzzy Hash: 29E01A34D05208EFC744DF95D5406ACBBF4EB48200F1080EACC5853341D6319A06DF81
                                                                                                  Function 0179CA90 Relevance: .0, Instructions: 19COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1579664725.0000000001790000.00000040.00000800.00020000.00000000.sdmp, Offset: 01790000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1790000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: eb21d33218dbc16c322af0a61ec44790777aa5160484885a8af0a78acc3caab8
                                                                                                  • Instruction ID: 1431c11d1178c6d4b1bdc748ec06d05d26ac4577f89e7f32ff74466a09980dd0
                                                                                                  • Opcode Fuzzy Hash: eb21d33218dbc16c322af0a61ec44790777aa5160484885a8af0a78acc3caab8
                                                                                                  • Instruction Fuzzy Hash: 12E01271801308EFDB51EFF5E914BAFBBF9EB05241F1045A5D509D3110EE314A18DBA6
                                                                                                  Function 05BC3580 Relevance: .0, Instructions: 19COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 063fbf2a1563cb48bd34818509c49df98cf191cd54e4662f1fe80d7f2ca34d5d
                                                                                                  • Instruction ID: e0c1ee02984f9ee5a5ad1ca0049b729eb976c6fb92f4770273294c79e96ff82b
                                                                                                  • Opcode Fuzzy Hash: 063fbf2a1563cb48bd34818509c49df98cf191cd54e4662f1fe80d7f2ca34d5d
                                                                                                  • Instruction Fuzzy Hash: C6E08C38908308DBCB04DF94D94896DBBF4EB49301F50D4ECC81813340C632AE02CB95
                                                                                                  Function 05BC7D78 Relevance: .0, Instructions: 19COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 039e2481a4690576d9cce1eadb5db284aa08e08192807da03a78fa8577e70596
                                                                                                  • Instruction ID: 2b61a80faf9c826b66cc5fe02c147d6f16bfb286e50dc592ac08201b4a9768c9
                                                                                                  • Opcode Fuzzy Hash: 039e2481a4690576d9cce1eadb5db284aa08e08192807da03a78fa8577e70596
                                                                                                  • Instruction Fuzzy Hash: B3E01272841308AFDB55EFF5E904AAFB7E8DB45240F0044E9840593110EE315A14ABEA
                                                                                                  Function 05BC3CC0 Relevance: .0, Instructions: 19COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 063fbf2a1563cb48bd34818509c49df98cf191cd54e4662f1fe80d7f2ca34d5d
                                                                                                  • Instruction ID: 03b4e9d17c238b51010dcd3c2ba68d090755e01f05e1e944eb358dba5ed6a97b
                                                                                                  • Opcode Fuzzy Hash: 063fbf2a1563cb48bd34818509c49df98cf191cd54e4662f1fe80d7f2ca34d5d
                                                                                                  • Instruction Fuzzy Hash: 2FE0EC34A08308DBC704DB94D94596EBBF5EB45304F60D5EDD80927341D632AE52DB95
                                                                                                  Function 05BC1FE8 Relevance: .0, Instructions: 19COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 063fbf2a1563cb48bd34818509c49df98cf191cd54e4662f1fe80d7f2ca34d5d
                                                                                                  • Instruction ID: 0975277e776550e9104fde4333d76834b6a7cf5a631f27289050a9b59d354c50
                                                                                                  • Opcode Fuzzy Hash: 063fbf2a1563cb48bd34818509c49df98cf191cd54e4662f1fe80d7f2ca34d5d
                                                                                                  • Instruction Fuzzy Hash: EEE0EC38908208DFD708DF94D95597DFBB9EB45304F1091EDC84917341DB32AE52DB95
                                                                                                  Function 05BCCF1A Relevance: .0, Instructions: 19COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b1fa29885ae6ad9080a828ab9ef436541f5584a7316784da2daf3980d8668b32
                                                                                                  • Instruction ID: 0b45bc4cbf7a2ed79c49fb9e3def78e03bfb253f64df71df887b89351fb0b473
                                                                                                  • Opcode Fuzzy Hash: b1fa29885ae6ad9080a828ab9ef436541f5584a7316784da2daf3980d8668b32
                                                                                                  • Instruction Fuzzy Hash: 5DF0A578A05229CFDB10DF20D8887EEBBB2FB45301F4081EA944967390DB345E85CF01
                                                                                                  Function 05BC8F48 Relevance: .0, Instructions: 19COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 063fbf2a1563cb48bd34818509c49df98cf191cd54e4662f1fe80d7f2ca34d5d
                                                                                                  • Instruction ID: 1eb7f3db3a84d5927b298f35a0a214041a7465b8387f5f48e1ad7c2b042710f6
                                                                                                  • Opcode Fuzzy Hash: 063fbf2a1563cb48bd34818509c49df98cf191cd54e4662f1fe80d7f2ca34d5d
                                                                                                  • Instruction Fuzzy Hash: 90E01234908208DFC704DF94D9459BDBBB9EB45305F1095EDD80927341DA32AE52DB95
                                                                                                  Function 05BCBEE9 Relevance: .0, Instructions: 19COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ab5016aa7e2dfa00acc2f45bb8157ea144f52e6ef1306ddd346b8ceb055662e6
                                                                                                  • Instruction ID: 1c1fa7aa61a56f80d5f13fcd7f65656de49f39f7c6cdb9744918b130ac349f78
                                                                                                  • Opcode Fuzzy Hash: ab5016aa7e2dfa00acc2f45bb8157ea144f52e6ef1306ddd346b8ceb055662e6
                                                                                                  • Instruction Fuzzy Hash: E6F0DF789013598FCB21DF24D88CAECBBB1FB44316F1082E9940966252CB384A89CF04
                                                                                                  Function 05BC91B0 Relevance: .0, Instructions: 19COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 063fbf2a1563cb48bd34818509c49df98cf191cd54e4662f1fe80d7f2ca34d5d
                                                                                                  • Instruction ID: 201513000e2710c85ff5f676067c0c3927efd53bbd1069179be5d9353b9869ed
                                                                                                  • Opcode Fuzzy Hash: 063fbf2a1563cb48bd34818509c49df98cf191cd54e4662f1fe80d7f2ca34d5d
                                                                                                  • Instruction Fuzzy Hash: 95E08C34908208EBC704DB94D94596DBBB4EB45300F2080ECC81813340C632AE02CB85
                                                                                                  Function 05BC0108 Relevance: .0, Instructions: 19COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 063fbf2a1563cb48bd34818509c49df98cf191cd54e4662f1fe80d7f2ca34d5d
                                                                                                  • Instruction ID: 887bf19eb0d9f08e4841803a8dc7a3e6e727380d4cc88033e9628230b9f3065f
                                                                                                  • Opcode Fuzzy Hash: 063fbf2a1563cb48bd34818509c49df98cf191cd54e4662f1fe80d7f2ca34d5d
                                                                                                  • Instruction Fuzzy Hash: 7CE0123490820CEFCB04EF94E9859BDFBB9EB45305F2091EDD80917341DA32AE52DB95
                                                                                                  Function 05BC0940 Relevance: .0, Instructions: 19COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 063fbf2a1563cb48bd34818509c49df98cf191cd54e4662f1fe80d7f2ca34d5d
                                                                                                  • Instruction ID: 803426c452713530194fc5b9c3ebfd6c147d16f545a7e89dd9a63dfe3cef5307
                                                                                                  • Opcode Fuzzy Hash: 063fbf2a1563cb48bd34818509c49df98cf191cd54e4662f1fe80d7f2ca34d5d
                                                                                                  • Instruction Fuzzy Hash: 77E08C34908208DBCB04EB98D948A6DBBB4EB45300F1081ECC80817340C672AE02DB89
                                                                                                  Function 05BC1018 Relevance: .0, Instructions: 19COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 063fbf2a1563cb48bd34818509c49df98cf191cd54e4662f1fe80d7f2ca34d5d
                                                                                                  • Instruction ID: 850e69624e66b3eb3afb6d3b339f7c9e6ac450883175fc091f92a247c00b2271
                                                                                                  • Opcode Fuzzy Hash: 063fbf2a1563cb48bd34818509c49df98cf191cd54e4662f1fe80d7f2ca34d5d
                                                                                                  • Instruction Fuzzy Hash: 97E01234948208DFC704DF98D94597DBBB9EB45304F6091EDC80927351DA32AE52DB99
                                                                                                  Function 05BCA808 Relevance: .0, Instructions: 19COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: fbea3f94b6ac7e54ce587e72d64d4440fdb636d3a6fa0e4220d65192aa37e131
                                                                                                  • Instruction ID: af63bac8612c85ab269949e5f05890827eba98b231602f736344293f4f047aec
                                                                                                  • Opcode Fuzzy Hash: fbea3f94b6ac7e54ce587e72d64d4440fdb636d3a6fa0e4220d65192aa37e131
                                                                                                  • Instruction Fuzzy Hash: F8E0C2B8849208CFD710CB90EF51B75BBB0EB49305F1454ED880917382E6329D43CB85
                                                                                                  Function 05BC2A40 Relevance: .0, Instructions: 19COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 063fbf2a1563cb48bd34818509c49df98cf191cd54e4662f1fe80d7f2ca34d5d
                                                                                                  • Instruction ID: e37af48f50fe644fec9f867f8bb85af44c9d1a67d78f0a213d282aa49866461d
                                                                                                  • Opcode Fuzzy Hash: 063fbf2a1563cb48bd34818509c49df98cf191cd54e4662f1fe80d7f2ca34d5d
                                                                                                  • Instruction Fuzzy Hash: 99E0C238908208DFCB14DF94D940A7EFBB4EB45300F1090ECD80813341C632AE02DF85
                                                                                                  Function 05BC9A40 Relevance: .0, Instructions: 19COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 063fbf2a1563cb48bd34818509c49df98cf191cd54e4662f1fe80d7f2ca34d5d
                                                                                                  • Instruction ID: dccf19648e06cde542f6d60b7feed23a05a706a1b552ffba00df3a5e05b4387c
                                                                                                  • Opcode Fuzzy Hash: 063fbf2a1563cb48bd34818509c49df98cf191cd54e4662f1fe80d7f2ca34d5d
                                                                                                  • Instruction Fuzzy Hash: 74E01234A08208DFDB04DF94D945A7DBBB5EB46304F1091EDD81917341D632BE52DF95
                                                                                                  Function 06C2DEB8 Relevance: .0, Instructions: 19COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1605598655.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6c10000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 783620ba194e59e4ffa6784c769627cb047807b1b8e3da123ffbf7da3e5c77f4
                                                                                                  • Instruction ID: 3e1e21cf966ba02505c074f23ca12abe66d92c1752b30659ce6f6b2ff180848e
                                                                                                  • Opcode Fuzzy Hash: 783620ba194e59e4ffa6784c769627cb047807b1b8e3da123ffbf7da3e5c77f4
                                                                                                  • Instruction Fuzzy Hash: 94E0EC38908208DFC754DF94D94596DFBB8EB55314F1091ADCC0927341DA32AE52DB95
                                                                                                  Function 06C2B248 Relevance: .0, Instructions: 19COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1605598655.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6c10000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d87d1e247b27fa8430efbb8383aadb883eed0e8fc54913b981cc0be5f5c613f8
                                                                                                  • Instruction ID: 79f9f97aebdd9570d5b38e66d28968cf11c52c13b3fd6ac9ecf8834dddeac3ac
                                                                                                  • Opcode Fuzzy Hash: d87d1e247b27fa8430efbb8383aadb883eed0e8fc54913b981cc0be5f5c613f8
                                                                                                  • Instruction Fuzzy Hash: EAE01272841309EFCB55EFB5E904A9FB7E8DF45240F0048A5840597150EA714A14ABA6
                                                                                                  Function 05BC82F8 Relevance: .0, Instructions: 18COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d087319cf05b48a87a0fb72127739538c45513a580407d62d4ec7d348a111ebc
                                                                                                  • Instruction ID: f474f2ba88bae85bcf9ef04a2b637c484fb1ad7d948be7279259a12311b12a1c
                                                                                                  • Opcode Fuzzy Hash: d087319cf05b48a87a0fb72127739538c45513a580407d62d4ec7d348a111ebc
                                                                                                  • Instruction Fuzzy Hash: 13E0C230808208DFC740DBA4C94067CBFF8EB45600F1080EDE84853381D732AE01DB55
                                                                                                  Function 05BCB673 Relevance: .0, Instructions: 14COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 33849dee3e5e275dc3dd4989b026a20c08bd74356a05e60459f4f3dd32f07dcc
                                                                                                  • Instruction ID: 46878f24137332fa11e9b8e41500d6093e2d3929e79b5e5204b3028ea84cac38
                                                                                                  • Opcode Fuzzy Hash: 33849dee3e5e275dc3dd4989b026a20c08bd74356a05e60459f4f3dd32f07dcc
                                                                                                  • Instruction Fuzzy Hash: 6AE017396001089BDF02CFC4DC48ADE7B73FF4D311F008048E5096B298C7799944DB44
                                                                                                  Function 06C2E320 Relevance: .0, Instructions: 12COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1605598655.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6c10000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f779990bbec0407948ab7033a63e4487c5f9c56491b97d0a41b22135ad55bc38
                                                                                                  • Instruction ID: f2e94c8edd5caa9c88c3261053804ac239edd9c3136eecb2222a579a0094c7a1
                                                                                                  • Opcode Fuzzy Hash: f779990bbec0407948ab7033a63e4487c5f9c56491b97d0a41b22135ad55bc38
                                                                                                  • Instruction Fuzzy Hash: 13C08C3004A3068BE2605242A80CF3677DCA30A202F406828D80C120220A604010CAE6
                                                                                                  Function 0179C880 Relevance: .0, Instructions: 11COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1579664725.0000000001790000.00000040.00000800.00020000.00000000.sdmp, Offset: 01790000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1790000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ffa275ea498ec31b8c39266347cbcbd9aa69fb2ca5e65e4cbe1d7f28817ba666
                                                                                                  • Instruction ID: 687b9ad60fba5998cbd93da04206abc8f83dbd0a41a1d14fee731ec9e97e705f
                                                                                                  • Opcode Fuzzy Hash: ffa275ea498ec31b8c39266347cbcbd9aa69fb2ca5e65e4cbe1d7f28817ba666
                                                                                                  • Instruction Fuzzy Hash: 86C08C310413048FD7A47BA4FD0EB3E7EA8AB00202F008064E50C051104F719014EFAB

                                                                                                  Non-executed Functions

                                                                                                  Function 06C2E350 Relevance: 1.4, Strings: 1, Instructions: 154COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1605598655.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6c10000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Wzb
                                                                                                  • API String ID: 0-2715965760
                                                                                                  • Opcode ID: 1441ee8ac0104082f6380338be83f223bdc307385aa6f054dd3a625c38aeca4a
                                                                                                  • Instruction ID: 4a5922aad490bbefae8ff5fc2de835c5bc86d3aed57496dbf738a74bdb1ccbb1
                                                                                                  • Opcode Fuzzy Hash: 1441ee8ac0104082f6380338be83f223bdc307385aa6f054dd3a625c38aeca4a
                                                                                                  • Instruction Fuzzy Hash: 6E71D774A05218DFDB94CF29E855BADBBF1FB08315F4180AAD80AA7391DB359E80CF51
                                                                                                  Function 06C10007 Relevance: 1.3, Strings: 1, Instructions: 85COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1605598655.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6c10000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: h
                                                                                                  • API String ID: 0-2439710439
                                                                                                  • Opcode ID: e9537be8e4ce9c1f2104f261f841a3d80719be14b2b604621a8b13dbb064c532
                                                                                                  • Instruction ID: e822c5a417d35279a2e286a33516812de7a994f050c8b8a5d1b435f7b7a2ba96
                                                                                                  • Opcode Fuzzy Hash: e9537be8e4ce9c1f2104f261f841a3d80719be14b2b604621a8b13dbb064c532
                                                                                                  • Instruction Fuzzy Hash: 05313271D097948FE72ACF66C84429ABFF2BF86300F14C1EAD448AB165D7350A86DF11
                                                                                                  Function 06C10040 Relevance: 1.3, Strings: 1, Instructions: 82COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1605598655.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6c10000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: h
                                                                                                  • API String ID: 0-2439710439
                                                                                                  • Opcode ID: 8af85406637f956e43866e0733f839f104036321cb3fc3db86d78a79e53b4893
                                                                                                  • Instruction ID: f43f43e4160c66fb29ee5ef2b1b1c1620eed60a274550bbcffee51a4c8cc0a6f
                                                                                                  • Opcode Fuzzy Hash: 8af85406637f956e43866e0733f839f104036321cb3fc3db86d78a79e53b4893
                                                                                                  • Instruction Fuzzy Hash: B0310971E096198FEB68CF5AC94869AB7F7FFC9300F10D0EAD508A7254DB384A858F11
                                                                                                  Function 02FD6A21 Relevance: .3, Instructions: 284COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1579906262.0000000002FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FD0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_2fd0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c5b1410e94a185a7a04427457acd3205c20a14b43d7835bcd4df5dcfafb6735b
                                                                                                  • Instruction ID: ea5fc915a2b0cee998a8171fbac50f9fb8d2b7e828d7a7a0293da75d073a58f8
                                                                                                  • Opcode Fuzzy Hash: c5b1410e94a185a7a04427457acd3205c20a14b43d7835bcd4df5dcfafb6735b
                                                                                                  • Instruction Fuzzy Hash: 2DC12770E04208CFDB54DFA9E888BADBBB6FB49305F14806AD50AA7294DB785D85CF44
                                                                                                  Function 02FD6A30 Relevance: .3, Instructions: 283COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1579906262.0000000002FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FD0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_2fd0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ecb45309f9aaf7cef914161ba681778d03340dba2286aa09c83984aa6a84d07a
                                                                                                  • Instruction ID: f0905080ab08794ea15fde3cf782ce8777999862ec79fd5fa837b160dbca3297
                                                                                                  • Opcode Fuzzy Hash: ecb45309f9aaf7cef914161ba681778d03340dba2286aa09c83984aa6a84d07a
                                                                                                  • Instruction Fuzzy Hash: E8C13870F04208CFDB14DFA9E888BADBBB6FB49305F14806AD50AA7294CB785D85CF44
                                                                                                  Function 02FD7069 Relevance: .2, Instructions: 246COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1579906262.0000000002FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FD0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_2fd0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: fae530cff2ded37ebed6ba32efa05701f9d990bd2ded84c56bca7d094f23ed41
                                                                                                  • Instruction ID: dc20a2bfe406f1a273b52345b451f1b4a7a0bb77ae4e2b3e8a8d0d026b70be30
                                                                                                  • Opcode Fuzzy Hash: fae530cff2ded37ebed6ba32efa05701f9d990bd2ded84c56bca7d094f23ed41
                                                                                                  • Instruction Fuzzy Hash: 8EA14770E04208CFDB04EFA9E888BAEB7B2FB89741F548169E505AB294CB785D41CF54
                                                                                                  Function 05BC0971 Relevance: .2, Instructions: 229COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: da515359e6e83c93372bdfc795ec4538391e1fcc2c0dfbfd0b1316a6d5c31703
                                                                                                  • Instruction ID: 01c313bf9fec6bd43a063af3b862e5dd9188bca5715b75d8c4a8e8abba10621a
                                                                                                  • Opcode Fuzzy Hash: da515359e6e83c93372bdfc795ec4538391e1fcc2c0dfbfd0b1316a6d5c31703
                                                                                                  • Instruction Fuzzy Hash: 32A10374E45218CFDB54DF69E888BADBBF2FB49311F1080AAE819A7340DB746985CF04
                                                                                                  Function 05BC0980 Relevance: .2, Instructions: 228COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 1d71da840c5817a916281a4b6068bdee2a09a53ab30b293b7de3d80d9b8421e2
                                                                                                  • Instruction ID: 2a5cbde9d6dc58123d919cae8e0b3f368cad694fcbf278997e6649710ca5002d
                                                                                                  • Opcode Fuzzy Hash: 1d71da840c5817a916281a4b6068bdee2a09a53ab30b293b7de3d80d9b8421e2
                                                                                                  • Instruction Fuzzy Hash: 13A1F374E45218CFDB14DF69E888BAEBBF2FB49311F1080A9E819A7340DB746985CF04
                                                                                                  Function 02FD7078 Relevance: .2, Instructions: 226COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1579906262.0000000002FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FD0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_2fd0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c8cec71ad9a7be2e022e42119d747a78b3c20ac4189ab6656c6f158f5729f376
                                                                                                  • Instruction ID: 2f25adea5e9073cb6eee1459194e73d88981a872d3b7760285f229eb1fa4baf4
                                                                                                  • Opcode Fuzzy Hash: c8cec71ad9a7be2e022e42119d747a78b3c20ac4189ab6656c6f158f5729f376
                                                                                                  • Instruction Fuzzy Hash: 8D912874F04208CFDB44EFA9E888BAEB7B2FB89705F148129E515AB394CB785941CF44
                                                                                                  Function 05BC0D2E Relevance: .2, Instructions: 219COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1594525500.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5bc0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 99d4d662a4a1dbadfc7f8c3a907b938b40ed8541c585348af52553276abda625
                                                                                                  • Instruction ID: e2df4b0c1e32c7b8801b969498e1226e8fcd54c23bb36184d09da59b43f90a3e
                                                                                                  • Opcode Fuzzy Hash: 99d4d662a4a1dbadfc7f8c3a907b938b40ed8541c585348af52553276abda625
                                                                                                  • Instruction Fuzzy Hash: 4A91E274E45208CFDB14DF69D888BADBBF2FB49311F1080A9D809A7251DB74AA85CF08
                                                                                                  Function 06C2DEF8 Relevance: .2, Instructions: 208COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1605598655.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6c10000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5a78a3fcaca7fd988d5cadf6091fadd996451821d026cff420e78c70c35a6440
                                                                                                  • Instruction ID: c917cbd1485be348ab5c85b452fdf7e06322b30bb1105e5f03b1758b0bdbd388
                                                                                                  • Opcode Fuzzy Hash: 5a78a3fcaca7fd988d5cadf6091fadd996451821d026cff420e78c70c35a6440
                                                                                                  • Instruction Fuzzy Hash: 02912970D05229CFEBA4DF69C844BAEBBF1BF49300F1080A9D80AB7241DB745A86CF55
                                                                                                  Function 02FD1B91 Relevance: .1, Instructions: 68COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1579906262.0000000002FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FD0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_2fd0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 1e19ffd91d6bb5856e9978ad7d565f8575c018979b825e3a79d85c9210d1e0cf
                                                                                                  • Instruction ID: 60980996e725f97749029783527948004f81212f6470f1d90889fe61f0bd5ef2
                                                                                                  • Opcode Fuzzy Hash: 1e19ffd91d6bb5856e9978ad7d565f8575c018979b825e3a79d85c9210d1e0cf
                                                                                                  • Instruction Fuzzy Hash: 9D21FEB5D042189FDB14DFA9D980AEEFBF1FB49320F14941AE818B7250C735A901CFA9
                                                                                                  Function 02FD1B98 Relevance: .1, Instructions: 66COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1579906262.0000000002FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FD0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_2fd0000_jbuESggTv0.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 17f020d56b349b9580a4f49a1f85336728a062f872cd4e8288081f2f67e5e914
                                                                                                  • Instruction ID: 7d2dc3ce3f66fadf1b300fd3d912d536e62401111ef674bdbe8acc56bc108252
                                                                                                  • Opcode Fuzzy Hash: 17f020d56b349b9580a4f49a1f85336728a062f872cd4e8288081f2f67e5e914
                                                                                                  • Instruction Fuzzy Hash: D121FEB5D042189FDB14DFA9D980AEEFBF1BB49310F14941AE818B7300C735A901CFA8

                                                                                                  Execution Graph

                                                                                                  Execution Coverage:11.8%
                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                  Signature Coverage:21.1%
                                                                                                  Total number of Nodes:19
                                                                                                  Total number of Limit Nodes:0
                                                                                                  execution_graph 24899 289cee8 24900 289cef4 24899->24900 24904 65a8608 24900->24904 24909 65a8602 24900->24909 24901 289d0c7 24905 65a862a 24904->24905 24906 65a873c 24905->24906 24914 5648174 24905->24914 24918 5647d90 24905->24918 24906->24901 24910 65a862a 24909->24910 24911 65a873c 24910->24911 24912 5648174 LdrInitializeThunk 24910->24912 24913 5647d90 LdrInitializeThunk 24910->24913 24911->24901 24912->24911 24913->24911 24916 564802b 24914->24916 24915 56482b1 LdrInitializeThunk 24917 56482c9 24915->24917 24916->24915 24917->24906 24919 5647dc1 24918->24919 24920 5647f21 24919->24920 24921 56482b1 LdrInitializeThunk 24919->24921 24920->24906 24921->24920

                                                                                                  Executed Functions

                                                                                                  Function 02896748 Relevance: 5.5, Strings: 4, Instructions: 451COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 146 2896748-289677e 273 2896780 call 2896748 146->273 274 2896780 call 2896898 146->274 275 2896780 call 2896120 146->275 147 2896786-289678c 148 28967dc-28967e0 147->148 149 289678e-2896792 147->149 150 28967e2-28967f1 148->150 151 28967f7-289680b 148->151 152 28967a1-28967a8 149->152 153 2896794-2896799 149->153 154 289681d-2896827 150->154 155 28967f3-28967f5 150->155 156 2896813-289681a 151->156 270 289680d call 2899868 151->270 271 289680d call 2899861 151->271 157 289687e-28968bb 152->157 158 28967ae-28967b5 152->158 153->152 159 2896829-289682f 154->159 160 2896831-2896835 154->160 155->156 168 28968bd-28968c3 157->168 169 28968c6-28968e6 157->169 158->148 161 28967b7-28967bb 158->161 162 289683d-2896877 159->162 160->162 164 2896837 160->164 165 28967ca-28967d1 161->165 166 28967bd-28967c2 161->166 162->157 164->162 165->157 167 28967d7-28967da 165->167 166->165 167->156 168->169 174 28968e8 169->174 175 28968ed-28968f4 169->175 177 2896c7c-2896c85 174->177 178 28968f6-2896901 175->178 179 2896c8d-2896cb6 178->179 180 2896907-289691a 178->180 185 289691c-289692a 180->185 186 2896930-289694b 180->186 185->186 189 2896c04-2896c0b 185->189 190 289694d-2896953 186->190 191 289696f-2896972 186->191 189->177 194 2896c0d-2896c0f 189->194 192 289695c-289695f 190->192 193 2896955 190->193 195 2896978-289697b 191->195 196 2896acc-2896ad2 191->196 198 2896992-2896998 192->198 199 2896961-2896964 192->199 193->192 193->196 197 2896bbe-2896bc1 193->197 193->198 200 2896c1e-2896c24 194->200 201 2896c11-2896c16 194->201 195->196 203 2896981-2896987 195->203 196->197 202 2896ad8-2896add 196->202 208 2896c88 197->208 209 2896bc7-2896bcd 197->209 210 289699a-289699c 198->210 211 289699e-28969a0 198->211 204 289696a 199->204 205 28969fe-2896a04 199->205 200->179 206 2896c26-2896c2b 200->206 201->200 202->197 203->196 207 289698d 203->207 204->197 205->197 214 2896a0a-2896a10 205->214 212 2896c2d-2896c32 206->212 213 2896c70-2896c73 206->213 207->197 208->179 215 2896bcf-2896bd7 209->215 216 2896bf2-2896bf6 209->216 217 28969aa-28969b3 210->217 211->217 212->208 219 2896c34 212->219 213->208 218 2896c75-2896c7a 213->218 220 2896a12-2896a14 214->220 221 2896a16-2896a18 214->221 215->179 222 2896bdd-2896bec 215->222 216->189 225 2896bf8-2896bfe 216->225 223 28969b5-28969c0 217->223 224 28969c6-28969ee 217->224 218->177 218->194 226 2896c3b-2896c40 219->226 227 2896a22-2896a39 220->227 221->227 222->186 222->216 223->197 223->224 245 2896ae2-2896b18 224->245 246 28969f4-28969f9 224->246 225->178 225->189 229 2896c62-2896c64 226->229 230 2896c42-2896c44 226->230 237 2896a3b-2896a54 227->237 238 2896a64-2896a8b 227->238 229->208 233 2896c66-2896c69 229->233 234 2896c53-2896c59 230->234 235 2896c46-2896c4b 230->235 233->213 234->179 240 2896c5b-2896c60 234->240 235->234 237->245 249 2896a5a-2896a5f 237->249 238->208 251 2896a91-2896a94 238->251 240->229 241 2896c36-2896c39 240->241 241->208 241->226 252 2896b1a-2896b1e 245->252 253 2896b25-2896b2d 245->253 246->245 249->245 251->208 254 2896a9a-2896ac3 251->254 255 2896b3d-2896b41 252->255 256 2896b20-2896b23 252->256 253->208 257 2896b33-2896b38 253->257 254->245 269 2896ac5-2896aca 254->269 258 2896b60-2896b64 255->258 259 2896b43-2896b49 255->259 256->253 256->255 257->197 261 2896b6e-2896b8d call 2896e70 258->261 262 2896b66-2896b6c 258->262 259->258 263 2896b4b-2896b53 259->263 266 2896b93-2896b97 261->266 262->261 262->266 263->208 264 2896b59-2896b5e 263->264 264->197 266->197 267 2896b99-2896bb5 266->267 267->197 269->245 270->156 271->156 273->147 274->147 275->147
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: (oq$(oq$,q$,q
                                                                                                  • API String ID: 0-620556200
                                                                                                  • Opcode ID: 6220e641b9a0a9cf4efedd599de809d260d43807b8a15b120729cf014ff5fb11
                                                                                                  • Instruction ID: 7b473bda53b41313eedb090101d86b96a67c69b640fac30d27f71d8037808ca0
                                                                                                  • Opcode Fuzzy Hash: 6220e641b9a0a9cf4efedd599de809d260d43807b8a15b120729cf014ff5fb11
                                                                                                  • Instruction Fuzzy Hash: E2024E38A00129DFDF15CF69C984AADBBBAFF89304F188069E415EB2A1E734D851CF50
                                                                                                  Function 02899868 Relevance: 3.4, Strings: 2, Instructions: 857COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: (oq$4'q
                                                                                                  • API String ID: 0-1336004174
                                                                                                  • Opcode ID: e68151ceae233dad663d50ea2e7fe4d9a1cace5ac1bf8241be1738a0b82beb8f
                                                                                                  • Instruction ID: 4945a1ba173e9224096e7cee8302e8e464cb49b4dca7c4f3f9270e64ce90fb28
                                                                                                  • Opcode Fuzzy Hash: e68151ceae233dad663d50ea2e7fe4d9a1cace5ac1bf8241be1738a0b82beb8f
                                                                                                  • Instruction Fuzzy Hash: 9A724F79A00209DFCF19CF68C984AAEBBF2FF48314F198559E40ADB2A5D730E951CB51
                                                                                                  Function 02896120 Relevance: 3.0, Strings: 2, Instructions: 509COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: (oq$Hq
                                                                                                  • API String ID: 0-2917151738
                                                                                                  • Opcode ID: 6383682bc06a53f2e98ee926116c77cb051eec4c78e947f8e6108dc30667aee0
                                                                                                  • Instruction ID: e113f9496e49833d95c3d654f5d833fe83eea9feabd9c3081b20d7679fa0ec8f
                                                                                                  • Opcode Fuzzy Hash: 6383682bc06a53f2e98ee926116c77cb051eec4c78e947f8e6108dc30667aee0
                                                                                                  • Instruction Fuzzy Hash: DE127178E002199FDB15DFA9C854BAEBBFABF88304F188559E419DB395EB309C41CB50
                                                                                                  Function 0289B338 Relevance: 2.9, Strings: 2, Instructions: 354COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 1938 289b338-289b34b 1939 289b48a-289b491 1938->1939 1940 289b351-289b35a 1938->1940 1941 289b360-289b364 1940->1941 1942 289b494 1940->1942 1943 289b37e-289b385 1941->1943 1944 289b366 1941->1944 1945 289b499-289b4c0 1942->1945 1943->1939 1947 289b38b-289b398 1943->1947 1946 289b369-289b374 1944->1946 1953 289b4ec 1945->1953 1954 289b4c2-289b4da 1945->1954 1946->1942 1948 289b37a-289b37c 1946->1948 1947->1939 1952 289b39e-289b3b1 1947->1952 1948->1943 1948->1946 1955 289b3b3 1952->1955 1956 289b3b6-289b3be 1952->1956 1959 289b4ee-289b4f2 1953->1959 1968 289b4dc-289b4e1 1954->1968 1969 289b4e3-289b4e6 1954->1969 1955->1956 1957 289b42b-289b42d 1956->1957 1958 289b3c0-289b3c6 1956->1958 1957->1939 1960 289b42f-289b435 1957->1960 1958->1957 1961 289b3c8-289b3ce 1958->1961 1960->1939 1963 289b437-289b441 1960->1963 1961->1945 1964 289b3d4-289b3ec 1961->1964 1963->1945 1965 289b443-289b45b 1963->1965 1976 289b419-289b41c 1964->1976 1977 289b3ee-289b3f4 1964->1977 1980 289b45d-289b463 1965->1980 1981 289b480-289b483 1965->1981 1968->1959 1970 289b4e8-289b4ea 1969->1970 1971 289b4f3-289b50e 1969->1971 1970->1953 1970->1954 1978 289b510-289b511 1971->1978 1979 289b512-289b530 1971->1979 1976->1942 1983 289b41e-289b421 1976->1983 1977->1945 1982 289b3fa-289b40e 1977->1982 1978->1979 1985 289b532 1979->1985 1986 289b537-289b614 call 2893908 call 2893428 1979->1986 1980->1945 1984 289b465-289b479 1980->1984 1981->1942 1987 289b485-289b488 1981->1987 1982->1945 1991 289b414 1982->1991 1983->1942 1988 289b423-289b429 1983->1988 1984->1945 1993 289b47b 1984->1993 1985->1986 2002 289b61b-289b63c call 2894dd0 1986->2002 2003 289b616 1986->2003 1987->1939 1987->1963 1988->1957 1988->1958 1991->1976 1993->1981 2005 289b641-289b64c 2002->2005 2003->2002 2006 289b64e 2005->2006 2007 289b653-289b657 2005->2007 2006->2007 2008 289b659-289b65a 2007->2008 2009 289b65c-289b663 2007->2009 2010 289b67b-289b6bf 2008->2010 2011 289b66a-289b678 2009->2011 2012 289b665 2009->2012 2016 289b725-289b73c 2010->2016 2011->2010 2012->2011 2018 289b73e-289b763 2016->2018 2019 289b6c1-289b6d7 2016->2019 2025 289b77b 2018->2025 2026 289b765-289b77a 2018->2026 2023 289b6d9-289b6e5 2019->2023 2024 289b701 2019->2024 2027 289b6ef-289b6f5 2023->2027 2028 289b6e7-289b6ed 2023->2028 2029 289b707-289b724 2024->2029 2032 289b77c 2025->2032 2026->2025 2030 289b6ff 2027->2030 2028->2030 2029->2016 2030->2029 2032->2032
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: PHq$PHq
                                                                                                  • API String ID: 0-1274609152
                                                                                                  • Opcode ID: 913c05c6c51a050c9ec6e89106424102b9edb506f55b2b8235bc8d04bab46dfa
                                                                                                  • Instruction ID: 3c4bd62530e3626a8de4849ed2d85a050aa13b29d6f2bad74bf09ecc27dce694
                                                                                                  • Opcode Fuzzy Hash: 913c05c6c51a050c9ec6e89106424102b9edb506f55b2b8235bc8d04bab46dfa
                                                                                                  • Instruction Fuzzy Hash: FCE1F878E00218DFDB15CFA9D984A9DBBB2BF49314F19C069E819EB361D731A841DF50
                                                                                                  Function 0289B7E2 Relevance: 2.7, Strings: 2, Instructions: 198COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 2464 289b7e2-289b7e5 2465 289b780-289b781 2464->2465 2466 289b7e7-289b7e9 2464->2466 2467 289b784-289b7d2 2465->2467 2466->2467 2468 289b7eb-289b7ee 2466->2468 2470 289b7f0-289b7f1 2468->2470 2471 289b7f2-289b810 2468->2471 2470->2471 2472 289b812 2471->2472 2473 289b817-289b8f4 call 2893908 call 2893428 2471->2473 2472->2473 2483 289b8fb-289b91c call 2894dd0 2473->2483 2484 289b8f6 2473->2484 2486 289b921-289b92c 2483->2486 2484->2483 2487 289b92e 2486->2487 2488 289b933-289b937 2486->2488 2487->2488 2489 289b939-289b93a 2488->2489 2490 289b93c-289b943 2488->2490 2491 289b95b-289b99f 2489->2491 2492 289b94a-289b958 2490->2492 2493 289b945 2490->2493 2497 289ba05-289ba1c 2491->2497 2492->2491 2493->2492 2499 289ba1e-289ba43 2497->2499 2500 289b9a1-289b9b7 2497->2500 2506 289ba5b 2499->2506 2507 289ba45-289ba5a 2499->2507 2504 289b9b9-289b9c5 2500->2504 2505 289b9e1 2500->2505 2508 289b9cf-289b9d5 2504->2508 2509 289b9c7-289b9cd 2504->2509 2510 289b9e7-289ba04 2505->2510 2512 289ba5c 2506->2512 2507->2506 2511 289b9df 2508->2511 2509->2511 2510->2497 2511->2510 2512->2512
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: PHq$PHq
                                                                                                  • API String ID: 0-1274609152
                                                                                                  • Opcode ID: f77b4275e54de58a628d5802c0760a1aa6e7493cc2753086a06c43a97b14fc39
                                                                                                  • Instruction ID: 027a1e6c58316025e55937857af1f24f82b1ae0b754b5c2e3f6056403de8f304
                                                                                                  • Opcode Fuzzy Hash: f77b4275e54de58a628d5802c0760a1aa6e7493cc2753086a06c43a97b14fc39
                                                                                                  • Instruction Fuzzy Hash: 7391A278E002189FDF14DFA9D984B9DBBF2BF89314F148069E409AB365EB305942CF11
                                                                                                  Function 0289BAC0 Relevance: 2.7, Strings: 2, Instructions: 195COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 2516 289bac0-289bac1 2517 289ba5c 2516->2517 2518 289bac3-289bac5 2516->2518 2517->2517 2519 289ba60-289bab2 2518->2519 2520 289bac7-289baf0 2518->2520 2521 289baf2 2520->2521 2522 289baf7-289bbd4 call 2893908 call 2893428 2520->2522 2521->2522 2533 289bbdb-289bbfc call 2894dd0 2522->2533 2534 289bbd6 2522->2534 2536 289bc01-289bc0c 2533->2536 2534->2533 2537 289bc0e 2536->2537 2538 289bc13-289bc17 2536->2538 2537->2538 2539 289bc19-289bc1a 2538->2539 2540 289bc1c-289bc23 2538->2540 2541 289bc3b-289bc7f 2539->2541 2542 289bc2a-289bc38 2540->2542 2543 289bc25 2540->2543 2547 289bce5-289bcfc 2541->2547 2542->2541 2543->2542 2549 289bcfe-289bd23 2547->2549 2550 289bc81-289bc97 2547->2550 2557 289bd3b 2549->2557 2558 289bd25-289bd3a 2549->2558 2554 289bc99-289bca5 2550->2554 2555 289bcc1 2550->2555 2559 289bcaf-289bcb5 2554->2559 2560 289bca7-289bcad 2554->2560 2556 289bcc7-289bce4 2555->2556 2556->2547 2558->2557 2561 289bcbf 2559->2561 2560->2561 2561->2556
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: PHq$PHq
                                                                                                  • API String ID: 0-1274609152
                                                                                                  • Opcode ID: a0070240d338ae33ed2ee0e83f23ef08cb3090bd589edd786f2588e0a79d66ad
                                                                                                  • Instruction ID: de8b47217400d3e91ffb98be470741e3c18e2fa00f466c569d5e51fc09841659
                                                                                                  • Opcode Fuzzy Hash: a0070240d338ae33ed2ee0e83f23ef08cb3090bd589edd786f2588e0a79d66ad
                                                                                                  • Instruction Fuzzy Hash: 1B919278E00218DFEB14DFA9D984A9DBBF2BF89304F188469D419AB365DB309942CF51
                                                                                                  Function 0289BDA0 Relevance: 2.7, Strings: 2, Instructions: 195COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 2565 289bda0-289bda5 2566 289bd40-289bd92 2565->2566 2567 289bda7-289bdae 2565->2567 2568 289bdb0-289bdb1 2567->2568 2569 289bdb2-289bdd0 2567->2569 2568->2569 2571 289bdd2 2569->2571 2572 289bdd7-289beb4 call 2893908 call 2893428 2569->2572 2571->2572 2582 289bebb-289bedc call 2894dd0 2572->2582 2583 289beb6 2572->2583 2585 289bee1-289beec 2582->2585 2583->2582 2586 289beee 2585->2586 2587 289bef3-289bef7 2585->2587 2586->2587 2588 289bef9-289befa 2587->2588 2589 289befc-289bf03 2587->2589 2590 289bf1b-289bf5f 2588->2590 2591 289bf0a-289bf18 2589->2591 2592 289bf05 2589->2592 2596 289bfc5-289bfdc 2590->2596 2591->2590 2592->2591 2598 289bfde-289c003 2596->2598 2599 289bf61-289bf77 2596->2599 2606 289c01b 2598->2606 2607 289c005-289c01a 2598->2607 2603 289bf79-289bf85 2599->2603 2604 289bfa1 2599->2604 2608 289bf8f-289bf95 2603->2608 2609 289bf87-289bf8d 2603->2609 2605 289bfa7-289bfc4 2604->2605 2605->2596 2607->2606 2610 289bf9f 2608->2610 2609->2610 2610->2605
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: PHq$PHq
                                                                                                  • API String ID: 0-1274609152
                                                                                                  • Opcode ID: 70d1ad18374616131db7c226b377f079799f143bf0ac1b82c1d7f720cdf1fb24
                                                                                                  • Instruction ID: 8d4344f3833341b5edd559236263ea48abb6a0012db858ac0d5394abe9256471
                                                                                                  • Opcode Fuzzy Hash: 70d1ad18374616131db7c226b377f079799f143bf0ac1b82c1d7f720cdf1fb24
                                                                                                  • Instruction Fuzzy Hash: 26918078E00618DFDB14DFAAD984B9DBBF2BF88314F188069E419AB365DB309941CF51
                                                                                                  Function 065A8C51 Relevance: 2.7, Strings: 2, Instructions: 189COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 2614 65a8c51-65a8c88 2615 65a8c8a 2614->2615 2616 65a8c8f-65a8d33 2614->2616 2615->2616 2620 65a8d41-65a8d92 2616->2620 2621 65a8d35-65a8d3c 2616->2621 2629 65a8e64 2620->2629 2622 65a8f9c-65a8fba 2621->2622 2630 65a8e6d-65a8e7b 2629->2630 2631 65a8e81-65a8ea6 2630->2631 2632 65a8d97-65a8dc4 2630->2632 2636 65a8ea8-65a8ebd 2631->2636 2637 65a8ebe 2631->2637 2639 65a8dc6-65a8dcf 2632->2639 2640 65a8de5 2632->2640 2636->2637 2637->2622 2643 65a8dd1-65a8dd4 2639->2643 2644 65a8dd6-65a8dd9 2639->2644 2641 65a8de8-65a8e09 2640->2641 2648 65a8e0b-65a8e61 2641->2648 2649 65a8e62-65a8e63 2641->2649 2645 65a8de3 2643->2645 2644->2645 2645->2641 2648->2649 2649->2629
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3826839657.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_65a0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: PHq$PHq
                                                                                                  • API String ID: 0-1274609152
                                                                                                  • Opcode ID: 91b75ec0278743681d0368550df90bde972bb7d250c3abafdced8e7ff55121e7
                                                                                                  • Instruction ID: 5dfea4dbc9a437f85e1238eab060b5eed66d55e9280f68c5587349cefcfab0e9
                                                                                                  • Opcode Fuzzy Hash: 91b75ec0278743681d0368550df90bde972bb7d250c3abafdced8e7ff55121e7
                                                                                                  • Instruction Fuzzy Hash: 1F81BF70E01318CFEB58DFAAD954BADBBF2BF89300F24816AD419AB254DB305945CF50
                                                                                                  Function 0289C762 Relevance: 2.7, Strings: 2, Instructions: 185COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 2654 289c762-289c790 2655 289c792 2654->2655 2656 289c797-289c874 call 2893908 call 2893428 2654->2656 2655->2656 2666 289c87b-289c89c call 2894dd0 2656->2666 2667 289c876 2656->2667 2669 289c8a1-289c8ac 2666->2669 2667->2666 2670 289c8ae 2669->2670 2671 289c8b3-289c8b7 2669->2671 2670->2671 2672 289c8b9-289c8ba 2671->2672 2673 289c8bc-289c8c3 2671->2673 2676 289c8db-289c91f 2672->2676 2674 289c8ca-289c8d8 2673->2674 2675 289c8c5 2673->2675 2674->2676 2675->2674 2680 289c985-289c99c 2676->2680 2682 289c99e-289c9c3 2680->2682 2683 289c921-289c937 2680->2683 2690 289c9db 2682->2690 2691 289c9c5-289c9da 2682->2691 2687 289c939-289c945 2683->2687 2688 289c961 2683->2688 2692 289c94f-289c955 2687->2692 2693 289c947-289c94d 2687->2693 2689 289c967-289c984 2688->2689 2689->2680 2691->2690 2694 289c95f 2692->2694 2693->2694 2694->2689
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: PHq$PHq
                                                                                                  • API String ID: 0-1274609152
                                                                                                  • Opcode ID: b22e8a9071e5844d03281e8e3c2d93e37b2b59b17ecfbf563bb3b5de30bca0e1
                                                                                                  • Instruction ID: fe1f4fc39b864866f8828ecf91bade54cf75eaebafe7629cc4d5dc1330d0f43d
                                                                                                  • Opcode Fuzzy Hash: b22e8a9071e5844d03281e8e3c2d93e37b2b59b17ecfbf563bb3b5de30bca0e1
                                                                                                  • Instruction Fuzzy Hash: E2819378E002189FEB14DFA9D994B9DBBF2BF89314F14C06AD449AB365DB315941CF10
                                                                                                  Function 028946D9 Relevance: 2.7, Strings: 2, Instructions: 183COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 2698 28946d9-2894708 2699 289470a 2698->2699 2700 289470f-28947ec call 2893908 call 2893428 2698->2700 2699->2700 2710 28947ee 2700->2710 2711 28947f3-2894811 2700->2711 2710->2711 2741 2894814 call 2894dc1 2711->2741 2742 2894814 call 2894dd0 2711->2742 2712 289481a-2894825 2713 289482c-2894830 2712->2713 2714 2894827 2712->2714 2715 2894832-2894833 2713->2715 2716 2894835-289483c 2713->2716 2714->2713 2717 2894854-2894898 2715->2717 2718 289483e 2716->2718 2719 2894843-2894851 2716->2719 2723 28948fe-2894915 2717->2723 2718->2719 2719->2717 2725 289489a-28948b0 2723->2725 2726 2894917-289493c 2723->2726 2730 28948da 2725->2730 2731 28948b2-28948be 2725->2731 2732 289493e-2894953 2726->2732 2733 2894954 2726->2733 2736 28948e0-28948fd 2730->2736 2734 28948c8-28948ce 2731->2734 2735 28948c0-28948c6 2731->2735 2732->2733 2737 28948d8 2734->2737 2735->2737 2736->2723 2737->2736 2741->2712 2742->2712
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: PHq$PHq
                                                                                                  • API String ID: 0-1274609152
                                                                                                  • Opcode ID: e534ae075d2a7107232b7e77bc6ce28b2dc416592bf0bb336d76aa4f4a4f032f
                                                                                                  • Instruction ID: e95b65e7b1ff27802e02c1c4d73acd9c8bb589839c516ba22c8c951e2675501b
                                                                                                  • Opcode Fuzzy Hash: e534ae075d2a7107232b7e77bc6ce28b2dc416592bf0bb336d76aa4f4a4f032f
                                                                                                  • Instruction Fuzzy Hash: 6D819178E00258DFEB14DFA9D994B9DBBF2BF89304F188069D419AB365DB319942CF10
                                                                                                  Function 0289CA42 Relevance: 2.7, Strings: 2, Instructions: 183COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: PHq$PHq
                                                                                                  • API String ID: 0-1274609152
                                                                                                  • Opcode ID: 271891f040e2cfe10af367eaa2a68d882a22cd8ad18ea483382f1b7cb02e8ca6
                                                                                                  • Instruction ID: 28d6a8b33b8ee5cc1a4431b70724af4eb05f90367a4b38da5335f59a8888439d
                                                                                                  • Opcode Fuzzy Hash: 271891f040e2cfe10af367eaa2a68d882a22cd8ad18ea483382f1b7cb02e8ca6
                                                                                                  • Instruction Fuzzy Hash: 45819278E012189FEB14DFA9D994B9DBBF2BF88304F14C06AD459AB365DB319942CF10
                                                                                                  Function 0289C457 Relevance: 2.7, Strings: 2, Instructions: 177COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: PHq$PHq
                                                                                                  • API String ID: 0-1274609152
                                                                                                  • Opcode ID: ec54af18173a5f0d45104f2bfded1e0ecabd1e0b23e1d7ee216dbc26eba664cc
                                                                                                  • Instruction ID: 11b4dd46416e77e71e0938fef8e58fac68919befcf4837b4d485c2f49d1f1ff1
                                                                                                  • Opcode Fuzzy Hash: ec54af18173a5f0d45104f2bfded1e0ecabd1e0b23e1d7ee216dbc26eba664cc
                                                                                                  • Instruction Fuzzy Hash: 31819378E01218DFDB14DFA9D984A9DBBF2BF89310F14906AD409EB365DB319941CF11
                                                                                                  Function 0289C480 Relevance: 2.7, Strings: 2, Instructions: 154COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: PHq$PHq
                                                                                                  • API String ID: 0-1274609152
                                                                                                  • Opcode ID: 14050934185f1ca1aa072a673d243b047d19f47ab4499d4ac29919fc531b2f1f
                                                                                                  • Instruction ID: 1221faa8e88efadc5eba6f414e23f692ee04ff8c0d26ac454977930cc6fc1546
                                                                                                  • Opcode Fuzzy Hash: 14050934185f1ca1aa072a673d243b047d19f47ab4499d4ac29919fc531b2f1f
                                                                                                  • Instruction Fuzzy Hash: 9161D578E006089FDF14DFAAD984A9DBBF2BF89300F14C06AD419AB365DB355942CF11
                                                                                                  Function 0289B502 Relevance: 2.7, Strings: 2, Instructions: 152COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: PHq$PHq
                                                                                                  • API String ID: 0-1274609152
                                                                                                  • Opcode ID: e2ed5a2c3c4cd4f3e95cbb377566d86b964d61754f988de4516dbdf4f61ac543
                                                                                                  • Instruction ID: 77917cb84a845e52e16d90587c8240f1f33f3c9f11bef615ed360812bcf73bcf
                                                                                                  • Opcode Fuzzy Hash: e2ed5a2c3c4cd4f3e95cbb377566d86b964d61754f988de4516dbdf4f61ac543
                                                                                                  • Instruction Fuzzy Hash: F061D578E002089FEF14DFAAD984A9DBBF2BF88314F18C069D419AB365DB715942CF50
                                                                                                  Function 05647D90 Relevance: 1.9, APIs: 1, Instructions: 357COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3825185689.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_5640000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: bcb8b0249e9f676627f5539027e0d79eb9344a9b07df6facd75d3571cd991552
                                                                                                  • Instruction ID: 2f4236ce1e5b738e9ce790e94f7c8c1b12c9b3f4df651186851e476e9237e834
                                                                                                  • Opcode Fuzzy Hash: bcb8b0249e9f676627f5539027e0d79eb9344a9b07df6facd75d3571cd991552
                                                                                                  • Instruction Fuzzy Hash: 40F1E574E01218CFDB24DFA9D984B9DBBB2BF88304F5481A9D808AB355DB749986CF50
                                                                                                  Function 065A11A0 Relevance: .7, Instructions: 745COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3826839657.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_65a0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7b995974eb82ca368e8f4b86a42361750af99c87a27f6a03f45cedb8f9d722cd
                                                                                                  • Instruction ID: b7bfcbe0f54fbc885c503409704de00d889826e7756a2e91e9cf5027ced1cb10
                                                                                                  • Opcode Fuzzy Hash: 7b995974eb82ca368e8f4b86a42361750af99c87a27f6a03f45cedb8f9d722cd
                                                                                                  • Instruction Fuzzy Hash: 4D827F74E012288FEB65DF65C998BDDBBB2BF89300F1481EA940DA7265DB305E81CF51
                                                                                                  Function 0289F017 Relevance: .7, Instructions: 717COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7f96700ba984cd313471b5cd13e3d0d1150277276964abe8be9737279f367303
                                                                                                  • Instruction ID: a388958adcffb91882662de8f7b35a3f64af337cdaff32bfd6961740b3e04a56
                                                                                                  • Opcode Fuzzy Hash: 7f96700ba984cd313471b5cd13e3d0d1150277276964abe8be9737279f367303
                                                                                                  • Instruction Fuzzy Hash: CC72CF78E002298FDB64DF69C984BDDBBB2BB49304F1881EAD509EB655D7309E81CF50
                                                                                                  Function 065A8608 Relevance: .3, Instructions: 296COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3826839657.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_65a0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 22358ae7c4533a831198f21168f5c6ca5dec3cedad80999062f16f2235505725
                                                                                                  • Instruction ID: 740e475e029e3fd5fa4654705dbb25a8488c70569d1faf69857e5daaf7f48f06
                                                                                                  • Opcode Fuzzy Hash: 22358ae7c4533a831198f21168f5c6ca5dec3cedad80999062f16f2235505725
                                                                                                  • Instruction Fuzzy Hash: 3AE1E574E00218CFEB64DFA5C944BDDBBB2BF89304F2081AAD409A7395DB355A85CF14
                                                                                                  Function 065AD670 Relevance: .2, Instructions: 219COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3826839657.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_65a0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 8bff11bd20ecb892d663c1240c027e119f69d690334e4913d1a15006bcc61e67
                                                                                                  • Instruction ID: af204d8bdcac4cd0a7d1ce8e3f9814947473626e01886dd5509c7045926effe8
                                                                                                  • Opcode Fuzzy Hash: 8bff11bd20ecb892d663c1240c027e119f69d690334e4913d1a15006bcc61e67
                                                                                                  • Instruction Fuzzy Hash: 3BA1A075E012288FEB68DF6AC944B9DBBF2BF89300F14C1AAD40CA7254DB745A85CF50
                                                                                                  Function 065AB6E8 Relevance: .2, Instructions: 219COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3826839657.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_65a0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: de3765507ea373e1f29645e24f3e1e47d2b6b1b1e14643ca383a66a3f04eaf24
                                                                                                  • Instruction ID: 963a6b280f8df0064203483f116ee8c7d9d73cc3d293621844831cec70552432
                                                                                                  • Opcode Fuzzy Hash: de3765507ea373e1f29645e24f3e1e47d2b6b1b1e14643ca383a66a3f04eaf24
                                                                                                  • Instruction Fuzzy Hash: 5CA1A075E012288FEB68CF6AD944B9DBBF2BF89300F14C0AAD40CA7255DB345A85CF51
                                                                                                  Function 065AC388 Relevance: .2, Instructions: 219COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3826839657.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_65a0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ed1c161f323a38ca3fb0c26eda924aad275d08aeee80fc1a953c93adb708a93b
                                                                                                  • Instruction ID: f1870e3926f343645f10ccc347ace4f6c0b33af906151c2c0931a9121d8c2ce6
                                                                                                  • Opcode Fuzzy Hash: ed1c161f323a38ca3fb0c26eda924aad275d08aeee80fc1a953c93adb708a93b
                                                                                                  • Instruction Fuzzy Hash: EBA19275E012288FEB68CF6AD944B9DBBF2BF89300F14C0AAD40DA7255DB745A85CF50
                                                                                                  Function 065AA408 Relevance: .2, Instructions: 219COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3826839657.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_65a0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c213e1c930f54e8572200b9f6387501b1c09cbc07dded189e8f7c4d0abc13bae
                                                                                                  • Instruction ID: 8b900fa77c1561cb6516a1cf8c0948f24738f445e25cf1408fca42a0110352d1
                                                                                                  • Opcode Fuzzy Hash: c213e1c930f54e8572200b9f6387501b1c09cbc07dded189e8f7c4d0abc13bae
                                                                                                  • Instruction Fuzzy Hash: 46A18275E012188FEB68CF6AC944B9DBBF2BF89300F14C1AAD40DA7255DB345A85CF51
                                                                                                  Function 065ABD38 Relevance: .2, Instructions: 219COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3826839657.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_65a0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e3cb3ae5be5c4d68fe10f547f47d7ead4fa9848e637e1ee9bf2787b51b1c53f8
                                                                                                  • Instruction ID: c41abc227d0a4f5eb9f1d4f5f861576dbd7e5993d723700b4fee741d06678fac
                                                                                                  • Opcode Fuzzy Hash: e3cb3ae5be5c4d68fe10f547f47d7ead4fa9848e637e1ee9bf2787b51b1c53f8
                                                                                                  • Instruction Fuzzy Hash: F7A19175E012288FEB68CF6AD944B9DBBF2BF89300F14C0AAD40DA7255DB345A85CF51
                                                                                                  Function 065AC9D8 Relevance: .2, Instructions: 219COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3826839657.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_65a0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: a00bf9c4d9e05a013c489efe91ea12a4c852bdc916937248aecd9e4386b4bad8
                                                                                                  • Instruction ID: c94a89318a4341a24c88f42ba22f6715e34cf36aea4def56f1d315c61fb53eaf
                                                                                                  • Opcode Fuzzy Hash: a00bf9c4d9e05a013c489efe91ea12a4c852bdc916937248aecd9e4386b4bad8
                                                                                                  • Instruction Fuzzy Hash: BCA19075E012288FEB68CF6AD944B9DBBF2BF89300F14C1AAD40DA7255DB345A85CF50
                                                                                                  Function 065AAA58 Relevance: .2, Instructions: 218COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3826839657.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_65a0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 45a8a5e5ace7c76877472b52e1088812ab57739f5646cc7873ced4b748d61612
                                                                                                  • Instruction ID: 7d6242e7bf8bcc6331116ea2f42bb566035e0646cf8ed96ab82727ed4107f3eb
                                                                                                  • Opcode Fuzzy Hash: 45a8a5e5ace7c76877472b52e1088812ab57739f5646cc7873ced4b748d61612
                                                                                                  • Instruction Fuzzy Hash: 9BA18175E012288FEB68CF6AC944B9DFBF2BF89300F14C1AAD409A7255DB345A85CF51
                                                                                                  Function 065AD028 Relevance: .2, Instructions: 218COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3826839657.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_65a0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 9e97ae539f3080e6ae76d57cd053f7c671ae23f6e3759306dffb0b2ef72b9368
                                                                                                  • Instruction ID: ac93e3d1b575b25a473d9e304466077b7798586deafaf5e7dbf96a69fab22e9a
                                                                                                  • Opcode Fuzzy Hash: 9e97ae539f3080e6ae76d57cd053f7c671ae23f6e3759306dffb0b2ef72b9368
                                                                                                  • Instruction Fuzzy Hash: C8A19275E012288FEB68DF6AD944B9DBBF2BF89300F14C1AAD40CA7254DB345A85CF50
                                                                                                  Function 065AB0A0 Relevance: .2, Instructions: 218COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3826839657.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_65a0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 3309077735016f614bbc482e09f90f497b571b24989e5fcc413ba61484f3a059
                                                                                                  • Instruction ID: 2dcae5fba17d96b528c385d5e518ef25ef52bbce0fb52d2c72f7c8ced96f20bd
                                                                                                  • Opcode Fuzzy Hash: 3309077735016f614bbc482e09f90f497b571b24989e5fcc413ba61484f3a059
                                                                                                  • Instruction Fuzzy Hash: 90A19075E012288FEB68CF6AD944B9DBBF2BF89300F14C1AAD40CA7255DB345A85CF51
                                                                                                  Function 065AB090 Relevance: .2, Instructions: 198COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3826839657.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_65a0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 100d3a056858a93cfc103a25cef83b9e23b6bf4d0779a5e5b808ad5f836ea4f7
                                                                                                  • Instruction ID: 6f19b0478b98570c450eb4e76f1c61e41fa0f4617f16833086d4ba1b1c26d012
                                                                                                  • Opcode Fuzzy Hash: 100d3a056858a93cfc103a25cef83b9e23b6bf4d0779a5e5b808ad5f836ea4f7
                                                                                                  • Instruction Fuzzy Hash: 9F91EA71D052588FEB68CF6AC884BDDBBB2BF89300F14C4EAD408AB255DB315A85CF51
                                                                                                  Function 065A1191 Relevance: .2, Instructions: 178COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3826839657.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_65a0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2ce7432133de09234c7b18a4dfe3998c0842626bb77fb34191e0b98efe0799d7
                                                                                                  • Instruction ID: f30ec3ef6fc2c80d0edb15da26f51899ee7841a94bef03d4159342b281633a15
                                                                                                  • Opcode Fuzzy Hash: 2ce7432133de09234c7b18a4dfe3998c0842626bb77fb34191e0b98efe0799d7
                                                                                                  • Instruction Fuzzy Hash: A781A474E412689FDB65DF25D854BEDBBB2BF89300F1080EAD809A7254DB305E81CF45
                                                                                                  Function 065AD018 Relevance: .2, Instructions: 170COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3826839657.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_65a0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 6514a26ce70770237c3c0ebb062846f590834b1610c372615891408e9084c90d
                                                                                                  • Instruction ID: 442b36384c991db837bdbe3ed3b8251d56e2d28b43499c1e7940c2f8a6a0ab95
                                                                                                  • Opcode Fuzzy Hash: 6514a26ce70770237c3c0ebb062846f590834b1610c372615891408e9084c90d
                                                                                                  • Instruction Fuzzy Hash: 05717471E016188FEB68DF6AD944B9EBBF2BF89300F14C1AAD40CA7254DB345A85CF51
                                                                                                  Function 065AAA48 Relevance: .2, Instructions: 167COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3826839657.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_65a0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 705585c0be789fa07f81143e2474ecaacc8a0696fbc3d3d1404ddd7e5fd9cf18
                                                                                                  • Instruction ID: 1086aebab38290156d322f58a9c24c1399d853356929bf8fa43e219c3d1f9d47
                                                                                                  • Opcode Fuzzy Hash: 705585c0be789fa07f81143e2474ecaacc8a0696fbc3d3d1404ddd7e5fd9cf18
                                                                                                  • Instruction Fuzzy Hash: 43716375E006188FEB68CF6AC944B9DBBF2BF89300F14C0AAD50DA7255DB345A85CF51
                                                                                                  Function 065AC378 Relevance: .1, Instructions: 123COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3826839657.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_65a0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 634b6ee2a3ee939029f0d1f44f6f40be5c753a0812637c5ab3f6af5d9b72056b
                                                                                                  • Instruction ID: f295b35c067ab691a009dc59c736e04e3f4d1eae55b40cca3ea0b5ca417ed684
                                                                                                  • Opcode Fuzzy Hash: 634b6ee2a3ee939029f0d1f44f6f40be5c753a0812637c5ab3f6af5d9b72056b
                                                                                                  • Instruction Fuzzy Hash: 2051A971D016189FEB58CF6BCD4578AFAF3AFC9300F14C0AAD40CA6255EB740A868F51
                                                                                                  Function 065AC9C8 Relevance: .1, Instructions: 122COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3826839657.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_65a0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c7630781379002fa39f3b26d848f7ec7f2759754b5ca745775f0a171cc50992f
                                                                                                  • Instruction ID: 59b880aa909748db21e7b3415652852ee0058c24e1458e09fff2a6b2f8654dbc
                                                                                                  • Opcode Fuzzy Hash: c7630781379002fa39f3b26d848f7ec7f2759754b5ca745775f0a171cc50992f
                                                                                                  • Instruction Fuzzy Hash: 19519871E016188BEB58CF6BD9457DAFAF3AFC8310F04C1AAC40CA6254EB340A868F50
                                                                                                  Function 065A8602 Relevance: .1, Instructions: 114COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3826839657.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_65a0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 769440a08e7ee9fe39b9e6a41c349f27aa05f830b804425a8c45bd97186c5b63
                                                                                                  • Instruction ID: e0d7c15d543b1db05112b3cbf6aa310c9c8d8151be29bb8bb3a214b4c7c0e480
                                                                                                  • Opcode Fuzzy Hash: 769440a08e7ee9fe39b9e6a41c349f27aa05f830b804425a8c45bd97186c5b63
                                                                                                  • Instruction Fuzzy Hash: 5641B1B4D002088BEB58DFAAD9547DEBBF2BF88304F24C069C418AB254DB755946CF54
                                                                                                  Function 065ABD28 Relevance: .1, Instructions: 114COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3826839657.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_65a0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ea53e7684bf05a125e0821005511c81a71224760c676599475e31ff329776f1e
                                                                                                  • Instruction ID: 5c26c1c311c67198a163c1eec1b9813d9860b19ce04ed3d1abb5b173d8eee5f3
                                                                                                  • Opcode Fuzzy Hash: ea53e7684bf05a125e0821005511c81a71224760c676599475e31ff329776f1e
                                                                                                  • Instruction Fuzzy Hash: 99416A71D016188BEB58CF6BD9557CAFAF3AFC9310F14C1AAD50CA6254EB740A868F50
                                                                                                  Function 065AD662 Relevance: .1, Instructions: 111COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3826839657.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_65a0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f1ea337ebf68f898b40b2e62f0e269392b137f7c2a9465b03c00502f2b8f3eca
                                                                                                  • Instruction ID: f561bc6d5a553eb8b56a56dd77c5431772f643ac8246d208c97baeb3aa4baac2
                                                                                                  • Opcode Fuzzy Hash: f1ea337ebf68f898b40b2e62f0e269392b137f7c2a9465b03c00502f2b8f3eca
                                                                                                  • Instruction Fuzzy Hash: 7C4167B1D016189BEB58CF6BDD457CAFAF3AFC9300F14C1AAD50CA6255EB740A858F50
                                                                                                  Function 065AA3F8 Relevance: .1, Instructions: 111COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3826839657.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_65a0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 52820f676e5ab43ce32900c78ea46c67a64b2f08da8668e34a28ec7be51c1342
                                                                                                  • Instruction ID: a889bf7e4ecd6a76bf3a254631fc95268c9ff8acaf20fa87886a998910ada6e5
                                                                                                  • Opcode Fuzzy Hash: 52820f676e5ab43ce32900c78ea46c67a64b2f08da8668e34a28ec7be51c1342
                                                                                                  • Instruction Fuzzy Hash: 8A4157B1D016188BEB58CF6BC94578AFAF3AFC8300F14C1AAD50CA6255DB744A85CF51
                                                                                                  Function 065AB6D9 Relevance: .1, Instructions: 110COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3826839657.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_65a0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f0398a784b5c9c604537ed802b337d5b083396373ed6b4534839825e7cdae943
                                                                                                  • Instruction ID: ab79b221fdef4b83740e41a8b234475bc29e50e294cc69af512033c1a65f3ec5
                                                                                                  • Opcode Fuzzy Hash: f0398a784b5c9c604537ed802b337d5b083396373ed6b4534839825e7cdae943
                                                                                                  • Instruction Fuzzy Hash: F6415871D016188BEB58CF6BD9457CAFAF3AFC9310F14C1AAD50CA6264EB744A85CF50
                                                                                                  Function 02896E70 Relevance: 10.5, Strings: 8, Instructions: 477COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 0 2896e70-2896ea5 1 2896eab-2896ece 0->1 2 28972d4-28972d8 0->2 11 2896f7c-2896f80 1->11 12 2896ed4-2896ee1 1->12 3 28972da-28972ee 2->3 4 28972f1-28972ff 2->4 9 2897301-2897316 4->9 10 2897370-2897385 4->10 18 2897318-289731b 9->18 19 289731d-289732a 9->19 20 289738c-2897399 10->20 21 2897387-289738a 10->21 15 2896fc8-2896fd1 11->15 16 2896f82-2896f90 11->16 24 2896ef0 12->24 25 2896ee3-2896eee 12->25 22 28973e7 15->22 23 2896fd7-2896fe1 15->23 16->15 36 2896f92-2896fad 16->36 26 289732c-289736d 18->26 19->26 27 289739b-28973d6 20->27 21->27 30 28973ec-289741c 22->30 23->2 28 2896fe7-2896ff0 23->28 31 2896ef2-2896ef4 24->31 25->31 75 28973dd-28973e4 27->75 34 2896fff-289700b 28->34 35 2896ff2-2896ff7 28->35 51 289741e-2897434 30->51 52 2897435-289743c 30->52 31->11 38 2896efa-2896f5c 31->38 34->30 41 2897011-2897017 34->41 35->34 59 2896fbb 36->59 60 2896faf-2896fb9 36->60 86 2896f5e 38->86 87 2896f62-2896f79 38->87 42 289701d-289702d 41->42 43 28972be-28972c2 41->43 57 289702f-289703f 42->57 58 2897041-2897043 42->58 43->22 47 28972c8-28972ce 43->47 47->2 47->28 63 2897046-289704c 57->63 58->63 64 2896fbd-2896fbf 59->64 60->64 63->43 69 2897052-2897061 63->69 64->15 70 2896fc1 64->70 72 289710f-289713a call 2896cb8 * 2 69->72 73 2897067 69->73 70->15 92 2897140-2897144 72->92 93 2897224-289723e 72->93 77 289706a-289707b 73->77 77->30 79 2897081-2897093 77->79 79->30 82 2897099-28970b1 79->82 144 28970b3 call 2897440 82->144 145 28970b3 call 2897450 82->145 85 28970b9-28970c9 85->43 89 28970cf-28970d2 85->89 86->87 87->11 90 28970dc-28970df 89->90 91 28970d4-28970da 89->91 90->22 94 28970e5-28970e8 90->94 91->90 91->94 92->43 96 289714a-289714e 92->96 93->2 111 2897244-2897248 93->111 99 28970ea-28970ee 94->99 100 28970f0-28970f3 94->100 97 2897150-289715d 96->97 98 2897176-289717c 96->98 114 289716c 97->114 115 289715f-289716a 97->115 103 289717e-2897182 98->103 104 28971b7-28971bd 98->104 99->100 102 28970f9-28970fd 99->102 100->22 100->102 102->22 109 2897103-2897109 102->109 103->104 110 2897184-289718d 103->110 106 28971c9-28971cf 104->106 107 28971bf-28971c3 104->107 112 28971db-28971dd 106->112 113 28971d1-28971d5 106->113 107->75 107->106 109->72 109->77 116 289719c-28971b2 110->116 117 289718f-2897194 110->117 118 289724a-2897254 call 2895b58 111->118 119 2897284-2897288 111->119 120 28971df-28971e8 112->120 121 2897212-2897214 112->121 113->43 113->112 122 289716e-2897170 114->122 115->122 116->43 117->116 118->119 132 2897256-289726b 118->132 119->75 123 289728e-2897292 119->123 126 28971ea-28971ef 120->126 127 28971f7-289720d 120->127 121->43 128 289721a-2897221 121->128 122->43 122->98 123->75 130 2897298-28972a5 123->130 126->127 127->43 135 28972b4 130->135 136 28972a7-28972b2 130->136 132->119 141 289726d-2897282 132->141 138 28972b6-28972b8 135->138 136->138 138->43 138->75 141->2 141->119 144->85 145->85
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: (oq$(oq$(oq$(oq$(oq$(oq$,q$,q
                                                                                                  • API String ID: 0-2212926057
                                                                                                  • Opcode ID: 9eb0ce03cd9e52b3ea1a32473221c907cfdc261095d4b1e87d06ca79476486bb
                                                                                                  • Instruction ID: c4837a4825fc07e527925547bcfb239bdf17cb310be7429adf55bfe88d22e23d
                                                                                                  • Opcode Fuzzy Hash: 9eb0ce03cd9e52b3ea1a32473221c907cfdc261095d4b1e87d06ca79476486bb
                                                                                                  • Instruction Fuzzy Hash: 47124D78A102089FCF25CFA8D984A9EBBF2FF89314F188559E959DB261D730ED41CB50
                                                                                                  Function 02897808 Relevance: 3.2, Strings: 2, Instructions: 697COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 1501 2897808-2897cf6 1576 2898248-289827d 1501->1576 1577 2897cfc-2897d0c 1501->1577 1581 2898289-28982a7 1576->1581 1582 289827f-2898284 1576->1582 1577->1576 1578 2897d12-2897d22 1577->1578 1578->1576 1580 2897d28-2897d38 1578->1580 1580->1576 1583 2897d3e-2897d4e 1580->1583 1595 28982a9-28982b3 1581->1595 1596 289831e-289832a 1581->1596 1585 289836e-2898373 1582->1585 1583->1576 1584 2897d54-2897d64 1583->1584 1584->1576 1586 2897d6a-2897d7a 1584->1586 1586->1576 1588 2897d80-2897d90 1586->1588 1588->1576 1589 2897d96-2897da6 1588->1589 1589->1576 1591 2897dac-2897dbc 1589->1591 1591->1576 1592 2897dc2-2897dd2 1591->1592 1592->1576 1594 2897dd8-2898247 1592->1594 1595->1596 1600 28982b5-28982c1 1595->1600 1601 289832c-2898338 1596->1601 1602 2898341-289834d 1596->1602 1607 28982c3-28982ce 1600->1607 1608 28982e6-28982e9 1600->1608 1601->1602 1609 289833a-289833f 1601->1609 1610 289834f-289835b 1602->1610 1611 2898364-2898366 1602->1611 1607->1608 1621 28982d0-28982da 1607->1621 1613 28982eb-28982f7 1608->1613 1614 2898300-289830c 1608->1614 1609->1585 1610->1611 1623 289835d-2898362 1610->1623 1611->1585 1688 2898368 call 2898801 1611->1688 1613->1614 1626 28982f9-28982fe 1613->1626 1615 289830e-2898315 1614->1615 1616 2898374-289838e 1614->1616 1615->1616 1620 2898317-289831c 1615->1620 1620->1585 1621->1608 1629 28982dc-28982e1 1621->1629 1623->1585 1626->1585 1629->1585 1688->1585
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: $q$$q
                                                                                                  • API String ID: 0-3126353813
                                                                                                  • Opcode ID: 557a952abcb9629a47f519ac6f219bcb4824bd6972db90282b4e0de622e76755
                                                                                                  • Instruction ID: 88bd4591659e73c9efab363c8560b86996a4474ff02312f99c921fdee4bfa7b9
                                                                                                  • Opcode Fuzzy Hash: 557a952abcb9629a47f519ac6f219bcb4824bd6972db90282b4e0de622e76755
                                                                                                  • Instruction Fuzzy Hash: F7521574A002598FEB259BA4C864BDFBB73EF84300F1081ADC10AAB3A5DB355D46DF65
                                                                                                  Function 02898801 Relevance: 2.8, Strings: 2, Instructions: 332COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 2035 2898801-289881d 2036 2898829-2898835 2035->2036 2037 289881f-2898824 2035->2037 2040 2898845-289884a 2036->2040 2041 2898837-2898839 2036->2041 2038 2898bbe-2898bc3 2037->2038 2040->2038 2042 2898841-2898843 2041->2042 2042->2040 2043 289884f-289885b 2042->2043 2045 289886b-2898870 2043->2045 2046 289885d-2898869 2043->2046 2045->2038 2046->2045 2048 2898875-2898880 2046->2048 2050 289892a-2898935 2048->2050 2051 2898886-2898891 2048->2051 2056 28989d8-28989e4 2050->2056 2057 289893b-289894a 2050->2057 2054 2898893-28988a5 2051->2054 2055 28988a7 2051->2055 2058 28988ac-28988ae 2054->2058 2055->2058 2066 28989f4-2898a06 2056->2066 2067 28989e6-28989f2 2056->2067 2064 289895b-289896a 2057->2064 2065 289894c-2898956 2057->2065 2060 28988ce-28988d3 2058->2060 2061 28988b0-28988bf 2058->2061 2060->2038 2061->2060 2072 28988c1-28988cc 2061->2072 2074 289896c-2898978 2064->2074 2075 289898e-2898997 2064->2075 2065->2038 2079 2898a08-2898a14 2066->2079 2080 2898a2a-2898a2f 2066->2080 2067->2066 2076 2898a34-2898a3f 2067->2076 2072->2060 2083 28988d8-28988e1 2072->2083 2085 289897a-289897f 2074->2085 2086 2898984-2898989 2074->2086 2089 2898999-28989ab 2075->2089 2090 28989ad 2075->2090 2087 2898b21-2898b2c 2076->2087 2088 2898a45-2898a4e 2076->2088 2099 2898a20-2898a25 2079->2099 2100 2898a16-2898a1b 2079->2100 2080->2038 2094 28988ed-28988fc 2083->2094 2095 28988e3-28988e8 2083->2095 2085->2038 2086->2038 2102 2898b2e-2898b38 2087->2102 2103 2898b56-2898b65 2087->2103 2104 2898a50-2898a62 2088->2104 2105 2898a64 2088->2105 2091 28989b2-28989b4 2089->2091 2090->2091 2091->2056 2097 28989b6-28989c2 2091->2097 2111 28988fe-289890a 2094->2111 2112 2898920-2898925 2094->2112 2095->2038 2115 28989ce-28989d3 2097->2115 2116 28989c4-28989c9 2097->2116 2099->2038 2100->2038 2121 2898b3a-2898b46 2102->2121 2122 2898b4f-2898b54 2102->2122 2118 2898bb9 2103->2118 2119 2898b67-2898b76 2103->2119 2107 2898a69-2898a6b 2104->2107 2105->2107 2113 2898a7b 2107->2113 2114 2898a6d-2898a79 2107->2114 2128 289890c-2898911 2111->2128 2129 2898916-289891b 2111->2129 2112->2038 2120 2898a80-2898a82 2113->2120 2114->2120 2115->2038 2116->2038 2118->2038 2119->2118 2131 2898b78-2898b90 2119->2131 2125 2898a8e-2898aa1 2120->2125 2126 2898a84-2898a89 2120->2126 2121->2122 2133 2898b48-2898b4d 2121->2133 2122->2038 2134 2898ad9-2898ae3 2125->2134 2135 2898aa3 2125->2135 2126->2038 2128->2038 2129->2038 2146 2898bb2-2898bb7 2131->2146 2147 2898b92-2898bb0 2131->2147 2133->2038 2142 2898b02-2898b0e 2134->2142 2143 2898ae5-2898af1 call 2898270 2134->2143 2137 2898aa6-2898ab7 call 2898270 2135->2137 2144 2898ab9-2898abc 2137->2144 2145 2898abe-2898ac3 2137->2145 2152 2898b10-2898b15 2142->2152 2153 2898b17 2142->2153 2157 2898af8-2898afd 2143->2157 2158 2898af3-2898af6 2143->2158 2144->2145 2149 2898ac8-2898acb 2144->2149 2145->2038 2146->2038 2147->2038 2154 2898ad1-2898ad7 2149->2154 2155 2898bc4-2898bde 2149->2155 2159 2898b1c 2152->2159 2153->2159 2154->2134 2154->2137 2157->2038 2158->2142 2158->2157 2159->2038
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 4'q$4'q
                                                                                                  • API String ID: 0-1467158625
                                                                                                  • Opcode ID: b5fc17eafa3a88c25793eed5cfb514005b6f73892f85786e288b4c18c82b3b28
                                                                                                  • Instruction ID: 2e1b08a44d575cafffb9bb9b1c790ac27b054bdf7e9c9c65c5bbb274c1bc8356
                                                                                                  • Opcode Fuzzy Hash: b5fc17eafa3a88c25793eed5cfb514005b6f73892f85786e288b4c18c82b3b28
                                                                                                  • Instruction Fuzzy Hash: 7AB15E7C7006068FDF259B29C86873977A6EF86608F1C44AAE556CF3B5DB28CC42C752
                                                                                                  Function 028956B0 Relevance: 2.8, Strings: 2, Instructions: 265COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 2163 28956b0-28956d2 2164 28956e8-28956f3 2163->2164 2165 28956d4-28956d8 2163->2165 2168 28956f9-28956fb 2164->2168 2169 289579b-28957c7 2164->2169 2166 28956da-28956e6 2165->2166 2167 2895700-2895707 2165->2167 2166->2164 2166->2167 2171 2895709-2895710 2167->2171 2172 2895727-2895730 2167->2172 2170 2895793-2895798 2168->2170 2175 28957ce-2895826 2169->2175 2171->2172 2173 2895712-289571d 2171->2173 2242 2895732 call 28956a0 2172->2242 2243 2895732 call 28956b0 2172->2243 2173->2175 2176 2895723-2895725 2173->2176 2195 2895828-289582e 2175->2195 2196 2895835-2895847 2175->2196 2176->2170 2177 2895738-289573a 2178 289573c-2895740 2177->2178 2179 2895742-289574a 2177->2179 2178->2179 2182 289575d-289577c call 2896120 2178->2182 2183 2895759-289575b 2179->2183 2184 289574c-2895751 2179->2184 2189 289577e-2895787 2182->2189 2190 2895791 2182->2190 2183->2170 2184->2183 2250 2895789 call 289a71d 2189->2250 2251 2895789 call 289a660 2189->2251 2190->2170 2192 289578f 2192->2170 2195->2196 2198 28958db-28958dd 2196->2198 2199 289584d-2895851 2196->2199 2248 28958df call 2895a68 2198->2248 2249 28958df call 2895a78 2198->2249 2200 2895861-289586e 2199->2200 2201 2895853-289585f 2199->2201 2209 2895870-289587a 2200->2209 2201->2209 2202 28958e5-28958eb 2203 28958ed-28958f3 2202->2203 2204 28958f7-28958fe 2202->2204 2207 2895959-28959a7 2203->2207 2208 28958f5 2203->2208 2245 28959a9 call 65a25e8 2207->2245 2246 28959a9 call 65a23e0 2207->2246 2247 28959a9 call 65a23d1 2207->2247 2208->2204 2212 289587c-289588b 2209->2212 2213 28958a7-28958ab 2209->2213 2221 289589b-28958a5 2212->2221 2222 289588d-2895894 2212->2222 2214 28958ad-28958b3 2213->2214 2215 28958b7-28958bb 2213->2215 2218 2895901-2895952 2214->2218 2219 28958b5 2214->2219 2215->2204 2220 28958bd-28958c1 2215->2220 2218->2207 2219->2204 2223 28959bf-28959d6 2220->2223 2224 28958c7-28958d9 2220->2224 2221->2213 2222->2221 2224->2204 2237 28959af-28959b8 2237->2223 2242->2177 2243->2177 2245->2237 2246->2237 2247->2237 2248->2202 2249->2202 2250->2192 2251->2192
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Hq$Hq
                                                                                                  • API String ID: 0-925789375
                                                                                                  • Opcode ID: 113bed2558004244556c87b654c0a1acfdd66d11aac944538d74083aea77a076
                                                                                                  • Instruction ID: d91dc384db893a7fc7025108f1803e4af0a856445fc386e68529507203b2a9a1
                                                                                                  • Opcode Fuzzy Hash: 113bed2558004244556c87b654c0a1acfdd66d11aac944538d74083aea77a076
                                                                                                  • Instruction Fuzzy Hash: E991C1387042559FEB279F24D858B6E7BA6AFC9304F58486DE40ACB391DB399C01CB91
                                                                                                  Function 065A23E0 Relevance: 2.7, Strings: 2, Instructions: 239COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 2252 65a23e0-65a23f3 2254 65a23fc-65a2410 2252->2254 2255 65a23f5-65a23f7 2252->2255 2258 65a2412-65a2414 2254->2258 2259 65a2416 2254->2259 2256 65a2480-65a2483 2255->2256 2260 65a2419-65a241e 2258->2260 2259->2260 2261 65a2425-65a243f 2260->2261 2264 65a2441-65a2477 2261->2264 2265 65a2484-65a24b7 2261->2265 2264->2261 2279 65a2479 2264->2279 2270 65a24b9-65a24bb 2265->2270 2271 65a24c0-65a24e7 2265->2271 2272 65a25c4-65a25cb 2270->2272 2280 65a24e9-65a24ff 2271->2280 2281 65a251e-65a2520 2271->2281 2279->2256 2280->2281 2290 65a2501-65a2518 2280->2290 2282 65a2529-65a253d 2281->2282 2283 65a2522-65a2524 2281->2283 2286 65a253f-65a2541 2282->2286 2287 65a2543 2282->2287 2283->2272 2289 65a2546-65a2563 2286->2289 2287->2289 2295 65a25cc 2289->2295 2296 65a2565-65a2568 2289->2296 2290->2281 2290->2295 2300 65a25d1-65a25e0 2295->2300 2296->2295 2297 65a256a-65a256e 2296->2297 2298 65a25b0-65a25bd 2297->2298 2299 65a2570-65a2576 2297->2299 2298->2272 2301 65a2579-65a2581 2299->2301 2306 65a25e2-65a2604 2300->2306 2307 65a2640 2300->2307 2301->2300 2302 65a2583-65a2599 call 65a2190 2301->2302 2316 65a259b-65a259d 2302->2316 2317 65a25a7-65a25aa 2302->2317 2313 65a260d-65a262c 2306->2313 2323 65a2607 call 65a2670 2306->2323 2308 65a2648-65a265a 2307->2308 2314 65a265c-65a265f 2308->2314 2315 65a2661 2308->2315 2313->2308 2319 65a2664-65a2669 2314->2319 2315->2319 2316->2317 2317->2295 2320 65a25ac-65a25ae 2317->2320 2320->2298 2320->2301 2323->2313
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3826839657.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_65a0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: LRq$LRq
                                                                                                  • API String ID: 0-3710822783
                                                                                                  • Opcode ID: 2c02b2fcbe2d987470e6cbfd6b3c83319584dc3fc41770248a969350df44647b
                                                                                                  • Instruction ID: 87bbf3ae465f32d3e46795e43e1cc07d817299367686c74c2d0caf720d361710
                                                                                                  • Opcode Fuzzy Hash: 2c02b2fcbe2d987470e6cbfd6b3c83319584dc3fc41770248a969350df44647b
                                                                                                  • Instruction Fuzzy Hash: AA81B034B002058FDB48DF79D855A6E7BF6FF89600B1985A9E505DB3A5EB30DE01CBA0
                                                                                                  Function 02895C10 Relevance: 2.7, Strings: 2, Instructions: 230COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 2324 2895c10-2895c1d 2325 2895c1f-2895c23 2324->2325 2326 2895c25-2895c27 2324->2326 2325->2326 2327 2895c2c-2895c37 2325->2327 2328 2895e38-2895e3f 2326->2328 2329 2895c3d-2895c44 2327->2329 2330 2895e40 2327->2330 2331 2895dd9-2895ddf 2329->2331 2332 2895c4a-2895c59 2329->2332 2334 2895e45-2895e7d 2330->2334 2335 2895de1-2895de3 2331->2335 2336 2895de5-2895de9 2331->2336 2333 2895c5f-2895c6e 2332->2333 2332->2334 2342 2895c70-2895c73 2333->2342 2343 2895c83-2895c86 2333->2343 2349 2895e7f-2895e84 2334->2349 2350 2895e86-2895e8a 2334->2350 2335->2328 2337 2895deb-2895df1 2336->2337 2338 2895e36 2336->2338 2337->2330 2340 2895df3-2895df6 2337->2340 2338->2328 2340->2330 2344 2895df8-2895e0d 2340->2344 2346 2895c92-2895c98 2342->2346 2347 2895c75-2895c78 2342->2347 2343->2346 2348 2895c88-2895c8b 2343->2348 2364 2895e0f-2895e15 2344->2364 2365 2895e31-2895e34 2344->2365 2356 2895c9a-2895ca0 2346->2356 2357 2895cb0-2895ccd 2346->2357 2351 2895d79-2895d7f 2347->2351 2352 2895c7e 2347->2352 2353 2895c8d 2348->2353 2354 2895cde-2895ce4 2348->2354 2358 2895e90-2895e92 2349->2358 2350->2358 2359 2895d81-2895d87 2351->2359 2360 2895d97-2895da1 2351->2360 2361 2895da4-2895da6 2352->2361 2353->2361 2362 2895cfc-2895d0e 2354->2362 2363 2895ce6-2895cec 2354->2363 2366 2895ca2 2356->2366 2367 2895ca4-2895cae 2356->2367 2396 2895cd6-2895cd9 2357->2396 2368 2895e94-2895ea6 2358->2368 2369 2895ea7-2895eae 2358->2369 2370 2895d89 2359->2370 2371 2895d8b-2895d95 2359->2371 2360->2361 2381 2895daf-2895db1 2361->2381 2383 2895d1e-2895d41 2362->2383 2384 2895d10-2895d1c 2362->2384 2373 2895cee 2363->2373 2374 2895cf0-2895cfa 2363->2374 2375 2895e27-2895e2a 2364->2375 2376 2895e17-2895e25 2364->2376 2365->2328 2366->2357 2367->2357 2370->2360 2371->2360 2373->2362 2374->2362 2375->2330 2377 2895e2c-2895e2f 2375->2377 2376->2330 2376->2375 2377->2364 2377->2365 2388 2895db3-2895db7 2381->2388 2389 2895dc5-2895dc7 2381->2389 2383->2330 2401 2895d47-2895d4a 2383->2401 2398 2895d69-2895d77 2384->2398 2388->2389 2392 2895db9-2895dbd 2388->2392 2391 2895dcb-2895dce 2389->2391 2391->2330 2393 2895dd0-2895dd3 2391->2393 2392->2330 2397 2895dc3 2392->2397 2393->2331 2393->2332 2396->2361 2397->2391 2398->2361 2401->2330 2402 2895d50-2895d62 2401->2402 2402->2398
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: ,q$,q
                                                                                                  • API String ID: 0-1667412543
                                                                                                  • Opcode ID: ae7ffbe0257ab1040bbb3a62d72adb9488965e5a2f4fb974640bfcf219d9b686
                                                                                                  • Instruction ID: db2deb62ac30a3efda984b63344a61b0e07eefacf155c046ac481fca9bbdeb35
                                                                                                  • Opcode Fuzzy Hash: ae7ffbe0257ab1040bbb3a62d72adb9488965e5a2f4fb974640bfcf219d9b686
                                                                                                  • Instruction Fuzzy Hash: 8B81723CB005058FDF16CF69C888AAEB7B6FF89218B988169D405DB365D735EC41CB51
                                                                                                  Function 065A9510 Relevance: 2.7, Strings: 2, Instructions: 209COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 2404 65a9510-65a952f 2405 65a96ea-65a970f 2404->2405 2406 65a9535-65a953e 2404->2406 2410 65a9716-65a97b0 call 65a9328 2405->2410 2406->2410 2411 65a9544-65a9599 2406->2411 2450 65a97b5-65a97ba 2410->2450 2419 65a959b-65a95c0 2411->2419 2420 65a95c3-65a95cc 2411->2420 2419->2420 2422 65a95ce 2420->2422 2423 65a95d1-65a95e1 2420->2423 2422->2423 2460 65a95e3 call 65a96f0 2423->2460 2461 65a95e3 call 65a9760 2423->2461 2462 65a95e3 call 65a9510 2423->2462 2463 65a95e3 call 65a9500 2423->2463 2426 65a95e9-65a95eb 2428 65a95ed-65a95f2 2426->2428 2429 65a9645-65a9692 2426->2429 2431 65a962b-65a963e 2428->2431 2432 65a95f4-65a9629 2428->2432 2441 65a9699-65a969e 2429->2441 2431->2429 2432->2441 2443 65a96a8-65a96ad 2441->2443 2444 65a96a0 2441->2444 2448 65a96af 2443->2448 2449 65a96b7-65a96bc 2443->2449 2444->2443 2448->2449 2451 65a96be-65a96cc call 65a919c call 65a91b4 2449->2451 2452 65a96d1 2449->2452 2451->2452 2452->2405 2460->2426 2461->2426 2462->2426 2463->2426
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3826839657.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_65a0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: (&q$(q
                                                                                                  • API String ID: 0-2464455664
                                                                                                  • Opcode ID: d71578b296e12c3a92c978859c640ce67182c0425543be7c4d22a39f9f018c6c
                                                                                                  • Instruction ID: 9b47cfa4c769faef4db64946604da8f968001050f5bf8fb9b116cd1710b40328
                                                                                                  • Opcode Fuzzy Hash: d71578b296e12c3a92c978859c640ce67182c0425543be7c4d22a39f9f018c6c
                                                                                                  • Instruction Fuzzy Hash: 21719131F103199BDB59DFA8D8557AEBBB2AFC8700F548429E405AB384DE309D46CBD1
                                                                                                  Function 02893428 Relevance: 2.6, Strings: 2, Instructions: 112COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Xq$Xq
                                                                                                  • API String ID: 0-1556399337
                                                                                                  • Opcode ID: c42aa93f158726810013d11c31dc1e11eccbc5da041be960909a1faa7baec22e
                                                                                                  • Instruction ID: adce7ec1ebdaa5224b1cc657ac257c6f7d4f93d97284d0009de680cf3b9c89ba
                                                                                                  • Opcode Fuzzy Hash: c42aa93f158726810013d11c31dc1e11eccbc5da041be960909a1faa7baec22e
                                                                                                  • Instruction Fuzzy Hash: 1E31E73DB003298BEF294A66589837E62DAABC5214F1D847DE80BC7380DF74CC0586A1
                                                                                                  Function 0289A828 Relevance: 1.7, Strings: 1, Instructions: 419COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: E
                                                                                                  • API String ID: 0-3568589458
                                                                                                  • Opcode ID: bf24fde352ea67b38da529e7accbc1bb0066c262134b2dc8f90aaa0cc2a55298
                                                                                                  • Instruction ID: 91f57a37146cb6fda6c1e69e446166362c05ff84c9d41a3fd24be14d11a16ccc
                                                                                                  • Opcode Fuzzy Hash: bf24fde352ea67b38da529e7accbc1bb0066c262134b2dc8f90aaa0cc2a55298
                                                                                                  • Instruction Fuzzy Hash: B1F12E79A002159FDF09CF68C588AADBBF6FF88314B1A8059E419EB361DB35EC41CB50
                                                                                                  Function 02890C8F Relevance: 1.7, Strings: 1, Instructions: 401COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: LRq
                                                                                                  • API String ID: 0-3187445251
                                                                                                  • Opcode ID: 7d5ad187e2a413c154353e686f056f3a9484787793cbabaf53cce64b8269627e
                                                                                                  • Instruction ID: 46990cbd908faeef03cdbe9848d535b8b1630ff54def5cefa66959c62d297082
                                                                                                  • Opcode Fuzzy Hash: 7d5ad187e2a413c154353e686f056f3a9484787793cbabaf53cce64b8269627e
                                                                                                  • Instruction Fuzzy Hash: 78228578D40219CFCB55EF64E894A9DBBB2FF48311F108AAAD409A7365EB306D46CF50
                                                                                                  Function 02890CA0 Relevance: 1.6, Strings: 1, Instructions: 395COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: LRq
                                                                                                  • API String ID: 0-3187445251
                                                                                                  • Opcode ID: 457f932ffdb81970c9fdd08df467e80094334b873e894b9267139a0a5011589d
                                                                                                  • Instruction ID: bb09b1e096e52649884040124dc48c72bbce5c65e66c8d03c833b68f27f78918
                                                                                                  • Opcode Fuzzy Hash: 457f932ffdb81970c9fdd08df467e80094334b873e894b9267139a0a5011589d
                                                                                                  • Instruction Fuzzy Hash: 03227478D40219CFCB55EF64E894A9DB7B2FF48311F108AAAD409A7365EB306D46CF50
                                                                                                  Function 05648174 Relevance: 1.6, APIs: 1, Instructions: 62libraryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • LdrInitializeThunk.NTDLL(00000000), ref: 056482B6
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3825185689.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_5640000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: 4fab4b7359172acfb0957c2436e5c43dc27d8d0a0e354cf7bab78ea37553003b
                                                                                                  • Instruction ID: ae327d71258ca2525d7a643de0ff27dbf9b1e51009088bc0f4b7105163ba84fe
                                                                                                  • Opcode Fuzzy Hash: 4fab4b7359172acfb0957c2436e5c43dc27d8d0a0e354cf7bab78ea37553003b
                                                                                                  • Instruction Fuzzy Hash: 4A113A74E012199FDB14EFA8D584EAEB7F5FF88304F548169E844AB246D770A942CF60
                                                                                                  Function 0289A660 Relevance: 1.4, Strings: 1, Instructions: 124COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: (oq
                                                                                                  • API String ID: 0-1999159160
                                                                                                  • Opcode ID: 8149b4acfc403b86c66d3a03b9c60a3c5299f4295e05ae047ee30423cdc69e8b
                                                                                                  • Instruction ID: bf4fded3c612d47190214eb106cdb14df763a072cdf8678a19e8557fc83749be
                                                                                                  • Opcode Fuzzy Hash: 8149b4acfc403b86c66d3a03b9c60a3c5299f4295e05ae047ee30423cdc69e8b
                                                                                                  • Instruction Fuzzy Hash: F841B139B002049FDB1A9F69D8596AE7BFBAFC9210F18446DE506D7390DE319C16CBA0
                                                                                                  Function 02897450 Relevance: .2, Instructions: 201COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 914377794b4c2e1097555bcc006137078c15513e1c408b5bfb2a9ac00cb27a65
                                                                                                  • Instruction ID: cc63a38ac9b77b5f708569b342a2ff937bb1df4082bb3ae4ec3de5138b81a865
                                                                                                  • Opcode Fuzzy Hash: 914377794b4c2e1097555bcc006137078c15513e1c408b5bfb2a9ac00cb27a65
                                                                                                  • Instruction Fuzzy Hash: 1771177C7102458FCF55DF2CC888A6ABBE5AF89604F1940A9E919CB3A2DB71DC41CB50
                                                                                                  Function 0289CED7 Relevance: .2, Instructions: 171COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: fa8935efa37a6214ea4499ca887bcb489189a337789c66604f3cc16baebb2850
                                                                                                  • Instruction ID: ffc998c2785aaaf023a576c9b06da4beaa2800f3dc3750724490242212ec28d2
                                                                                                  • Opcode Fuzzy Hash: fa8935efa37a6214ea4499ca887bcb489189a337789c66604f3cc16baebb2850
                                                                                                  • Instruction Fuzzy Hash: D651C538CA5343AFC74A2F30A1AD16E7BB0FB1F317758AD5CA00E950929B716065CF50
                                                                                                  Function 0289CEE8 Relevance: .2, Instructions: 167COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 8d4e1ec348fda07774f9d27ce743fdc37af02c6c19da2de06fa61eb06894ec7e
                                                                                                  • Instruction ID: 1cb27757aa3b8e74e0ef610d2e42361fa9c49f365b6b42a940fc766dd3091020
                                                                                                  • Opcode Fuzzy Hash: 8d4e1ec348fda07774f9d27ce743fdc37af02c6c19da2de06fa61eb06894ec7e
                                                                                                  • Instruction Fuzzy Hash: 0051C338CA5347AFC30A2F30A1AD12FBBA4FB0F317798AC18A00E910929B316065CA50
                                                                                                  Function 0289E2E9 Relevance: .2, Instructions: 155COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ee8df01e116cd78a379e7405524b30d64f42ba1dbe95ce9a3490492f45aef3ee
                                                                                                  • Instruction ID: eb866874f0620b22ca27760d8ea00a9ed8993e2de8a3082ac6f319ad081a42c9
                                                                                                  • Opcode Fuzzy Hash: ee8df01e116cd78a379e7405524b30d64f42ba1dbe95ce9a3490492f45aef3ee
                                                                                                  • Instruction Fuzzy Hash: E561E078D00218DFDB25DFA4D894AEDBBB2BF89300F608529D805AB299DB349946CF50
                                                                                                  Function 0289CD20 Relevance: .1, Instructions: 139COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ef701ac9fd07af12530d9703a42095729adee11814f88e42a3f264dd396a1261
                                                                                                  • Instruction ID: 127489538f12af81533bd1f55426120ade5540bc887969513aab2b454770880d
                                                                                                  • Opcode Fuzzy Hash: ef701ac9fd07af12530d9703a42095729adee11814f88e42a3f264dd396a1261
                                                                                                  • Instruction Fuzzy Hash: 49519474E012089FDB54DFA9D584ADDBBF2FF89300F248169E819AB365DB31A941CF50
                                                                                                  Function 028938F9 Relevance: .1, Instructions: 138COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: be151f6184498c8d6a7d4cf2de425e018be23c3d5a4b05cbbbdc51c71e22bc36
                                                                                                  • Instruction ID: 36f5ebe5b0b741771efe16dd1326435136de54d88d23e38dce75e1fa7157e33e
                                                                                                  • Opcode Fuzzy Hash: be151f6184498c8d6a7d4cf2de425e018be23c3d5a4b05cbbbdc51c71e22bc36
                                                                                                  • Instruction Fuzzy Hash: 1751A578E01208DFDB48DFA9D59499DBBF2FF89300B248469E815AB325DB31AC46CF50
                                                                                                  Function 065ADCC0 Relevance: .1, Instructions: 136COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3826839657.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_65a0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5ee27793acb3f57111ff8c09dc5d933f1e2371f49d516e6c112a1487116b1cf4
                                                                                                  • Instruction ID: 951b177e42aacab6d5f92ab1562ba31de9764bf0f3f06b3e7d7f7daeb8123b28
                                                                                                  • Opcode Fuzzy Hash: 5ee27793acb3f57111ff8c09dc5d933f1e2371f49d516e6c112a1487116b1cf4
                                                                                                  • Instruction Fuzzy Hash: 2A416635841319CFDB04AFB5D06C7EEBBB2FB4A316F9088A9D20163699CB791A44CF50
                                                                                                  Function 02893908 Relevance: .1, Instructions: 134COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 638ae0eb2761f4b0bd8cf240758c12a6d0b2a22b35fce053c893ed3c140e78c0
                                                                                                  • Instruction ID: d2d8280504a99701bbb67f9b5faada1d737dee7dde90e6207af39d38f067b825
                                                                                                  • Opcode Fuzzy Hash: 638ae0eb2761f4b0bd8cf240758c12a6d0b2a22b35fce053c893ed3c140e78c0
                                                                                                  • Instruction Fuzzy Hash: 46519778E01208CFDB48DFA9D59499DBBF2FF89300B249469E815AB364DB359C46CF50
                                                                                                  Function 065A9A49 Relevance: .1, Instructions: 132COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3826839657.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_65a0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: eac3d85b14cd6254e5384fde48f56d6d33413d3a5a30f8cf9d2b8c3c3eedb556
                                                                                                  • Instruction ID: 240cceb6bb285923dabd522e26975d56a48293fb7ae8aa17cc4e1dd5eb18a66a
                                                                                                  • Opcode Fuzzy Hash: eac3d85b14cd6254e5384fde48f56d6d33413d3a5a30f8cf9d2b8c3c3eedb556
                                                                                                  • Instruction Fuzzy Hash: 5651E379D00218DFDB14DFA9D584BEDBBF2FB89310F20852AD415A7294E734A946CF50
                                                                                                  Function 0289F0F9 Relevance: .1, Instructions: 130COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 438cb138b2efa7ffc289c82166b41ade4e55f791bfb87eb890f721d6c5b3c281
                                                                                                  • Instruction ID: f1c577471f18935058ed88f17f7a7721cf19417aa9d77673042578c7007ad769
                                                                                                  • Opcode Fuzzy Hash: 438cb138b2efa7ffc289c82166b41ade4e55f791bfb87eb890f721d6c5b3c281
                                                                                                  • Instruction Fuzzy Hash: 4A51BD78D01228CFDB64DFA8C984BECBBB2BF89305F1454AAD409A7754D735AA81CF50
                                                                                                  Function 02899A73 Relevance: .1, Instructions: 125COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: dc979651d125944c30c26f6c3d2387653854fd37d1e91d6d65bd05af8ec3a204
                                                                                                  • Instruction ID: 854a0d37f4be485a416dcf5bf103e23196d977df511170f1d4e118a614a7cc90
                                                                                                  • Opcode Fuzzy Hash: dc979651d125944c30c26f6c3d2387653854fd37d1e91d6d65bd05af8ec3a204
                                                                                                  • Instruction Fuzzy Hash: 5B419E39A04249DFDF15CFA8C844A9DBBB2EF49314F08845AE809DB2A5D335E961CB90
                                                                                                  Function 065A9500 Relevance: .1, Instructions: 116COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3826839657.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_65a0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5382a51586b28024c8eada44382259c86e4d199bf12360985eabbeb0d037a1a6
                                                                                                  • Instruction ID: 5e448954a541d9689e3927300ed76faf9596e5b8a626a103a0b4ab12dbbf393a
                                                                                                  • Opcode Fuzzy Hash: 5382a51586b28024c8eada44382259c86e4d199bf12360985eabbeb0d037a1a6
                                                                                                  • Instruction Fuzzy Hash: 0E416071E103299BDB54CFA9C980BDEBBF1BF88710F148129E415B7384EB70A946CB90
                                                                                                  Function 0289D7DE Relevance: .1, Instructions: 113COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: a9468742a8ea931a9c54c7cc80cfb4fd49db3b0ecc0932dd8eecb51a8b8ac30b
                                                                                                  • Instruction ID: 7bed475c781838ea487399a4d40862175fd858ecdb86e6e58a6a96fb41926201
                                                                                                  • Opcode Fuzzy Hash: a9468742a8ea931a9c54c7cc80cfb4fd49db3b0ecc0932dd8eecb51a8b8ac30b
                                                                                                  • Instruction Fuzzy Hash: F841167CD44208DFDF05EFA8D4846ADBBB2FB49304F689519D40AEB296D735A842CF18
                                                                                                  Function 065A9A58 Relevance: .1, Instructions: 111COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3826839657.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_65a0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7079bbe0cae5efd3fd58c2e1d11c6327a12367d644c56f0b0cfabb285c8678d3
                                                                                                  • Instruction ID: 3c6e0b95499406066ac2aee0235f05f07d8fe8eb4afb2a11ed0f8adb6df9c31a
                                                                                                  • Opcode Fuzzy Hash: 7079bbe0cae5efd3fd58c2e1d11c6327a12367d644c56f0b0cfabb285c8678d3
                                                                                                  • Instruction Fuzzy Hash: BD41CF78E002189FDB54DFA9D588BEDBBF2BF89300F10852AD415A7298EB345946CF50
                                                                                                  Function 0289D77E Relevance: .1, Instructions: 107COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: de63f1e5aeda05633fff6840bee11a0ff51683b52965d30bf0fd36f757629c26
                                                                                                  • Instruction ID: 6e2eec194c1511236306eb180aab01a4322623aac62a393160eee4c09ca83442
                                                                                                  • Opcode Fuzzy Hash: de63f1e5aeda05633fff6840bee11a0ff51683b52965d30bf0fd36f757629c26
                                                                                                  • Instruction Fuzzy Hash: A041E078D05208DFDF01EFA8D5846ADB7B2BB49304F289519D409FB296D736A842CF58
                                                                                                  Function 0289D630 Relevance: .1, Instructions: 103COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: cc770c37853b1479d230cbe215696eb0d1d191166bd042cbdafaae35e2f91a1d
                                                                                                  • Instruction ID: 6d0ca9d3ff5f63ea00e718e2e29f9e046cd3ce4b6e26848edfa7bc661fd7a91d
                                                                                                  • Opcode Fuzzy Hash: cc770c37853b1479d230cbe215696eb0d1d191166bd042cbdafaae35e2f91a1d
                                                                                                  • Instruction Fuzzy Hash: 8541E578D00208DFDF05EFAAD5446AEF7F2AB89304F18D529D408BB295D7759842CF58
                                                                                                  Function 02894DD0 Relevance: .1, Instructions: 101COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b0dbb485d31d6071bc91e0c43d8d8efd78fda4069739656cb4348476daece7e0
                                                                                                  • Instruction ID: 43cc274142460a0d96d85a1be1aa6b7241ec500e2037348b26d7252d608fbc0a
                                                                                                  • Opcode Fuzzy Hash: b0dbb485d31d6071bc91e0c43d8d8efd78fda4069739656cb4348476daece7e0
                                                                                                  • Instruction Fuzzy Hash: 9C316F3D6442099FCF0B9F64D4546AF3BA7EF88311F044458F909CB294CB75D866DBA0
                                                                                                  Function 065ADCB1 Relevance: .1, Instructions: 93COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3826839657.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_65a0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 8ebe482b56d53b8bbd92aa7b6877a7030989f93186956318a81352e1ad172f30
                                                                                                  • Instruction ID: 14fd112337c75b25d5c3d1f4e1d660e60ae97b1ae335671ece5578ad9303dd53
                                                                                                  • Opcode Fuzzy Hash: 8ebe482b56d53b8bbd92aa7b6877a7030989f93186956318a81352e1ad172f30
                                                                                                  • Instruction Fuzzy Hash: 1E319834C41309CFDB04AFB4D46C7AEBBB1FB8A302F9489A9D10167299CB781A44CF50
                                                                                                  Function 028976E8 Relevance: .1, Instructions: 92COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0622c1c7fa5a254242bd7154edf293e8ec2e7eb05c8a641f68f82dbf185b0b48
                                                                                                  • Instruction ID: 3281fccc3ef0d22951098e66d238edb29321840d93250b0784f53a4162bd2ac5
                                                                                                  • Opcode Fuzzy Hash: 0622c1c7fa5a254242bd7154edf293e8ec2e7eb05c8a641f68f82dbf185b0b48
                                                                                                  • Instruction Fuzzy Hash: B621007C7243006BEF26173A989437DAB97AFC960472C4479D90ACB3A1EF26CC439790
                                                                                                  Function 0289A819 Relevance: .1, Instructions: 89COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 468199f700373879473c829485bda9a931a207da52a986bd015b885c6c0812b0
                                                                                                  • Instruction ID: 922b881926229854cacacdceb95d68633e5ce68ed3e53e98b5bb2fa91751cb7a
                                                                                                  • Opcode Fuzzy Hash: 468199f700373879473c829485bda9a931a207da52a986bd015b885c6c0812b0
                                                                                                  • Instruction Fuzzy Hash: 43315278B005058FCB09CF69C8889AEBBB7FF89314B198159E566D73A5CB309D52CB90
                                                                                                  Function 028976F8 Relevance: .1, Instructions: 87COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e8cd69b843b8c736efa562f240f50f2eaade59ab11dbde1654df4e1845fd4471
                                                                                                  • Instruction ID: d4f83c78669b9e57d2a651182f610fef7270d1983b823da285aee2efeb6bc24a
                                                                                                  • Opcode Fuzzy Hash: e8cd69b843b8c736efa562f240f50f2eaade59ab11dbde1654df4e1845fd4471
                                                                                                  • Instruction Fuzzy Hash: 4521C57C7142006BEF25562AD89477EA68B9FC4758F2C8478D90ACB7A4EF26CC42D790
                                                                                                  Function 02891EF8 Relevance: .1, Instructions: 80COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7251c7b61509c569c11e4e52f867093628119a82e4c44de3f9d315ca6751d530
                                                                                                  • Instruction ID: 9e38289e0a50a14ed8aea1f2e2ee87383406a256cf920485e64237198b58b2f3
                                                                                                  • Opcode Fuzzy Hash: 7251c7b61509c569c11e4e52f867093628119a82e4c44de3f9d315ca6751d530
                                                                                                  • Instruction Fuzzy Hash: E3313AB8C0960A8FDF51EFA8C8552EDBFF4BB49310F08456AC408E7255E7305A45CBA2
                                                                                                  Function 02895A68 Relevance: .1, Instructions: 78COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5ce9ed464f6ed8ea6f2bed9aa4b2f83c4faaa3812f10f62f8ce7ee565400df84
                                                                                                  • Instruction ID: 085c7230ef5b685f16d758e4da913338009b1ae2824b066dc3b40076072e657b
                                                                                                  • Opcode Fuzzy Hash: 5ce9ed464f6ed8ea6f2bed9aa4b2f83c4faaa3812f10f62f8ce7ee565400df84
                                                                                                  • Instruction Fuzzy Hash: 2F21D63D7017118FCB1B9A69C4A462EB7A2BF8965170944A9E946CB395CF38DC16CBC0
                                                                                                  Function 02892060 Relevance: .1, Instructions: 77COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 6d699dddf65dde0bd05b0c20f20e39ca95a08826e0ff9682e06803acc54071fd
                                                                                                  • Instruction ID: 05a18592214b782960b6f1c864d7a699a8e19e33517bd8fe88e9cf12c4e23f38
                                                                                                  • Opcode Fuzzy Hash: 6d699dddf65dde0bd05b0c20f20e39ca95a08826e0ff9682e06803acc54071fd
                                                                                                  • Instruction Fuzzy Hash: 68219539A00218AFCF14DF28C840BAE7BB5EB99350B54C519D919DB358DB31EE52CBD1
                                                                                                  Function 027CD044 Relevance: .1, Instructions: 72COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3818700430.00000000027CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 027CD000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_27cd000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 9736db9b30fa0090fcf0595c0b95877c15e99fc50dd7148cc1883657c1c651a1
                                                                                                  • Instruction ID: a23bb5e8da8da03335194ed2e61220ef8964cd31daa54aeef46c970a7bb06ce7
                                                                                                  • Opcode Fuzzy Hash: 9736db9b30fa0090fcf0595c0b95877c15e99fc50dd7148cc1883657c1c651a1
                                                                                                  • Instruction Fuzzy Hash: 8C21B071504204AFDB24DF24D9C4B26BBA5FB88324F34C57DE94A4B252C736D487CA62
                                                                                                  Function 0289215C Relevance: .1, Instructions: 69COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7de7a36569aeb3cdd09f9ae8b6602a84c21151fe3cfe4c43aa197dcdadd90b41
                                                                                                  • Instruction ID: bb8f632aae0cbe3e55a80eb0e76b5eedecdfe68e133f9dc2fd617e201af7ef66
                                                                                                  • Opcode Fuzzy Hash: 7de7a36569aeb3cdd09f9ae8b6602a84c21151fe3cfe4c43aa197dcdadd90b41
                                                                                                  • Instruction Fuzzy Hash: 86115935E0435D9BCF01DBB89C105DEBB70FF89210B248256D625B7251E6316916CBA0
                                                                                                  Function 02894DC1 Relevance: .1, Instructions: 69COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 4ad00a8eabed5e4bb66d770153a28a20dc2c45b81197401a2408bd46948e349d
                                                                                                  • Instruction ID: 98f28d3e33ab8d2d9f4f32ec66339308aa640b2c9dc001b92ca7d0a6e4a47691
                                                                                                  • Opcode Fuzzy Hash: 4ad00a8eabed5e4bb66d770153a28a20dc2c45b81197401a2408bd46948e349d
                                                                                                  • Instruction Fuzzy Hash: 6B21F23D6442499FCB179F68D4547AF3BA6EF88320F0440A9F949CB291CB749C66CB90
                                                                                                  Function 028939ED Relevance: .1, Instructions: 68COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 9567e20025712bcc5a022e910faa332e46f353645d6594f061bfd9fa0e097cc1
                                                                                                  • Instruction ID: 860d7b285b94ae89f67a8ca862cd0b18cd4c66f070cc33a961ed195de4374e85
                                                                                                  • Opcode Fuzzy Hash: 9567e20025712bcc5a022e910faa332e46f353645d6594f061bfd9fa0e097cc1
                                                                                                  • Instruction Fuzzy Hash: 7D318078E41308DFCB48EFA8E59499DBBB2FF49301B20446AE819AB365D731AD05CF50
                                                                                                  Function 065A96F0 Relevance: .1, Instructions: 66COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3826839657.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_65a0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 681e8c2eecb7bc6e826bedd19812ec4c8c60f3c2a27a5d8893b0f8e2144c15b9
                                                                                                  • Instruction ID: e8c03fbabc210a9c307bb89980c0485d950f4f7b309c75ecddef5d5cb23074fd
                                                                                                  • Opcode Fuzzy Hash: 681e8c2eecb7bc6e826bedd19812ec4c8c60f3c2a27a5d8893b0f8e2144c15b9
                                                                                                  • Instruction Fuzzy Hash: 25112B367043545FDB0A5EB458193AE3BB7DFC8350B55442EE509CB385DE344D1183E1
                                                                                                  Function 0289E208 Relevance: .1, Instructions: 63COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f5947cd43668a7b828c00d3925cd8b0886a359db6f171dd9ca3d2f2d6f6b45ce
                                                                                                  • Instruction ID: 5433d7f599ecfe0243ac0d95ef97275e49a3a0040691eca9aee92dea96a127ab
                                                                                                  • Opcode Fuzzy Hash: f5947cd43668a7b828c00d3925cd8b0886a359db6f171dd9ca3d2f2d6f6b45ce
                                                                                                  • Instruction Fuzzy Hash: 4D215E78D002099FDB45EFB8D55479EBFF2FF45300F0485AAD0489B266E7705A468B91
                                                                                                  Function 065AE0C0 Relevance: .1, Instructions: 62COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3826839657.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_65a0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 812da0957d496d0ec5b0dbc22d4cc57ca639b8fd8fd3487e8d6d95d056bbeebb
                                                                                                  • Instruction ID: b42e4a7a5267daeb1bb8b79f1cec22e2f88694fa2731f2c4140006bd2382db67
                                                                                                  • Opcode Fuzzy Hash: 812da0957d496d0ec5b0dbc22d4cc57ca639b8fd8fd3487e8d6d95d056bbeebb
                                                                                                  • Instruction Fuzzy Hash: 6111E5347052149FE7060B7998546BBBBAFAFCA210B14487AE506C72D5DA348C0683B0
                                                                                                  Function 0289D61F Relevance: .1, Instructions: 62COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 89ddd8781b5120f9f7c7dd47f631671fe45e2fc44fb55fc424fca5e8a4c89610
                                                                                                  • Instruction ID: d3f63ca8a78735b72031b87e10ebaf7964d24ff95521583c124dbb0247b13959
                                                                                                  • Opcode Fuzzy Hash: 89ddd8781b5120f9f7c7dd47f631671fe45e2fc44fb55fc424fca5e8a4c89610
                                                                                                  • Instruction Fuzzy Hash: 08115979D042488BEF09DFBA94542EEBBF2AFCE300F08C069C458B7266D7309416CE54
                                                                                                  Function 02895A78 Relevance: .1, Instructions: 59COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2765520739fe87ad5ffbfd6a536f550c0ca6fc04bac95e54e1caa6e126211a57
                                                                                                  • Instruction ID: d007fddb0ae51272cbbebd484d0003e0724276933ee6cf73e9cf45b2a5b71c58
                                                                                                  • Opcode Fuzzy Hash: 2765520739fe87ad5ffbfd6a536f550c0ca6fc04bac95e54e1caa6e126211a57
                                                                                                  • Instruction Fuzzy Hash: 9911E53D7006119FDB1B9A2AD8A462EB796BFC465534904ADE90ACB390DF38DC128BC0
                                                                                                  Function 065A2670 Relevance: .1, Instructions: 55COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3826839657.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_65a0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 09737bb4f6e0acdcfcd2e2577ce9ac0dc3b3029a4db51a240583a7af99aa7826
                                                                                                  • Instruction ID: 9e066fc34be20d7174b687e1f55b44626c3d0334bd8345562fccce34094c5ad7
                                                                                                  • Opcode Fuzzy Hash: 09737bb4f6e0acdcfcd2e2577ce9ac0dc3b3029a4db51a240583a7af99aa7826
                                                                                                  • Instruction Fuzzy Hash: 5211A175B002118FC754DF78E508A5E7BF8FF89661B100469E405CB311EB31DD158FA1
                                                                                                  Function 065A9328 Relevance: .1, Instructions: 55COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3826839657.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_65a0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: a248df3244bad5cfa6c447cfeda1d7b7de1f11d64b4fc4debfb61c9c8c627479
                                                                                                  • Instruction ID: 070e75124b368868d178646d88151f9b9abd417b09b421488e0a29b2f9c9d727
                                                                                                  • Opcode Fuzzy Hash: a248df3244bad5cfa6c447cfeda1d7b7de1f11d64b4fc4debfb61c9c8c627479
                                                                                                  • Instruction Fuzzy Hash: 9C1114B68003499FDB10CF99C945BDEBBF5EB48324F14841AE918A7650C339A950DFA5
                                                                                                  Function 02891F61 Relevance: .1, Instructions: 55COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ed77cdc5a490b2bf7bceca3729a7be6d54e59677b8b394928bb0fa381f4c82d4
                                                                                                  • Instruction ID: 50312457cef48e9466e22a723711ec6dc5cb34d840bf25fa0935f07e348672d5
                                                                                                  • Opcode Fuzzy Hash: ed77cdc5a490b2bf7bceca3729a7be6d54e59677b8b394928bb0fa381f4c82d4
                                                                                                  • Instruction Fuzzy Hash: B121DBB8C0520A8FCB41EFA8D8555EEBFF4BB09300F14456AD809B3255EB305A55CBA1
                                                                                                  Function 065A8EC1 Relevance: .1, Instructions: 54COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3826839657.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_65a0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 1b74b28193b50ffd8c843360ccd15e5dd8b6fb731aef8ed8b6eec6f64e101d18
                                                                                                  • Instruction ID: 5661171ff7e6151d97bfa8ab64e119d7563b2e931fcd8004a566e3b844f85a67
                                                                                                  • Opcode Fuzzy Hash: 1b74b28193b50ffd8c843360ccd15e5dd8b6fb731aef8ed8b6eec6f64e101d18
                                                                                                  • Instruction Fuzzy Hash: 11110074F4024A8FEB00DFE8D954BDEBBF6BB48311F448055E818AB345E73099428F51
                                                                                                  Function 065A9999 Relevance: .1, Instructions: 54COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3826839657.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_65a0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 806f441b1b1fcc50fa9bd2bc7f957822e37ed4d505b7121884e2b7b779d676ab
                                                                                                  • Instruction ID: e3ea95f0930e2b4fc56929ef71e1c8091633fb48a2ff215834f6c08398d203e7
                                                                                                  • Opcode Fuzzy Hash: 806f441b1b1fcc50fa9bd2bc7f957822e37ed4d505b7121884e2b7b779d676ab
                                                                                                  • Instruction Fuzzy Hash: D31142B68002499FDB10CF99C945BEEBBF5EF48320F24841AE918A7250C339A590CFA5
                                                                                                  Function 0289E218 Relevance: .1, Instructions: 54COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: def4670674b536ea2b62fc545f9eac2060f9e98bca94c9c638258723b0c293ac
                                                                                                  • Instruction ID: 4714b340af889884eda396b94d9e3ad7eb4f6deb5fcfb7f4f14f3b50d7aeb4db
                                                                                                  • Opcode Fuzzy Hash: def4670674b536ea2b62fc545f9eac2060f9e98bca94c9c638258723b0c293ac
                                                                                                  • Instruction Fuzzy Hash: D0113778E002099FEB45EFB8D55479EBBF2FB44304F14C5AAC018AB265EB745A068B91
                                                                                                  Function 027CD03F Relevance: .1, Instructions: 53COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3818700430.00000000027CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 027CD000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_27cd000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e020fc52024e7c20771691695641137c464337d5c785334117d46b726f4046fe
                                                                                                  • Instruction ID: 06be260e76f9b96aa4f652c853d6bc240e193e556bc26246bd7f9c2f4c9b1ab9
                                                                                                  • Opcode Fuzzy Hash: e020fc52024e7c20771691695641137c464337d5c785334117d46b726f4046fe
                                                                                                  • Instruction Fuzzy Hash: F9118E75504244DFCB25CF24D5C4B15BBA1FB48324F34C6ADD8494B656C33AD44ACF51
                                                                                                  Function 0289560F Relevance: .0, Instructions: 49COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b927bb364f6fd767e02d2dde1f20aaaf69f8345a1ecfc04aac1558f8f301298d
                                                                                                  • Instruction ID: 93d25f2d2463debddb14833a9186dd52b7ddb80ab39b4dd88f80a6e73687c250
                                                                                                  • Opcode Fuzzy Hash: b927bb364f6fd767e02d2dde1f20aaaf69f8345a1ecfc04aac1558f8f301298d
                                                                                                  • Instruction Fuzzy Hash: 7201B5BAB041146FCF079E549814AEF3BA7DFC8751F58806EF909DB290CA7698128B91
                                                                                                  Function 065A25E8 Relevance: .0, Instructions: 37COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3826839657.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_65a0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 8077ccb3d3b9ce5c33e14debc21cb65506dbf7d45d6cf79258d0c40631e2b726
                                                                                                  • Instruction ID: c89dfd84459ac5392f6cd9571ee2d51678058999a92e8419243f044d29e49d42
                                                                                                  • Opcode Fuzzy Hash: 8077ccb3d3b9ce5c33e14debc21cb65506dbf7d45d6cf79258d0c40631e2b726
                                                                                                  • Instruction Fuzzy Hash: F501E870E013198FDF44EFB9C8016AEBBF5BF48201F14856AD415E7254EB349A018F90
                                                                                                  Function 0289DF18 Relevance: .0, Instructions: 37COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b15c90dbd1fa7c11ee672d1aba37ce73eb18cfcc0a3cd146718cd3eb02b8528e
                                                                                                  • Instruction ID: 9e6eeb79b02f6ff368145c7d3e79ef29ccc06f9b78cabbf8b78f889e059be083
                                                                                                  • Opcode Fuzzy Hash: b15c90dbd1fa7c11ee672d1aba37ce73eb18cfcc0a3cd146718cd3eb02b8528e
                                                                                                  • Instruction Fuzzy Hash: 24F0EC799442458FCB049AB9681A3FA73B69BCB314F049428D604E3151C771D52F8595
                                                                                                  Function 065A9760 Relevance: .0, Instructions: 35COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3826839657.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_65a0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 1b7e7b1d9e973d4a5d4248fce1ed8a1b86117bec6dc03b3f0ee8b97f57c79e81
                                                                                                  • Instruction ID: e3088a970d5ef77548c7505fc693c996a5ca2b28ef5e3bdcde3f7424adaadbc1
                                                                                                  • Opcode Fuzzy Hash: 1b7e7b1d9e973d4a5d4248fce1ed8a1b86117bec6dc03b3f0ee8b97f57c79e81
                                                                                                  • Instruction Fuzzy Hash: DCF089367002196F8F065E989C449EF7FABEFC8350B40842DFA0987350DE719C2157B5
                                                                                                  Function 0289D459 Relevance: .0, Instructions: 35COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: a4c634ed6e7b974c97731e4df0995473a17b57b06cac1f5ed2599fa1f9562687
                                                                                                  • Instruction ID: 206b1a21a6c871eeadacb56b1d3d13c0736e24c658f96cba8ee1dcaaa4f801bf
                                                                                                  • Opcode Fuzzy Hash: a4c634ed6e7b974c97731e4df0995473a17b57b06cac1f5ed2599fa1f9562687
                                                                                                  • Instruction Fuzzy Hash: 2EE02B38C042488BDB049EB9A81A2FAB7B79BCB304F44D468D604F7161C775B52B8655
                                                                                                  Function 0289D4C4 Relevance: .0, Instructions: 27COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c68888076c5f2fcc476a32c85a4c0d8162bc96b90e2f6977e7431630704c8e03
                                                                                                  • Instruction ID: af59a93c4e97016bcd57b278a9230c30599eba9dd55de792d1b826bab37b55a8
                                                                                                  • Opcode Fuzzy Hash: c68888076c5f2fcc476a32c85a4c0d8162bc96b90e2f6977e7431630704c8e03
                                                                                                  • Instruction Fuzzy Hash: 2EE0D87EC081408BDB059BA254160B97B70DDD3149B4CD0CBC049DB121D258E206D715
                                                                                                  Function 02892010 Relevance: .0, Instructions: 25COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 957f2ec1540e0499ca441381bb92c8ba98543ab88bb83a1e694f9c430ce5364b
                                                                                                  • Instruction ID: 67fb7c6cc30d1678d64c5483c349a5d095d6b6de7517abf1f870b88ccf48f973
                                                                                                  • Opcode Fuzzy Hash: 957f2ec1540e0499ca441381bb92c8ba98543ab88bb83a1e694f9c430ce5364b
                                                                                                  • Instruction Fuzzy Hash: A7E06830E183A30FC702A77C9C140EEBF319EC3310B1A46AAD090AB082DB30591BC391
                                                                                                  Function 02892020 Relevance: .0, Instructions: 19COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: cd5a918ab688154d8ab7b24d59869ead82d1cd68784595906fb35959f2abfd76
                                                                                                  • Instruction ID: 01bee33d49dbe891f419d92e91c8902dac4829102c03bb42200e91b9da9e6017
                                                                                                  • Opcode Fuzzy Hash: cd5a918ab688154d8ab7b24d59869ead82d1cd68784595906fb35959f2abfd76
                                                                                                  • Instruction Fuzzy Hash: 46D05B31D2033A57CB10E7A5DC044DFFB38EED5321B514666D51437144FB706659C6E1
                                                                                                  Function 02898270 Relevance: .0, Instructions: 18COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                                                                                  • Instruction ID: a1e2264b36829093b1d595b46a0f7075b01ad8458ee3d34b9776fb6037e7bcc9
                                                                                                  • Opcode Fuzzy Hash: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                                                                                  • Instruction Fuzzy Hash: 6DC08C3B20C5282EAA2410CFBC45FA7BB8CE3C26B8E2D0137F61CC320098429C8041F4
                                                                                                  Function 0289A71D Relevance: .0, Instructions: 16COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0d0794764e8bb29ebb2747e68cc937a111e59c648b06d6958e932a53cc758739
                                                                                                  • Instruction ID: 76fac9c44710cee28cbcc3d5091e1c53ac52d35c352ad255b202bedfe5d6608f
                                                                                                  • Opcode Fuzzy Hash: 0d0794764e8bb29ebb2747e68cc937a111e59c648b06d6958e932a53cc758739
                                                                                                  • Instruction Fuzzy Hash: 62D0173BB400089FCB048F88E8408DDB7B6FB8C221B008016E911A3260C6319821CB90
                                                                                                  Function 02895EB0 Relevance: .0, Instructions: 16COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 3c9fb6907c494f0375b71cb7004fa29b90e0a88f7561f6d0ea0cde1d07bcd0cd
                                                                                                  • Instruction ID: 15d6bed620be4fe8d5a6afd4ee034f45fd82aebe683cf3bae80ddafd6f9a4e20
                                                                                                  • Opcode Fuzzy Hash: 3c9fb6907c494f0375b71cb7004fa29b90e0a88f7561f6d0ea0cde1d07bcd0cd
                                                                                                  • Instruction Fuzzy Hash: 89D02B349083491BD727F734E8544443769AFC0204F4000E5B4444E02BFFB518568BB2
                                                                                                  Function 0289FBFB Relevance: .0, Instructions: 15COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 54db9ee94052efbad95eae75868177ab561e520b55dee53bbd8c721bf6b54a8a
                                                                                                  • Instruction ID: be5b0ce534599b6b3b92ddeadacca8a355844bf916cdc9e94a3105d4eac4f9e5
                                                                                                  • Opcode Fuzzy Hash: 54db9ee94052efbad95eae75868177ab561e520b55dee53bbd8c721bf6b54a8a
                                                                                                  • Instruction Fuzzy Hash: A2D0677DD4411C9BDF20DF58DA442DCB7B0EB85304F0414D6D909F2200D6306A508F22
                                                                                                  Function 02895EC0 Relevance: .0, Instructions: 12COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: bc7f4cf8d352f70e1ff6cbc0b154abf24f940c9988516193b07fd4a9dba5d429
                                                                                                  • Instruction ID: 48576b0f2dcab49d024411d1945b68748d354222d222360dbd6299b0b3a3539e
                                                                                                  • Opcode Fuzzy Hash: bc7f4cf8d352f70e1ff6cbc0b154abf24f940c9988516193b07fd4a9dba5d429
                                                                                                  • Instruction Fuzzy Hash: 6CC0123490030947D55AF771E944595339EEEC0615F404550B0490D12ABFB5185646B1

                                                                                                  Non-executed Functions

                                                                                                  Function 065A2807 Relevance: 12.9, Strings: 10, Instructions: 388COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3826839657.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_65a0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: "$Hq$PHq$PHq$PHq$PHq$PHq$PHq$PHq$PHq
                                                                                                  • API String ID: 0-2204202469
                                                                                                  • Opcode ID: cbbe30a3f20039abc84d53a4cd13afd5be2e14be13ddb26b5f9190b9f96bc3f3
                                                                                                  • Instruction ID: 449e260aa0c13b9b37ba9a9a06fcc62a838ff41b5c966554bb3ece996597ac24
                                                                                                  • Opcode Fuzzy Hash: cbbe30a3f20039abc84d53a4cd13afd5be2e14be13ddb26b5f9190b9f96bc3f3
                                                                                                  • Instruction Fuzzy Hash: 0412C074E003188FEB68DF65D984B9DBBB2BF89300F1481A9D409AB365DB319E85CF50
                                                                                                  Function 028960A0 Relevance: 5.0, Strings: 4, Instructions: 49COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.3819095247.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2890000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: \;q$\;q$\;q$\;q
                                                                                                  • API String ID: 0-2933265366
                                                                                                  • Opcode ID: e735a9badda961d0973f77db9af6bf101958009ec03837cbc9ac244c9f4db24c
                                                                                                  • Instruction ID: 517871b965e8bb5edb05a47f0837d9cb4dfb802f0705eaa63360560c74890929
                                                                                                  • Opcode Fuzzy Hash: e735a9badda961d0973f77db9af6bf101958009ec03837cbc9ac244c9f4db24c
                                                                                                  • Instruction Fuzzy Hash: 3101753DB001298FCF248A2DC591A2573EAAF8866471D4166D407DF371EE71DC41C750

                                                                                                  Executed Functions

                                                                                                  Function 0309CAE0 Relevance: 6.0, Strings: 4, Instructions: 983COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1710750196.0000000003090000.00000040.00000800.00020000.00000000.sdmp, Offset: 03090000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_3090000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: TJq$Teq$pq$xbq
                                                                                                  • API String ID: 0-2466396065
                                                                                                  • Opcode ID: af7ac936f00df9553aec9281da6f6854dba82b1c1b150df3c74571cef8b092f6
                                                                                                  • Instruction ID: 3211bdcb6e470587b3254427ca0e8ca6b64ed5f4c5b972ad37f606a71d7f28bc
                                                                                                  • Opcode Fuzzy Hash: af7ac936f00df9553aec9281da6f6854dba82b1c1b150df3c74571cef8b092f6
                                                                                                  • Instruction Fuzzy Hash: ECA2B275E01228CFDB64CF69C984A99BBB2FF89300F1581E9D509AB365DB319E81DF40
                                                                                                  Function 05C7D9A8 Relevance: 3.1, Strings: 2, Instructions: 615COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: fq$8
                                                                                                  • API String ID: 0-1651916650
                                                                                                  • Opcode ID: 9ff05220ed1efabd373afd66f0e27f05bb5694ac505770f5fb071ee86dd32ff6
                                                                                                  • Instruction ID: 374ea1e46cd791d040d99fed122ff356c7b4106f1f8ac54f1a3ec89997c09907
                                                                                                  • Opcode Fuzzy Hash: 9ff05220ed1efabd373afd66f0e27f05bb5694ac505770f5fb071ee86dd32ff6
                                                                                                  • Instruction Fuzzy Hash: 2852C775E002298FDB64DF69D894AD9B7B2FF89300F5085EAD909A7354DB30AE81CF50
                                                                                                  Function 05C7D998 Relevance: 2.7, Strings: 2, Instructions: 167COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: fq$h
                                                                                                  • API String ID: 0-152923806
                                                                                                  • Opcode ID: 0249a142acb8c4262ff69763f19614d92e743e22707362e5438cf0a8ee3e0f24
                                                                                                  • Instruction ID: 67c1b4ded628c7a2b38fd1051ffcca83f34edf760f64db87c5bbd579a08b7391
                                                                                                  • Opcode Fuzzy Hash: 0249a142acb8c4262ff69763f19614d92e743e22707362e5438cf0a8ee3e0f24
                                                                                                  • Instruction Fuzzy Hash: 69711475E006298FEB64DF69C854BD9F7B2FF89300F0082AAD909A7254DB306E85CF50
                                                                                                  Function 03098A18 Relevance: 2.7, Strings: 2, Instructions: 165COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1710750196.0000000003090000.00000040.00000800.00020000.00000000.sdmp, Offset: 03090000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_3090000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 4'q$4'q
                                                                                                  • API String ID: 0-1467158625
                                                                                                  • Opcode ID: 17758d14c8fe6354f89422c8ebca6fe20c537f114ed0df4889ac4f80ddce06f5
                                                                                                  • Instruction ID: e7dce833578d5ee5f62b193a98d475ae5ec18531e3ab6454ef87ea0825d813f1
                                                                                                  • Opcode Fuzzy Hash: 17758d14c8fe6354f89422c8ebca6fe20c537f114ed0df4889ac4f80ddce06f5
                                                                                                  • Instruction Fuzzy Hash: 22712971E046099FEB58DF6AE884B9EBBF7FFC8311F04C129D404AB268DB3459068B51
                                                                                                  Function 03098A1D Relevance: 2.7, Strings: 2, Instructions: 163COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1710750196.0000000003090000.00000040.00000800.00020000.00000000.sdmp, Offset: 03090000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_3090000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 4'q$4'q
                                                                                                  • API String ID: 0-1467158625
                                                                                                  • Opcode ID: 35fc521d96f6f2e1a9c840516a10b1fc17caddc3e44d23d3004672cd4d2f606d
                                                                                                  • Instruction ID: 17d221326bacbae4c9a6c4bb144698ff1379341189cd96fe8930d6c7652c00d2
                                                                                                  • Opcode Fuzzy Hash: 35fc521d96f6f2e1a9c840516a10b1fc17caddc3e44d23d3004672cd4d2f606d
                                                                                                  • Instruction Fuzzy Hash: C9611A71E046099FE758DF6AE885B9EBBF3FFC8311F04C129D405AB268DB3459068B51
                                                                                                  Function 05C70931 Relevance: .2, Instructions: 248COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 476049f6fb531618464d79dd97f658e0f97ab47bb432b14c4e5ca45d21bbc964
                                                                                                  • Instruction ID: 82cf7c2f26f102e854d3437f6603fb9110c3cfa6e1448e1f6cf48b37fec686e9
                                                                                                  • Opcode Fuzzy Hash: 476049f6fb531618464d79dd97f658e0f97ab47bb432b14c4e5ca45d21bbc964
                                                                                                  • Instruction Fuzzy Hash: 8AA10374A05208DFDB14CF69E488BADBBF2FB89315F1090AAD809B7690DB745E85CF40
                                                                                                  Function 0309E3E0 Relevance: 6.6, Strings: 5, Instructions: 346COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1710750196.0000000003090000.00000040.00000800.00020000.00000000.sdmp, Offset: 03090000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_3090000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: (q$(q$(q$(q$(q
                                                                                                  • API String ID: 0-3203009404
                                                                                                  • Opcode ID: 4d77dc69ef62aad6897f94a4c64ab4424c58a6c8d02ce549afcf692400f6b777
                                                                                                  • Instruction ID: 492db90977835d378dc7014a15df46d91614110a383e67077fc64ab43ab177d3
                                                                                                  • Opcode Fuzzy Hash: 4d77dc69ef62aad6897f94a4c64ab4424c58a6c8d02ce549afcf692400f6b777
                                                                                                  • Instruction Fuzzy Hash: 60B1D1327012118FEB54DF69E844AAEBBE6EFC4611B28406AE905CB391CF35DC06C7E1
                                                                                                  Function 05C7B086 Relevance: 3.8, Strings: 3, Instructions: 73COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: +$9$=
                                                                                                  • API String ID: 0-3713639113
                                                                                                  • Opcode ID: 66cc7a984ee2f9de8839d7c951d3389952656c07c6189ba46a7658a564425af1
                                                                                                  • Instruction ID: 6585de59d9c8705b54c70025190873f29e322ab4d166d9cb2e78ca9e83c7107b
                                                                                                  • Opcode Fuzzy Hash: 66cc7a984ee2f9de8839d7c951d3389952656c07c6189ba46a7658a564425af1
                                                                                                  • Instruction Fuzzy Hash: CC31DF74A05268CFDB61CFA8D888BDCBBB2FB88315F1084EAD909A7640C7755E85CF10
                                                                                                  Function 05C7ACB3 Relevance: 3.8, Strings: 3, Instructions: 61COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: +$,$D
                                                                                                  • API String ID: 0-4000123594
                                                                                                  • Opcode ID: 15660d742d8bc6ecca1db0313980d1401752d4f5f92a65b3f6a5fb2b37774300
                                                                                                  • Instruction ID: ed3104b1eb35fc46122c0f06830a316382e76b951c8e85e44a313d383e753ef2
                                                                                                  • Opcode Fuzzy Hash: 15660d742d8bc6ecca1db0313980d1401752d4f5f92a65b3f6a5fb2b37774300
                                                                                                  • Instruction Fuzzy Hash: F921DF74A00259DFDB60DF58E988BEDB7B2EB88315F0084EAD909A7640D7359E84CF14
                                                                                                  Function 05C7A76C Relevance: 3.8, Strings: 3, Instructions: 59COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: +$,$D
                                                                                                  • API String ID: 0-4000123594
                                                                                                  • Opcode ID: 7f56001df5182d995908ce646820739331ee7381c8110cb0ed5becc8ded6edbf
                                                                                                  • Instruction ID: 1636764899582908c8d6f09d669b1a6aa2475c25a7d2b15e6518320140c4968a
                                                                                                  • Opcode Fuzzy Hash: 7f56001df5182d995908ce646820739331ee7381c8110cb0ed5becc8ded6edbf
                                                                                                  • Instruction Fuzzy Hash: 4321CF74A05258DFDB60CF98E888BDDB7F2EB49315F0084EAD919A7640C7759E85CF04
                                                                                                  Function 0309FAD0 Relevance: 2.8, Strings: 2, Instructions: 342COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1710750196.0000000003090000.00000040.00000800.00020000.00000000.sdmp, Offset: 03090000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_3090000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: (q$d
                                                                                                  • API String ID: 0-1617062230
                                                                                                  • Opcode ID: 63e14ce8deb9ce293516b1f20b1920030cd29218c7d787686e17d9faa3320533
                                                                                                  • Instruction ID: d21108e987cf838e86fc793ceca704b649b1cad26138d35016259880d6738653
                                                                                                  • Opcode Fuzzy Hash: 63e14ce8deb9ce293516b1f20b1920030cd29218c7d787686e17d9faa3320533
                                                                                                  • Instruction Fuzzy Hash: 6AD16C35601606CFDB24DF28D484AAAB7F6FF88311B19896AD55ACB751DB30FC42CB90
                                                                                                  Function 05C7B1CD Relevance: 2.6, Strings: 2, Instructions: 83COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: ($+
                                                                                                  • API String ID: 0-2487998124
                                                                                                  • Opcode ID: 07cb7ca0e4f94613818c0f98e27db019fd4aa112ff5d2ce1f154b185a778074d
                                                                                                  • Instruction ID: ea906a33930464d4350bfb0e39b632f20daea8aea4832538bdfb2082cd61e22d
                                                                                                  • Opcode Fuzzy Hash: 07cb7ca0e4f94613818c0f98e27db019fd4aa112ff5d2ce1f154b185a778074d
                                                                                                  • Instruction Fuzzy Hash: 5C41C174A05268CFDB60CF68D948BDDBBB2FB89305F0084EAD909A7240C7755E85CF00
                                                                                                  Function 05C7A494 Relevance: 2.6, Strings: 2, Instructions: 54COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: +$/
                                                                                                  • API String ID: 0-2439032044
                                                                                                  • Opcode ID: ba588fed01f086f6d7cb8f8a5216fe733919f638c9bfa3ccc691670c0b2b49e4
                                                                                                  • Instruction ID: 116ccd28ebba65092366fb71f00101a56b77ade8b2ac6f6a871ecd0250dc6806
                                                                                                  • Opcode Fuzzy Hash: ba588fed01f086f6d7cb8f8a5216fe733919f638c9bfa3ccc691670c0b2b49e4
                                                                                                  • Instruction Fuzzy Hash: 4D21EF74A0025ADFCB21CF98D848BDDB7B2FB89319F0085AAE919B3650C7756AC5CF40
                                                                                                  Function 06D00347 Relevance: 1.3, Strings: 1, Instructions: 83COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1725263223.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_6d00000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: T
                                                                                                  • API String ID: 0-3187964512
                                                                                                  • Opcode ID: ff0c07dbc677d71cad41b60ee52fe30d15f387141c41adc5eb77beb9c0b6278b
                                                                                                  • Instruction ID: c5041f845619638ddf62de4b2af59c850fa630067a64b28691f2de18cee0f1c2
                                                                                                  • Opcode Fuzzy Hash: ff0c07dbc677d71cad41b60ee52fe30d15f387141c41adc5eb77beb9c0b6278b
                                                                                                  • Instruction Fuzzy Hash: F7410578E08229CFDB64DF58C998BA9BBF1FF89305F0041E6D549A7281C7745E808F56
                                                                                                  Function 05C7D420 Relevance: 1.3, Strings: 1, Instructions: 77COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: ILuV
                                                                                                  • API String ID: 0-1855505789
                                                                                                  • Opcode ID: f89b0ffa928b7da7478312f38bf01684ca130ac962337b18359de2f2a7056f88
                                                                                                  • Instruction ID: a5f42169fc19dc6568bba3889f1717d9018aa5b7ca691926197e9f7532835d09
                                                                                                  • Opcode Fuzzy Hash: f89b0ffa928b7da7478312f38bf01684ca130ac962337b18359de2f2a7056f88
                                                                                                  • Instruction Fuzzy Hash: ED214B74E04209DFDB44CFAAE844AAEB7F2FF89311F108565D41AAB754D734AA41CF90
                                                                                                  Function 05C7D430 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: ILuV
                                                                                                  • API String ID: 0-1855505789
                                                                                                  • Opcode ID: 03d90b6a202297167e87a39b73c9f49ab600c90a5638a1e86c5129345467082e
                                                                                                  • Instruction ID: 696b4772f398a58e507148324463c4c60f3a789f90f1ff04f48e77ad3374008b
                                                                                                  • Opcode Fuzzy Hash: 03d90b6a202297167e87a39b73c9f49ab600c90a5638a1e86c5129345467082e
                                                                                                  • Instruction Fuzzy Hash: DB213970E04209DFDB44CFAAE844AAEB7F2FF88311F10C569D41AAB654E735AA41CF50
                                                                                                  Function 05C7AB2E Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: +
                                                                                                  • API String ID: 0-2126386893
                                                                                                  • Opcode ID: 2e2b45556d8e519c77e2d7b44b77f30c3440ae6694ed5582f85f5dc61eb8c582
                                                                                                  • Instruction ID: 61db137c29a27435e09c512527ec4e615e0619b337666c110a61a56484405872
                                                                                                  • Opcode Fuzzy Hash: 2e2b45556d8e519c77e2d7b44b77f30c3440ae6694ed5582f85f5dc61eb8c582
                                                                                                  • Instruction Fuzzy Hash: 1E319D74A01258CFDBA4CF68D888BDDB7B2FB88301F4044EAD909A7290C7355E84CF10
                                                                                                  Function 05C7B5D5 Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: +
                                                                                                  • API String ID: 0-2126386893
                                                                                                  • Opcode ID: 88ffb57d102882b54d2af6efcce460b1c7b1cbe62b9d2d6ffd8c3b39124b6de1
                                                                                                  • Instruction ID: 0082cdbed0f2887c115a542c7e4c1b889391ab276b8df000f14d61739c8c5f4b
                                                                                                  • Opcode Fuzzy Hash: 88ffb57d102882b54d2af6efcce460b1c7b1cbe62b9d2d6ffd8c3b39124b6de1
                                                                                                  • Instruction Fuzzy Hash: A9317B74A05258CFDB60CF58D888BDDBBB2FB89315F0085EAD909A7690C7755E84CF10
                                                                                                  Function 05C7A363 Relevance: 1.3, Strings: 1, Instructions: 65COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: +
                                                                                                  • API String ID: 0-2126386893
                                                                                                  • Opcode ID: 9229bdc8f4b7b89267f40a68264875ac883e7992612f8b76c71be4b16a053709
                                                                                                  • Instruction ID: aa685a3631bb1b29336c6719768003fd2ca891f833608e8d9cbbacc14f532d7d
                                                                                                  • Opcode Fuzzy Hash: 9229bdc8f4b7b89267f40a68264875ac883e7992612f8b76c71be4b16a053709
                                                                                                  • Instruction Fuzzy Hash: 19318974A05258CFDB60CF68D888BDDBBB2FB88315F0084EAE909A7690C7755E848F00
                                                                                                  Function 05C7A95B Relevance: 1.3, Strings: 1, Instructions: 56COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: !
                                                                                                  • API String ID: 0-2657877971
                                                                                                  • Opcode ID: 983578704316c21219240e67d5980a433c8484e88b1dd72e80f06edd4944e755
                                                                                                  • Instruction ID: 514f4416a0026963ba9c043304e6703f669ff56d7260fef5880729b82465c9ff
                                                                                                  • Opcode Fuzzy Hash: 983578704316c21219240e67d5980a433c8484e88b1dd72e80f06edd4944e755
                                                                                                  • Instruction Fuzzy Hash: 6821C374A00258DFDB54DFA4DC48BDDBBB2EB89306F1080A9D509AB384DB345E858F00
                                                                                                  Function 05C7AEBD Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: A
                                                                                                  • API String ID: 0-3554254475
                                                                                                  • Opcode ID: 11ee44e8c8cb3b376d1ac1b4d6ff61006f3ed28330de118d0493859d90ad76fc
                                                                                                  • Instruction ID: eb6e901f4ccba5432dcf4141cf06b12bf337eaea887d27874ab6ed6ed38e15b8
                                                                                                  • Opcode Fuzzy Hash: 11ee44e8c8cb3b376d1ac1b4d6ff61006f3ed28330de118d0493859d90ad76fc
                                                                                                  • Instruction Fuzzy Hash: 0B111674A002198FDB54DF64C888BADBBB2FB88305F1081AAD919A7385CB745E828F00
                                                                                                  Function 05C7A28D Relevance: 1.3, Strings: 1, Instructions: 42COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 4
                                                                                                  • API String ID: 0-4088798008
                                                                                                  • Opcode ID: 7decfab61bed06dcbf1922e875f061d13560858bea71d42f5ce3e9043d9f8f0f
                                                                                                  • Instruction ID: 4871f05c5205e0905b36e8aa169486cf81c09450f5c98d87963c29353b50c60e
                                                                                                  • Opcode Fuzzy Hash: 7decfab61bed06dcbf1922e875f061d13560858bea71d42f5ce3e9043d9f8f0f
                                                                                                  • Instruction Fuzzy Hash: 94119AB89052298FDB60DF21C988BEDBBB1FB58305F1082E9C859A3290DB745AC5DF40
                                                                                                  Function 06D00445 Relevance: 1.3, Strings: 1, Instructions: 35COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1725263223.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_6d00000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 5
                                                                                                  • API String ID: 0-2226203566
                                                                                                  • Opcode ID: 4b2010cbe0a9a4ce91bf5a04a3b6a9c50960a1706623b7f17eb3fc7cc3daad37
                                                                                                  • Instruction ID: 870ed9b5db686766e559cc468507320b5e6a948c3adf6555b33c0da6a97e2532
                                                                                                  • Opcode Fuzzy Hash: 4b2010cbe0a9a4ce91bf5a04a3b6a9c50960a1706623b7f17eb3fc7cc3daad37
                                                                                                  • Instruction Fuzzy Hash: 76119378A052298FCB65DF58D888A99B7F1FB89300F1491E5E94DA3784CB345E81CF51
                                                                                                  Function 05C7AA27 Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: E
                                                                                                  • API String ID: 0-3568589458
                                                                                                  • Opcode ID: 46a01ebc2cb117c02abdeb5d01dded216bd7e29f08b81934ab01f8e9353b2cac
                                                                                                  • Instruction ID: 42ac2a01589b3b37a9febe5d75f41a4130202f2e4d8d90b5f1f970e2d436abdf
                                                                                                  • Opcode Fuzzy Hash: 46a01ebc2cb117c02abdeb5d01dded216bd7e29f08b81934ab01f8e9353b2cac
                                                                                                  • Instruction Fuzzy Hash: C101E874A02218DFDB64DF64D998B9DBBB2FB88301F1041E9E509A7384C7785E81CF00
                                                                                                  Function 06D00EA3 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1725263223.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_6d00000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 6
                                                                                                  • API String ID: 0-498629140
                                                                                                  • Opcode ID: 74e7ef58b304ea61cb45e93d16c78391891d9e72d723df48050e45359dc00413
                                                                                                  • Instruction ID: fb161620b81ec36d1078401ca31f65ab41bb875078312db57fe24e6eedb4f991
                                                                                                  • Opcode Fuzzy Hash: 74e7ef58b304ea61cb45e93d16c78391891d9e72d723df48050e45359dc00413
                                                                                                  • Instruction Fuzzy Hash: 2CF01778A091158FD765DF68C898A9AB7F2FBC9304F0081E9E50DE3384CB349E818F11
                                                                                                  Function 05C77E48 Relevance: .3, Instructions: 317COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 38a3beca21dc7f770a82228239d1d7478c1e1ad4c56338365509ffe7e50047ef
                                                                                                  • Instruction ID: f7a4992641c3d640890ad65f6ea789ab171282e343911f00b566ec676aff4f42
                                                                                                  • Opcode Fuzzy Hash: 38a3beca21dc7f770a82228239d1d7478c1e1ad4c56338365509ffe7e50047ef
                                                                                                  • Instruction Fuzzy Hash: 60E12574E05218CFDB58DF69E888BADBBB2FB89305F1080A9D409A7794DB345E85CF11
                                                                                                  Function 05C77E39 Relevance: .3, Instructions: 307COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 9dffbe05b95e0eb07d26fb5b9f2296a576456a9ddd61c61188112b4be9b85e1c
                                                                                                  • Instruction ID: bcc4b30252596b9292cf54696a2c2c472a3c6805434ed81300df068cbfae026d
                                                                                                  • Opcode Fuzzy Hash: 9dffbe05b95e0eb07d26fb5b9f2296a576456a9ddd61c61188112b4be9b85e1c
                                                                                                  • Instruction Fuzzy Hash: 54E14674E05218CFDB54DF69E888BADBBB2FB89305F1080A9D409A7794CB345E85CF11
                                                                                                  Function 05C77FD8 Relevance: .3, Instructions: 295COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ee673ba9fd86246031931b1fbc1b23e031347e2a67edd2c2c639bbc1d7f9da4b
                                                                                                  • Instruction ID: 42ea917e61adfd72949eb98e9bc75710a2cbbbad06e7ce9f0ef0d6b623210708
                                                                                                  • Opcode Fuzzy Hash: ee673ba9fd86246031931b1fbc1b23e031347e2a67edd2c2c639bbc1d7f9da4b
                                                                                                  • Instruction Fuzzy Hash: 63E12374E05218CFDB64DF69E898BADBBB2FB89305F1080A9D409A7794CB345E85CF11
                                                                                                  Function 05C77F70 Relevance: .3, Instructions: 292COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 95911cc6c5c7147f0b35f24609a7ae6d0ab09ad6931b2771da2854eedd93535a
                                                                                                  • Instruction ID: 6620edca69853d76d1f7fdf7ffe979ff6be32bcd0bad5c1f8bfa11b28f4e226a
                                                                                                  • Opcode Fuzzy Hash: 95911cc6c5c7147f0b35f24609a7ae6d0ab09ad6931b2771da2854eedd93535a
                                                                                                  • Instruction Fuzzy Hash: 50D12474E05218CFDB64DF69E898BADBBB2FB89305F1080A9D409A7794CB345E85CF11
                                                                                                  Function 05C788F4 Relevance: .3, Instructions: 265COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f34ce1b6c3433d5e96bc2755374da6dac8183a5318a86baaaddbea85b957968f
                                                                                                  • Instruction ID: 70be2ea3b29a0e5c8df848c5ed93492df00d002c5cd97473843769621e684ac2
                                                                                                  • Opcode Fuzzy Hash: f34ce1b6c3433d5e96bc2755374da6dac8183a5318a86baaaddbea85b957968f
                                                                                                  • Instruction Fuzzy Hash: CDC12670E06218CFDB54DFA9D888BADBBB2FB89305F1080A9D509A7794DB345E81CF05
                                                                                                  Function 05C78901 Relevance: .3, Instructions: 254COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 3e5ccda16e95d07a69ba70af05a03c5677050eda2da20457144caeec93af3bf1
                                                                                                  • Instruction ID: 6d0e38f43748c057e48029d7ab6d9f9bf0acd02ea6af8cabe656ed2d2bf5bdd9
                                                                                                  • Opcode Fuzzy Hash: 3e5ccda16e95d07a69ba70af05a03c5677050eda2da20457144caeec93af3bf1
                                                                                                  • Instruction Fuzzy Hash: 88B10674E06218CFDB54DFA9D888BADBBB2FB89305F1080A9D509A7794DB345E81CF05
                                                                                                  Function 0309ECB0 Relevance: .2, Instructions: 208COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1710750196.0000000003090000.00000040.00000800.00020000.00000000.sdmp, Offset: 03090000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_3090000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e9627b99645615b6a6f046cd9a1754434074916756d51925496820fa9e0531bb
                                                                                                  • Instruction ID: 7740d448dc0aad669bcb8e61a4e7504f5c09d7fb8a039965a2a5fa269e916830
                                                                                                  • Opcode Fuzzy Hash: e9627b99645615b6a6f046cd9a1754434074916756d51925496820fa9e0531bb
                                                                                                  • Instruction Fuzzy Hash: 9B814C35A01618CFDB24DF69C484A9DB7F5FF88750B1981AAE806DB360DB30ED42CB90
                                                                                                  Function 05C7F1A9 Relevance: .1, Instructions: 127COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2b31039a856c61ba677855ae5bca12e0333f6f0cb3c1513ad22be7331aad232d
                                                                                                  • Instruction ID: c309afbb82d1fcfdbbc5e4a31435d7926c833b2c37b0a3355dd8ea1a93c80329
                                                                                                  • Opcode Fuzzy Hash: 2b31039a856c61ba677855ae5bca12e0333f6f0cb3c1513ad22be7331aad232d
                                                                                                  • Instruction Fuzzy Hash: 0A513874E012099FDB44CFA9E884AEEBBF6FF89311F10846AE405A7350DB349A41CF90
                                                                                                  Function 05C7F1B8 Relevance: .1, Instructions: 124COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 8a55e6ab5da0912c6525b8d08459ac01b16a3abdf764814c871883fa79dbed0b
                                                                                                  • Instruction ID: e6cc38d1b9dec58eca1f8344406fbf98361a6a3a67cd01bd8f1a013c0f30f7fb
                                                                                                  • Opcode Fuzzy Hash: 8a55e6ab5da0912c6525b8d08459ac01b16a3abdf764814c871883fa79dbed0b
                                                                                                  • Instruction Fuzzy Hash: 07512874E01209DFDB44CFA9E884AEEBBF6FB89311F10846AE415A7350DB349A41CF94
                                                                                                  Function 05C79B60 Relevance: .1, Instructions: 121COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b1620c8c264e665773006e9f13b8becc3c663a99758b92de53fee2e9c1a20109
                                                                                                  • Instruction ID: 723a1eb19bbeb81df37a668da81bdfe5ad20dbb6d185c950ad7ae1392d8250bb
                                                                                                  • Opcode Fuzzy Hash: b1620c8c264e665773006e9f13b8becc3c663a99758b92de53fee2e9c1a20109
                                                                                                  • Instruction Fuzzy Hash: E4513A74A01218CFDB50DFA8D848BEDBBB2FB89315F1081A9D809A7794DB385E85CF54
                                                                                                  Function 05C7E640 Relevance: .1, Instructions: 118COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 65b26bc8dabdf0aaf02fd88f66d8abe7a0faa38b837a42055795968279c6ab9b
                                                                                                  • Instruction ID: 183b48478990aa4a598acebe5dfdefb763461b62689ca2be939c97a7dbad7898
                                                                                                  • Opcode Fuzzy Hash: 65b26bc8dabdf0aaf02fd88f66d8abe7a0faa38b837a42055795968279c6ab9b
                                                                                                  • Instruction Fuzzy Hash: E3413575E0460CDFDB04DFA9D884AEDFBB6FF89310F00866AE415A7640DB70A985CB44
                                                                                                  Function 05C7E650 Relevance: .1, Instructions: 113COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 1ae369d2ba5f912d233d6fda2977cdc7b386ac98bba3cb1af10fbe9fb5ae7540
                                                                                                  • Instruction ID: 574044b8ae2e250e70b66dd5bbe4c70a42b407a7d2ab4f54b1359b45aeb8cbe4
                                                                                                  • Opcode Fuzzy Hash: 1ae369d2ba5f912d233d6fda2977cdc7b386ac98bba3cb1af10fbe9fb5ae7540
                                                                                                  • Instruction Fuzzy Hash: 28413475E0461CDBCB04DFA9D884AEDFBB6FF89311F00866AE419B7640DB70A981CB40
                                                                                                  Function 03090870 Relevance: .1, Instructions: 99COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1710750196.0000000003090000.00000040.00000800.00020000.00000000.sdmp, Offset: 03090000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_3090000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d0010a4421987af265d0369cdf5e545484b37a871afd8f390b4221d4ff5ca9f4
                                                                                                  • Instruction ID: 70b9b22bf1e1a58f23c0246d0386f95aa27b085e94a53cf63eaf93069da61ab4
                                                                                                  • Opcode Fuzzy Hash: d0010a4421987af265d0369cdf5e545484b37a871afd8f390b4221d4ff5ca9f4
                                                                                                  • Instruction Fuzzy Hash: 8F31A131E0030A8FCB04DFB8C884AAEBBF2FF89310F5585A6D505AB251D770A945CB90
                                                                                                  Function 05C7CE9C Relevance: .1, Instructions: 97COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 296506d14f24007a93c3b3d77b37d795b14feec2678644cfebc66676894a499e
                                                                                                  • Instruction ID: 46079cff5512a3cbb6f010ad39496f6e7baa31e2747385569aa77383f1ce4e8d
                                                                                                  • Opcode Fuzzy Hash: 296506d14f24007a93c3b3d77b37d795b14feec2678644cfebc66676894a499e
                                                                                                  • Instruction Fuzzy Hash: 5F41CE74A05218CFEB60CF68D948BEDBBF2FB48316F1045A9D909AB290D7755E84CF05
                                                                                                  Function 03090B18 Relevance: .1, Instructions: 90COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1710750196.0000000003090000.00000040.00000800.00020000.00000000.sdmp, Offset: 03090000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_3090000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: da753006423dc0c10e092422905ad25cd1761e7fd5fe396ce1754d0ae89f5ce4
                                                                                                  • Instruction ID: c653db555314b3f4ea09ca084477849729b7de8c83db19d8a8b9911c470e7cb9
                                                                                                  • Opcode Fuzzy Hash: da753006423dc0c10e092422905ad25cd1761e7fd5fe396ce1754d0ae89f5ce4
                                                                                                  • Instruction Fuzzy Hash: BC31AF71E012489FEF10DB68C880A9EFBFAFF89754B14856AE845A7345DB30AD45CB90
                                                                                                  Function 03098CD5 Relevance: .1, Instructions: 89COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1710750196.0000000003090000.00000040.00000800.00020000.00000000.sdmp, Offset: 03090000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_3090000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: bf56248c63f306dcb47af6ca169131bba0f7fc2f9b976a82bffc6b0a24dcdf12
                                                                                                  • Instruction ID: 2c7fe7298d6620269fbfa39a2b4117d85f6aca9af0cd00ff33caafcddd241783
                                                                                                  • Opcode Fuzzy Hash: bf56248c63f306dcb47af6ca169131bba0f7fc2f9b976a82bffc6b0a24dcdf12
                                                                                                  • Instruction Fuzzy Hash: B83113B5D062099FEF04CFA9D4896ADBBF1FB8A200F1488A6D009A7320E7349A44DB50
                                                                                                  Function 03090C51 Relevance: .1, Instructions: 87COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1710750196.0000000003090000.00000040.00000800.00020000.00000000.sdmp, Offset: 03090000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_3090000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c57f182c8e9297fcd3cab7368fd38eabb964f5b54145f037fb1b832cea3fdc07
                                                                                                  • Instruction ID: 183a6a9859e9df53447b5ca2a60a35f7dfdea6707c09eb7ec970f831bc0ae6ff
                                                                                                  • Opcode Fuzzy Hash: c57f182c8e9297fcd3cab7368fd38eabb964f5b54145f037fb1b832cea3fdc07
                                                                                                  • Instruction Fuzzy Hash: 02318E70E022189FDB51CBACD584ADDBBF2FF48314F4880AAE459AB241D730A841CBA1
                                                                                                  Function 030988C0 Relevance: .1, Instructions: 82COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1710750196.0000000003090000.00000040.00000800.00020000.00000000.sdmp, Offset: 03090000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_3090000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2bbf2a1b8d9636da660a06fc97a2595baf5dce5812ac0043ef5465f8682e182b
                                                                                                  • Instruction ID: 8d96b506e0ffe0ee320b199e39e95b75791558dd5558259a8a959e14a605eea5
                                                                                                  • Opcode Fuzzy Hash: 2bbf2a1b8d9636da660a06fc97a2595baf5dce5812ac0043ef5465f8682e182b
                                                                                                  • Instruction Fuzzy Hash: 0F3141B0906208DFDB41DFA8C4887ADBFF5FB4A305F14C5AAD405A3345D7754A84CB66
                                                                                                  Function 05C74640 Relevance: .1, Instructions: 82COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d16462b9008dcbb3fdf08542b8503bc6dd67b3b092cf1a06337dc8f082829932
                                                                                                  • Instruction ID: 877707d71d45167be20dbb5dd35adc85daf7aaaa309b91b42f661397122e97f4
                                                                                                  • Opcode Fuzzy Hash: d16462b9008dcbb3fdf08542b8503bc6dd67b3b092cf1a06337dc8f082829932
                                                                                                  • Instruction Fuzzy Hash: 03311974E04228CBDB68CF26D884BADBBB6FB89300F0084EAD419A7644DB745A80CF04
                                                                                                  Function 03098CD0 Relevance: .1, Instructions: 79COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1710750196.0000000003090000.00000040.00000800.00020000.00000000.sdmp, Offset: 03090000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_3090000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f115a613f994b710cdb7b28675fc5bcdf448ac110ab9eb04822f095f48af52d3
                                                                                                  • Instruction ID: aa01cce9e70af06dd582bb6a8460688753b102656279cb9c6e1e28858275662a
                                                                                                  • Opcode Fuzzy Hash: f115a613f994b710cdb7b28675fc5bcdf448ac110ab9eb04822f095f48af52d3
                                                                                                  • Instruction Fuzzy Hash: 3831E5B5D02209DFDB04DFA9D48869EBBF5FB49300F14C466E515A7310EB749A44DF50
                                                                                                  Function 0309081F Relevance: .1, Instructions: 78COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1710750196.0000000003090000.00000040.00000800.00020000.00000000.sdmp, Offset: 03090000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_3090000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: dcf185aa3ecaf447275421a94b361d6a5ef34051c516757e8d83fd14e9b5e989
                                                                                                  • Instruction ID: 3a6e575ab64e4ffcc1f346b60b4b5c959eac2dcb0faa479d5ae24a7d7e36f3ab
                                                                                                  • Opcode Fuzzy Hash: dcf185aa3ecaf447275421a94b361d6a5ef34051c516757e8d83fd14e9b5e989
                                                                                                  • Instruction Fuzzy Hash: 4D218B30E062459FDB45DF78C894AAEBBF2EF45314F1984EAD544DB262D634D842CB80
                                                                                                  Function 0309C938 Relevance: .1, Instructions: 76COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1710750196.0000000003090000.00000040.00000800.00020000.00000000.sdmp, Offset: 03090000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_3090000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 808e278021c3937e303dd92480411a9bf0a8b201c5d9f49f3108a082a2c0e0ac
                                                                                                  • Instruction ID: 013aa822762f98441eb3c9898a4d6279dff4b5f067b081fd904197d38cb26b99
                                                                                                  • Opcode Fuzzy Hash: 808e278021c3937e303dd92480411a9bf0a8b201c5d9f49f3108a082a2c0e0ac
                                                                                                  • Instruction Fuzzy Hash: 4B2104B4E062098BEF04DFAAC4487EEFBF6FB8A300F04882AD515B7284DB7459459B55
                                                                                                  Function 05C7D049 Relevance: .1, Instructions: 76COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 8766e1f71f07911f68caa5bdcf3acec6ef4836f7e10dde0c6ca1b14b94424c43
                                                                                                  • Instruction ID: 723e87c3e786a49fc7e798557fd1e619c3f146cacd0be445cbb1d5012dfbbdef
                                                                                                  • Opcode Fuzzy Hash: 8766e1f71f07911f68caa5bdcf3acec6ef4836f7e10dde0c6ca1b14b94424c43
                                                                                                  • Instruction Fuzzy Hash: 7841BD74A05219CFDB64CF69D948BACBBF2BF89325F1084AAD409A7651D7B44E84CF04
                                                                                                  Function 030988D0 Relevance: .1, Instructions: 74COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1710750196.0000000003090000.00000040.00000800.00020000.00000000.sdmp, Offset: 03090000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_3090000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f6dcd019602b368609ee52551a2c68c1dc775c3eca6ef8db075e3dc313799a12
                                                                                                  • Instruction ID: 6e6268511b6ca1bcde32197dac4351eca926aa0900060652fff7ef400f18801f
                                                                                                  • Opcode Fuzzy Hash: f6dcd019602b368609ee52551a2c68c1dc775c3eca6ef8db075e3dc313799a12
                                                                                                  • Instruction Fuzzy Hash: D0314DB0906208EFEB40DFA8C0887AEBBF5FB8A305F14C5A6D405A3344DB744A84CF56
                                                                                                  Function 017BD048 Relevance: .1, Instructions: 74COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1710199224.00000000017BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 017BD000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_17bd000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0a935c5027878b3be0ed7a5a5b9ffb43ce45e07cda924181d4420fb86860c602
                                                                                                  • Instruction ID: c542896b25f19033cfb0650345156bb67089376101131197816810a091cceb68
                                                                                                  • Opcode Fuzzy Hash: 0a935c5027878b3be0ed7a5a5b9ffb43ce45e07cda924181d4420fb86860c602
                                                                                                  • Instruction Fuzzy Hash: C221D371504204DFDB25DF54D9C0B66FBA5FB84318F2485A9E9094B242C336D446CBA2
                                                                                                  Function 05C7D7F0 Relevance: .1, Instructions: 73COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 4656506826846755d3a749059fcd721fb9259e4a79e2ddc3127c5c8f7b177a8f
                                                                                                  • Instruction ID: d4b5ffcd8d7b6a250cca34459121bfaba2e86eebac7811093ac5fbbb3e72ea97
                                                                                                  • Opcode Fuzzy Hash: 4656506826846755d3a749059fcd721fb9259e4a79e2ddc3127c5c8f7b177a8f
                                                                                                  • Instruction Fuzzy Hash: A4218B70E04249DFCB44CFA9E845AAEBBF1FF88311F1085AAD81AA7751D7349A00CF91
                                                                                                  Function 05C7CE0C Relevance: .1, Instructions: 72COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 07269e5e97424e16a6b2436abfbbead680afb8497997db47b7c6f4d99f41e2cb
                                                                                                  • Instruction ID: 686957db5d38b1326e386db559c50d6b7ed020f77d1a3b02ef01aaf7269738f6
                                                                                                  • Opcode Fuzzy Hash: 07269e5e97424e16a6b2436abfbbead680afb8497997db47b7c6f4d99f41e2cb
                                                                                                  • Instruction Fuzzy Hash: 0131E274A0521DCFDB60CFA8C944BECBBF1BB48326F1084AAD409AB691D7759E84CF04
                                                                                                  Function 05C78548 Relevance: .1, Instructions: 71COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d6a3a424c6ea916fded9a0aa24242b3c74c49dec54afbce9945ec103f8d23c41
                                                                                                  • Instruction ID: 6fd736f219700fd4939ad8cbf07e060a303df257b8c5ed041181caf5b8c73c55
                                                                                                  • Opcode Fuzzy Hash: d6a3a424c6ea916fded9a0aa24242b3c74c49dec54afbce9945ec103f8d23c41
                                                                                                  • Instruction Fuzzy Hash: B7217AB0E0420DDFDB00CFA9D459BBEBBF2FB89300F508469D615A3680D7789A458F51
                                                                                                  Function 05C7D800 Relevance: .1, Instructions: 71COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0ca5e5caad05e9d99efe58746a213221b467aca330ed0e6786426bd5002dbf5f
                                                                                                  • Instruction ID: f180bbf8d811ff37310ccd84e0d8c518b6fb2a8a58aab820c90b05f74ed77262
                                                                                                  • Opcode Fuzzy Hash: 0ca5e5caad05e9d99efe58746a213221b467aca330ed0e6786426bd5002dbf5f
                                                                                                  • Instruction Fuzzy Hash: 6D214A70E04209DFCB44DFAAE845AAEB7F5FF48311F10856AD81AA7750D7749A40CF90
                                                                                                  Function 03090A20 Relevance: .1, Instructions: 70COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1710750196.0000000003090000.00000040.00000800.00020000.00000000.sdmp, Offset: 03090000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_3090000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c01f55b70716ef0f5699d97a9bc00932a7ce476b00e761925188e55a7177b18d
                                                                                                  • Instruction ID: 77a78956d3de6c93fdb045133c235c1ba052084a867df900112db893458a88ed
                                                                                                  • Opcode Fuzzy Hash: c01f55b70716ef0f5699d97a9bc00932a7ce476b00e761925188e55a7177b18d
                                                                                                  • Instruction Fuzzy Hash: 6F21B071A013158FDF24CF69C844ADEFBF1FF88210B144A6EE496E7294DB34A808CB60
                                                                                                  Function 03090A0F Relevance: .1, Instructions: 69COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1710750196.0000000003090000.00000040.00000800.00020000.00000000.sdmp, Offset: 03090000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_3090000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 4f41c06b38fb79392ad0e472667927ef83af7d85b2ea7bc9a45a7189250dd10c
                                                                                                  • Instruction ID: 66bd0bb388347048d2a7ebbc9c60535e5d183a2b72c82b1f2a0dfe2a9423b25c
                                                                                                  • Opcode Fuzzy Hash: 4f41c06b38fb79392ad0e472667927ef83af7d85b2ea7bc9a45a7189250dd10c
                                                                                                  • Instruction Fuzzy Hash: 8A210830A023159FDF24CF69C844ADEFBF5FF84210F04496EE486A7255DB749808CBA1
                                                                                                  Function 03090861 Relevance: .1, Instructions: 69COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1710750196.0000000003090000.00000040.00000800.00020000.00000000.sdmp, Offset: 03090000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_3090000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 96e61a9549f70d7a06242d3908a25f67683cf58a17d260ab7358d5371fbf5527
                                                                                                  • Instruction ID: 631a7d6751f3ea56288adbc71314b66ec22a11ce8395768454c999e966c35131
                                                                                                  • Opcode Fuzzy Hash: 96e61a9549f70d7a06242d3908a25f67683cf58a17d260ab7358d5371fbf5527
                                                                                                  • Instruction Fuzzy Hash: 86214430F012098FDF44DF68C488AAEBBF6FB49300F1584EAD545DB266D635D8428B81
                                                                                                  Function 0309FEE8 Relevance: .1, Instructions: 69COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1710750196.0000000003090000.00000040.00000800.00020000.00000000.sdmp, Offset: 03090000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_3090000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 75f452cfb721dbc2472270cd3206b73a89c6e304411ec8fc45d4591ffcaf72c0
                                                                                                  • Instruction ID: f388affa859b81fd2d4b68e5fd611de34b1947911d075c541d76128422b4e8ec
                                                                                                  • Opcode Fuzzy Hash: 75f452cfb721dbc2472270cd3206b73a89c6e304411ec8fc45d4591ffcaf72c0
                                                                                                  • Instruction Fuzzy Hash: 0A211575A002098FDB54DFA4C990ADDB7F2FF88311F2041A9E505BB2A5CB72AD45CBA0
                                                                                                  Function 05C78558 Relevance: .1, Instructions: 68COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: dd023da043c9e14a43eea408c0852ee9b5e731dc60faa8a3d882bf9e2606df3e
                                                                                                  • Instruction ID: 3ebd870fb2f4e11d6c97ff4c231e1e935b780d7832168f0eed9c1f332267cf4a
                                                                                                  • Opcode Fuzzy Hash: dd023da043c9e14a43eea408c0852ee9b5e731dc60faa8a3d882bf9e2606df3e
                                                                                                  • Instruction Fuzzy Hash: BE2159B0E0420DDFDB00CFA9D458BAEBBF6FB89301F508825D615A3680DB785A458F51
                                                                                                  Function 05C7CD55 Relevance: .1, Instructions: 66COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ee43c934a027974d2f08e2888213d9452736df9a54b466aea5cc9d9cabb59b4c
                                                                                                  • Instruction ID: 14172efc54b56b5f47b071579bd4f5f5007d9f5a8a6018eea2ff7329c9519d63
                                                                                                  • Opcode Fuzzy Hash: ee43c934a027974d2f08e2888213d9452736df9a54b466aea5cc9d9cabb59b4c
                                                                                                  • Instruction Fuzzy Hash: 9131C070A0521DCFDB60CFA8D948BECBBF1BB49326F10849AD509AB691D7B55E84CF04
                                                                                                  Function 05C7F370 Relevance: .1, Instructions: 65COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 50b1788c8b9636983c22a120a2fb69a1e5be3c11ac4bde3c4ad420e207ddbc18
                                                                                                  • Instruction ID: 9f8e7f05ccc1951fd724052f2a09c5e4822ac81842def07d54bbdcda1693f351
                                                                                                  • Opcode Fuzzy Hash: 50b1788c8b9636983c22a120a2fb69a1e5be3c11ac4bde3c4ad420e207ddbc18
                                                                                                  • Instruction Fuzzy Hash: B421E7B4D04209AFCB41DFA9D884AAEBBF6FB48310F00856AE855A3711D7349A41DFA0
                                                                                                  Function 0309DD18 Relevance: .1, Instructions: 58COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1710750196.0000000003090000.00000040.00000800.00020000.00000000.sdmp, Offset: 03090000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_3090000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b950669301fd874e8648fa276fdb956c8dff1c053e4e0db5c0899c3cd4e00a4f
                                                                                                  • Instruction ID: 081281c221cea52edb29b4ba24bb9b6abd0260c32dd6f051282f6adc142aec06
                                                                                                  • Opcode Fuzzy Hash: b950669301fd874e8648fa276fdb956c8dff1c053e4e0db5c0899c3cd4e00a4f
                                                                                                  • Instruction Fuzzy Hash: FE113470D02209CFEF04DFAAD444AEEBBF6FB88310F14842AE519B3210D7745A85DBA0
                                                                                                  Function 05C7F380 Relevance: .1, Instructions: 57COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e3dea7e9d9fb2476807b14d2b7001a8a7e795780f47debb898eacb9596643c16
                                                                                                  • Instruction ID: d1f724ad845079a02001433fe33edda4ac3f9e094436f86b9e57618705e2cd29
                                                                                                  • Opcode Fuzzy Hash: e3dea7e9d9fb2476807b14d2b7001a8a7e795780f47debb898eacb9596643c16
                                                                                                  • Instruction Fuzzy Hash: 1321A2B4D0421DDFCB44DFAAD884AAEBBF6FB48310F00856AE919A7351D7349A41DF90
                                                                                                  Function 017BD043 Relevance: .1, Instructions: 55COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1710199224.00000000017BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 017BD000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_17bd000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c17b92067f9f392c36d9c2df8838e5273bef87ad497ca21dd9e73911e0fdf5c2
                                                                                                  • Instruction ID: fecdc1ef8c8c5dc48678b0816549526f17f472b674a9765e7e050e721679f4c0
                                                                                                  • Opcode Fuzzy Hash: c17b92067f9f392c36d9c2df8838e5273bef87ad497ca21dd9e73911e0fdf5c2
                                                                                                  • Instruction Fuzzy Hash: 5B11D376504244CFCB26CF54D9C4B56FF71FB84314F24C5A9D8094B656C33AD41ACBA2
                                                                                                  Function 05C7F7C8 Relevance: .1, Instructions: 54COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 760b8b53c19618334a95f90afeeaca56fa46ef297c9c443260383a7019b883ad
                                                                                                  • Instruction ID: 344992a45c42bf996bf0e03b1bf11fa6eb529249218a87c40bfb6a653335affe
                                                                                                  • Opcode Fuzzy Hash: 760b8b53c19618334a95f90afeeaca56fa46ef297c9c443260383a7019b883ad
                                                                                                  • Instruction Fuzzy Hash: AC11C3B4E04209DFDB44DFAAD580AAEBBF1FF49310F20856AD914A7364D7305A81DF90
                                                                                                  Function 05C7F740 Relevance: .0, Instructions: 50COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b64cfde3f55243c8f22e793f5afcc9a4b7d1db0367d30df39434b9bec7ca2bfe
                                                                                                  • Instruction ID: 6a85fef6d257eb49d1f2447193351690537bb0cac0d2dce7096f05a6d4572fe9
                                                                                                  • Opcode Fuzzy Hash: b64cfde3f55243c8f22e793f5afcc9a4b7d1db0367d30df39434b9bec7ca2bfe
                                                                                                  • Instruction Fuzzy Hash: DE112AB9D08249AFDB00DFA6D9409AEBFF9FB48300F1080AAE855E3350D7305A40DFA0
                                                                                                  Function 05C7F7D8 Relevance: .0, Instructions: 49COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c5f4ff525c84b426f6773802e703afef1d5c903b998b31f7edc25739d7f32a68
                                                                                                  • Instruction ID: 484c822cacaa3ca65dd207cb59d69b4e351a061144023b145e7c7c1a2fabc12d
                                                                                                  • Opcode Fuzzy Hash: c5f4ff525c84b426f6773802e703afef1d5c903b998b31f7edc25739d7f32a68
                                                                                                  • Instruction Fuzzy Hash: 3211B3B4E04209DFCB44DFAAD484AAEBBF1FB49300F10856AD914A7310D7305A81DF90
                                                                                                  Function 06D1F030 Relevance: .0, Instructions: 46COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1725263223.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_6d00000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 19aec9e454459cffe43faba0e3359dbd3cc52bdde3dc7b77306627d62a6d3a75
                                                                                                  • Instruction ID: 60733d4cc374c4223da9d5f3db03b64098d2a2db15094eeee29336f058ef5717
                                                                                                  • Opcode Fuzzy Hash: 19aec9e454459cffe43faba0e3359dbd3cc52bdde3dc7b77306627d62a6d3a75
                                                                                                  • Instruction Fuzzy Hash: 6E11B7B4E0030A9FDB44DFA9C9457AFFBF1FF88300F14856A9518A7354DA705A418B95
                                                                                                  Function 017AD01D Relevance: .0, Instructions: 45COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1710140301.00000000017AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 017AD000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_17ad000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 080e233c1b43a6a8a16920c9be83beff307e43bd635c3250cb1d578e169f0cf2
                                                                                                  • Instruction ID: 546c43e4a4e8271a87617499664ce8426cc42edd8d52599af0b251c857777a97
                                                                                                  • Opcode Fuzzy Hash: 080e233c1b43a6a8a16920c9be83beff307e43bd635c3250cb1d578e169f0cf2
                                                                                                  • Instruction Fuzzy Hash: B901F771544340AEE7304AA5C984B67FBD8EF816A4F08825AED480F682C2799442CAB2
                                                                                                  Function 06D03967 Relevance: .0, Instructions: 44COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1725263223.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_6d00000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 71c1be44e5ba4eb37b88f651907f19f7fe26ab192b0396d63c61d36df298f2e3
                                                                                                  • Instruction ID: 4cc31f78d1bfd51de1481e7d4778ff512fb118c554540ef0a9741df2c5496221
                                                                                                  • Opcode Fuzzy Hash: 71c1be44e5ba4eb37b88f651907f19f7fe26ab192b0396d63c61d36df298f2e3
                                                                                                  • Instruction Fuzzy Hash: 5021CE74A41229CFEB64CF18C988BD9BBF1BF88308F4455E5E909A7680D7709E848F16
                                                                                                  Function 05C7F750 Relevance: .0, Instructions: 42COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2ff9b8374edd3b50d87a47643ddd276405acc2925fc63bc53062c8899e028346
                                                                                                  • Instruction ID: 527e4c2a6ac235ae4479706fe2e3719964bcb8b9e91904c5b334bd87bb3b7cb4
                                                                                                  • Opcode Fuzzy Hash: 2ff9b8374edd3b50d87a47643ddd276405acc2925fc63bc53062c8899e028346
                                                                                                  • Instruction Fuzzy Hash: 3F01ED74D0424DEFCB44DFAAD9409AEBBF5FB48300F1085AAE855A3350D7305A40DF90
                                                                                                  Function 05C7E500 Relevance: .0, Instructions: 39COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 66ca8f361c43ac319fa2d8d860035c878cc1ebacc2b8c3c86bf4a472be81e921
                                                                                                  • Instruction ID: e6132793026ed0d9443bbc6c8a267fc021fa260a1a1a4ae9d9d705ee53ca7c0d
                                                                                                  • Opcode Fuzzy Hash: 66ca8f361c43ac319fa2d8d860035c878cc1ebacc2b8c3c86bf4a472be81e921
                                                                                                  • Instruction Fuzzy Hash: 6601AD71C00B09ABDB11DFA5D8009D9FBB8FF89310B00C65AE85473211E731BA95CBA0
                                                                                                  Function 03090993 Relevance: .0, Instructions: 38COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1710750196.0000000003090000.00000040.00000800.00020000.00000000.sdmp, Offset: 03090000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_3090000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 6456c585252ff2c636cad1e28347626aef5fa99090ca497bb60ad7498abccb8f
                                                                                                  • Instruction ID: 6c9d10bcb901d9f41da182328ca0a94491568ee69ab09f49280089f4e026b438
                                                                                                  • Opcode Fuzzy Hash: 6456c585252ff2c636cad1e28347626aef5fa99090ca497bb60ad7498abccb8f
                                                                                                  • Instruction Fuzzy Hash: C7F0A4319052489BDF15D764C454AAEBBB69F44300F05C566D402AB341DF74690A97D2
                                                                                                  Function 05C7BA88 Relevance: .0, Instructions: 38COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 47704a4524dcc495b018ff9d1616fe06e20c8e46303c5fa5ff4978dba992454b
                                                                                                  • Instruction ID: 6189c3acbba7f4716555f20b0eb30ea65d4700ae0bcfc51ea172d1ecfadeb48a
                                                                                                  • Opcode Fuzzy Hash: 47704a4524dcc495b018ff9d1616fe06e20c8e46303c5fa5ff4978dba992454b
                                                                                                  • Instruction Fuzzy Hash: 4B014F3280474ADBCF01DF95D8009EEBB75FF49324F04C559E99473211E771A666DB90
                                                                                                  Function 05C7BFA2 Relevance: .0, Instructions: 37COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 1e5c14b2a5e638e3039dc9177d8ea37771ac3729a9d07bf2eb1d5ab7e5c7d06b
                                                                                                  • Instruction ID: 727393a312c42801fbae04de6f35544f3b7215c810aa00650c4ffa7067276cec
                                                                                                  • Opcode Fuzzy Hash: 1e5c14b2a5e638e3039dc9177d8ea37771ac3729a9d07bf2eb1d5ab7e5c7d06b
                                                                                                  • Instruction Fuzzy Hash: C9112370A0621DCFDB64CF14D888BE8B7B2BB05319F1094E5C909A3A54DBB44EC4CF08
                                                                                                  Function 017AD01C Relevance: .0, Instructions: 36COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1710140301.00000000017AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 017AD000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_17ad000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 9d1200f42568104d643f08e7a1ee4496d288369f61073b7f71246d344c95ab76
                                                                                                  • Instruction ID: 1f712827ff251aeeb4582f8f5c3823e6bb998a9f33048e2061f6c7aa652b05d4
                                                                                                  • Opcode Fuzzy Hash: 9d1200f42568104d643f08e7a1ee4496d288369f61073b7f71246d344c95ab76
                                                                                                  • Instruction Fuzzy Hash: A4F0F671004340AEEB208F1ACD84B67FFD8EB81674F18C25AED480F683C3799841CAB1
                                                                                                  Function 05C7BA98 Relevance: .0, Instructions: 32COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 8377c44f194990e1756643f8308e95fb2b3bc71982a3cce8818b9e083b5523d0
                                                                                                  • Instruction ID: 314d9e2721d6733aeee8a73f0141b3df1693d318feaf40747511d657f5f1baf9
                                                                                                  • Opcode Fuzzy Hash: 8377c44f194990e1756643f8308e95fb2b3bc71982a3cce8818b9e083b5523d0
                                                                                                  • Instruction Fuzzy Hash: CEF0EC3180061EDBCF01EF99D8449EEBB75FF89324F00C519E95827210E771A5A5DB90
                                                                                                  Function 05C7EA35 Relevance: .0, Instructions: 32COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 3729e6ec4036f3049be4add5cb0464ff5eeb1a3ebc26a2fd2c22a9d5c1181d2a
                                                                                                  • Instruction ID: c7e0a3183beebef12864b592b4b468eb496611cfc0322bbb5042fc04608d78fd
                                                                                                  • Opcode Fuzzy Hash: 3729e6ec4036f3049be4add5cb0464ff5eeb1a3ebc26a2fd2c22a9d5c1181d2a
                                                                                                  • Instruction Fuzzy Hash: DD01A575A00659CBCB60DF68D854799F7B1FF89300F50869AE54AB3640DB70AE85CF50
                                                                                                  Function 05C7C23F Relevance: .0, Instructions: 32COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b86866451728eb4ff6261a314518c9b85240fbdbf39490c08d01a26ecc09c754
                                                                                                  • Instruction ID: 80834e7e78ec64f23aa400ad301bd10ebdde39404662ad7062f96fb78160c8fa
                                                                                                  • Opcode Fuzzy Hash: b86866451728eb4ff6261a314518c9b85240fbdbf39490c08d01a26ecc09c754
                                                                                                  • Instruction Fuzzy Hash: 0101F6759042199FDB60CF50CC44BD9B7BAFB49304F10819AE509A7280DB759EC9CF50
                                                                                                  Function 05C7E510 Relevance: .0, Instructions: 31COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 874ed2ecda5aa441d46900885b0311eb21e5200b9d66cc465acd12d726051dfa
                                                                                                  • Instruction ID: 8b7603bc6437cd8d52b0b4bca09531830e286af6b1851ea483bc3165efdc00d9
                                                                                                  • Opcode Fuzzy Hash: 874ed2ecda5aa441d46900885b0311eb21e5200b9d66cc465acd12d726051dfa
                                                                                                  • Instruction Fuzzy Hash: 70F0E771D0070A9BCB14DFA9D8449D9F7B8FF89320F14D65AD95833600E771AA95CFA0
                                                                                                  Function 05C79967 Relevance: .0, Instructions: 30COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 620b6b853d3b003fa8dff3ff81b6b5b9d676aa10e1dd79da1c27abbb78cf093e
                                                                                                  • Instruction ID: f9608de6b4c7cd78a3391fab32d75e1e1f5d2342cfc101595cf117d4df5ce89d
                                                                                                  • Opcode Fuzzy Hash: 620b6b853d3b003fa8dff3ff81b6b5b9d676aa10e1dd79da1c27abbb78cf093e
                                                                                                  • Instruction Fuzzy Hash: C5014674E042489FDB51CF66D0946ADBFB2EF8A201F20419AC866A7292DB385984CF51
                                                                                                  Function 05C7C928 Relevance: .0, Instructions: 29COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c3d71d0597e485bfa5b8ff4e012e1ddba55edbd286c622115307b85ccb1de04c
                                                                                                  • Instruction ID: ed39ffed0e9e974d163c8f02f6669ce185581eb65978ea02fd6f8aad6f358584
                                                                                                  • Opcode Fuzzy Hash: c3d71d0597e485bfa5b8ff4e012e1ddba55edbd286c622115307b85ccb1de04c
                                                                                                  • Instruction Fuzzy Hash: EDF09A35808389EFCB02CFA4D840AACBFB5AB49300F14C09AEC9457352D3318B11EB80
                                                                                                  Function 05C7A0B8 Relevance: .0, Instructions: 29COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c334a7b1e1ad3369d571b0d0cb49b86fa5c35c045c6459ac0d60ea6ca6eef289
                                                                                                  • Instruction ID: b253afb5964bfcb49185fab769d2fa167e8a47fd14b0790b90328439e07efea9
                                                                                                  • Opcode Fuzzy Hash: c334a7b1e1ad3369d571b0d0cb49b86fa5c35c045c6459ac0d60ea6ca6eef289
                                                                                                  • Instruction Fuzzy Hash: BFF03A39408248AFCB02DF90D944AADBFB5AB59304F14C899EC8517252D3329A65EB51
                                                                                                  Function 05C71009 Relevance: .0, Instructions: 29COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0ac7cadcf58a6d8d3a668115e5db51225287e75e889299e14c8bbb72fe70d1dd
                                                                                                  • Instruction ID: 0ce192ad5849b836337f600ff1011df3af7a55ce96921140fa5178744b789d15
                                                                                                  • Opcode Fuzzy Hash: 0ac7cadcf58a6d8d3a668115e5db51225287e75e889299e14c8bbb72fe70d1dd
                                                                                                  • Instruction Fuzzy Hash: CEE0923440D2C89FD711CB60E890ABEBFB5EB46301F1881DAD84497351C6324E02CB90
                                                                                                  Function 05C7C5AC Relevance: .0, Instructions: 28COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d8aef38a0e818f6e74df15ce48ac5492e1708d1e8e8a3968f9ab7b0a7d6bd195
                                                                                                  • Instruction ID: 467e9afe08ebaee36d13b23cfbd8384c88d0f779e70f7410f79a8e43ab48d36d
                                                                                                  • Opcode Fuzzy Hash: d8aef38a0e818f6e74df15ce48ac5492e1708d1e8e8a3968f9ab7b0a7d6bd195
                                                                                                  • Instruction Fuzzy Hash: 7F01F67090521A8FDB60CF58D884BEAB7F5BB08304F1081E5D818A7644D7759EC8CF04
                                                                                                  Function 05C7E838 Relevance: .0, Instructions: 28COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b4c865f9b40cb708fe31145cc8f59152c677c18b20d2e95270149639cdd8f49b
                                                                                                  • Instruction ID: 3e193bb67666706cfbf6243f5afbe1c1bb54774beb021665a65cd06f128e146e
                                                                                                  • Opcode Fuzzy Hash: b4c865f9b40cb708fe31145cc8f59152c677c18b20d2e95270149639cdd8f49b
                                                                                                  • Instruction Fuzzy Hash: A1F05E35908208EFCB00DF99C545A9CFBB8EB44304F00C0A9E80897712D3319A55DB40
                                                                                                  Function 05C72A31 Relevance: .0, Instructions: 28COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e848a55ca68e83c1e169af4b9dbb35f26ed92b4575dc3acc6c49434715031bd4
                                                                                                  • Instruction ID: 40db3272c0795784203a87f8be63ebfbeb011f662dc95dbe8d922ded23362eea
                                                                                                  • Opcode Fuzzy Hash: e848a55ca68e83c1e169af4b9dbb35f26ed92b4575dc3acc6c49434715031bd4
                                                                                                  • Instruction Fuzzy Hash: 5AE09234509688DFCB11CBA5E8409BABF71EB47321F1491DBD80897B52C2324E46CB92
                                                                                                  Function 05C7D7A8 Relevance: .0, Instructions: 27COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d483e30ea8ca25a8eefe7fad8bfc2b7eb607cec310ee199ad84440f8cab4055b
                                                                                                  • Instruction ID: 83b82ca6888952087000a0b1e434ab6cd031108d084f690c08642c5fa8827296
                                                                                                  • Opcode Fuzzy Hash: d483e30ea8ca25a8eefe7fad8bfc2b7eb607cec310ee199ad84440f8cab4055b
                                                                                                  • Instruction Fuzzy Hash: 3CF0E5B4808388AFC741DFA8D841A68BFF4EF05204F1084EAC889D3701E3315E82CB41
                                                                                                  Function 05C78738 Relevance: .0, Instructions: 27COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5997d1a437bd0bd90cbd76f20a085fdbfbc4ea1499f4e59cf689a2f6f7be1645
                                                                                                  • Instruction ID: 0058a638a9db3fd737e99178047097fb7a1a2d7c228896de36498c46d8a1a13e
                                                                                                  • Opcode Fuzzy Hash: 5997d1a437bd0bd90cbd76f20a085fdbfbc4ea1499f4e59cf689a2f6f7be1645
                                                                                                  • Instruction Fuzzy Hash: EBF0A075D08208AFC701DFA4C984AACBBB4EB48300F00C1EAE984A7341D331AA45DB50
                                                                                                  Function 05C7FE78 Relevance: .0, Instructions: 27COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: cb73c5b47fdcb3301e01bd878935c6d71c160159c879b50f1afbc7f38a64e1c8
                                                                                                  • Instruction ID: c2160638d3ec6bab79eed74a56f48cf5f1346ae13d52ad6abc133a1d5ad08d04
                                                                                                  • Opcode Fuzzy Hash: cb73c5b47fdcb3301e01bd878935c6d71c160159c879b50f1afbc7f38a64e1c8
                                                                                                  • Instruction Fuzzy Hash: 68F03078905308AFD700DBA5E9819ADBBB4FB45310F1080E9E84497352D7319E45DB81
                                                                                                  Function 05C7D3D9 Relevance: .0, Instructions: 27COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 30d0cbafb445dea530d2a5ee697c06cfe00fdf1003307e144f9c46311836af51
                                                                                                  • Instruction ID: be3a774af1c38bbd959800bc8cd46a74eb344de2ab09ebd7a9134b6912f9e47f
                                                                                                  • Opcode Fuzzy Hash: 30d0cbafb445dea530d2a5ee697c06cfe00fdf1003307e144f9c46311836af51
                                                                                                  • Instruction Fuzzy Hash: A5F06574908348AFC791DBA4D844A6ABFF4EF45304F1484E9D889D7352E731AB45CB41
                                                                                                  Function 05C73570 Relevance: .0, Instructions: 26COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 370ba3f1be04675c288228d3736e4b1fc47b7a30f4f3a0ba193f63ee2f0f176d
                                                                                                  • Instruction ID: 4c6a3995c4ab1a771785d9c7f67464c1b2f15a768c9f6e5d96c66290a30b9fa9
                                                                                                  • Opcode Fuzzy Hash: 370ba3f1be04675c288228d3736e4b1fc47b7a30f4f3a0ba193f63ee2f0f176d
                                                                                                  • Instruction Fuzzy Hash: 99F0ED309083888FCB40CFA4C848AA8BFB0EB4A300F1484EEC84597212C2318A02DB20
                                                                                                  Function 05C7D950 Relevance: .0, Instructions: 26COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: cd2599ae429267da17e8d18446525aa66014884ede2ced303075d9a6b5b3c022
                                                                                                  • Instruction ID: a659293e18c5e07c6f39371edb7b6916bed87182e4cf88f89c0b72462d2cf640
                                                                                                  • Opcode Fuzzy Hash: cd2599ae429267da17e8d18446525aa66014884ede2ced303075d9a6b5b3c022
                                                                                                  • Instruction Fuzzy Hash: 69F03074909248AFC740DBB4D585658BBF4EB09315F1484D99889D3352E7319A45CB81
                                                                                                  Function 05C79ADF Relevance: .0, Instructions: 26COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 20ba92d539e707bb559abf7c4d9559543a3185aae44f6ef9ba5911dae79fbb46
                                                                                                  • Instruction ID: e142e5c02ca33bf5950c0ebfd228c3784cefc9de9f028f7882b5c39d112a7c07
                                                                                                  • Opcode Fuzzy Hash: 20ba92d539e707bb559abf7c4d9559543a3185aae44f6ef9ba5911dae79fbb46
                                                                                                  • Instruction Fuzzy Hash: 77F0C470E04208CFDB90DF69D4547ADBBB2EB89305F20805EC419B3684CB780985CF55
                                                                                                  Function 05C7F160 Relevance: .0, Instructions: 25COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f5ec6e169bcb159758957805f691d9e1143274eed489feec8633dc57a6062605
                                                                                                  • Instruction ID: c7772966306d7f6725f60faf12c85501259e7b55af59a03d0f8223b15d6b9d69
                                                                                                  • Opcode Fuzzy Hash: f5ec6e169bcb159758957805f691d9e1143274eed489feec8633dc57a6062605
                                                                                                  • Instruction Fuzzy Hash: ACF03938409388FFCB05CFA4E981DAABFB5AF4A310F1481AED98417252C6715A56DFA1
                                                                                                  Function 05C7A8BD Relevance: .0, Instructions: 25COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f8d9b655aff842d9920ac459c1e5c9ae19f36dfea6c4cfcc107c04de8d158a8f
                                                                                                  • Instruction ID: b5615d77db516b6651ae74f1a4a459409f59660063668f4689fd19547e616d70
                                                                                                  • Opcode Fuzzy Hash: f8d9b655aff842d9920ac459c1e5c9ae19f36dfea6c4cfcc107c04de8d158a8f
                                                                                                  • Instruction Fuzzy Hash: 95F09DB49052288FDB25DF21D998BADBBB2FB48315F1095EA850A63681C7784E888F10
                                                                                                  Function 0309DAF0 Relevance: .0, Instructions: 24COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1710750196.0000000003090000.00000040.00000800.00020000.00000000.sdmp, Offset: 03090000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_3090000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 1d5089106cf59262539c3be374f318980d94db2490cc4e708398081ba262cb0a
                                                                                                  • Instruction ID: bbdf495105511836bb4f078941c59f1e93298a9de53da0d47621d7e65cf29b28
                                                                                                  • Opcode Fuzzy Hash: 1d5089106cf59262539c3be374f318980d94db2490cc4e708398081ba262cb0a
                                                                                                  • Instruction Fuzzy Hash: 78F0C974E05208EFCB84DFA8D545A9DFBF5EB48310F10C0AAAC1893351D7329A51EF40
                                                                                                  Function 06D1A3D0 Relevance: .0, Instructions: 23COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1725263223.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_6d00000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c88092ce3e04405b267eb6de73b3fd2b338e126ddd011b1bdff28eab9f89eccf
                                                                                                  • Instruction ID: 6914b375878f6b9e4643b6c4b236a628a4a150b7c4f58d2af268eb411555996f
                                                                                                  • Opcode Fuzzy Hash: c88092ce3e04405b267eb6de73b3fd2b338e126ddd011b1bdff28eab9f89eccf
                                                                                                  • Instruction Fuzzy Hash: 88E0C974D05208EFCB84DFA9D584A9DBBF4EB48310F14C0A9981897340D6719E52DF81
                                                                                                  Function 06D15C30 Relevance: .0, Instructions: 23COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1725263223.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_6d00000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c88092ce3e04405b267eb6de73b3fd2b338e126ddd011b1bdff28eab9f89eccf
                                                                                                  • Instruction ID: 1abaf636fecc733a5d14b0104391933b3e7ac375b7a66f32a4b7a449f3a14676
                                                                                                  • Opcode Fuzzy Hash: c88092ce3e04405b267eb6de73b3fd2b338e126ddd011b1bdff28eab9f89eccf
                                                                                                  • Instruction Fuzzy Hash: 5DE0ED74E04208EFCB84DFA8E545A9DFBF5EB88310F10C0A9981997341D7759A51DF80
                                                                                                  Function 06D1D530 Relevance: .0, Instructions: 23COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1725263223.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_6d00000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c88092ce3e04405b267eb6de73b3fd2b338e126ddd011b1bdff28eab9f89eccf
                                                                                                  • Instruction ID: 6602ff713ac96fb81a9700a4840342b64e46c446dfbc52775cb45ef160365a95
                                                                                                  • Opcode Fuzzy Hash: c88092ce3e04405b267eb6de73b3fd2b338e126ddd011b1bdff28eab9f89eccf
                                                                                                  • Instruction Fuzzy Hash: CEE0ED74D04208EFDB84DFA8D585AADFBF5EF49314F10C0A9981897341D7719A51DF81
                                                                                                  Function 05C77DF8 Relevance: .0, Instructions: 23COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 92576aa553708f0ad687880357311b6ddf15dc099f1bdad55d8e9472474e60e7
                                                                                                  • Instruction ID: dd0c3b90a206e21012890f053c2f11664cb3f34af4898295761456ef048d5264
                                                                                                  • Opcode Fuzzy Hash: 92576aa553708f0ad687880357311b6ddf15dc099f1bdad55d8e9472474e60e7
                                                                                                  • Instruction Fuzzy Hash: A4E0DF3590C34C9FC704CBA0D981AADBBF8EB42300F14D0EDC88857381CA31AE06CB41
                                                                                                  Function 05C7CFC6 Relevance: .0, Instructions: 23COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: cfc063c002da001d7479f7ef5be40ac46d71c08e3b4442169a7827f42081d371
                                                                                                  • Instruction ID: 3a8810e683522dd7cfc9a7742faf59cf69fd4a6b9fdae54b47a32cfe960f4ea1
                                                                                                  • Opcode Fuzzy Hash: cfc063c002da001d7479f7ef5be40ac46d71c08e3b4442169a7827f42081d371
                                                                                                  • Instruction Fuzzy Hash: E9F0D47490521ACFDB60CF58D5887DEBBF2FB48311F1050A5A44AA7691CB748E85DF04
                                                                                                  Function 05C71FD8 Relevance: .0, Instructions: 23COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: bacd7c11d44cd2c5ad21612e835d3f1a82c68e05cb62040eca8f558b43c1e8cc
                                                                                                  • Instruction ID: fb7c90c5c5107358cbace9a2bae56ea9e6d2a5e5c4814aee12a9d8496a118c96
                                                                                                  • Opcode Fuzzy Hash: bacd7c11d44cd2c5ad21612e835d3f1a82c68e05cb62040eca8f558b43c1e8cc
                                                                                                  • Instruction Fuzzy Hash: ADE09234A0D2849FCB15DBA4D8849A9FF71AB46301F2481DED40957351C7325A55CB61
                                                                                                  Function 05C7F668 Relevance: .0, Instructions: 23COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 57b7314fb3c930e9440220a4ffa2099229fc46ad11669280b492b990de6da999
                                                                                                  • Instruction ID: 9d758554f7d64a74575f078e2be5cc8b46d2a130e92cafef9070b96e8d6f2f1b
                                                                                                  • Opcode Fuzzy Hash: 57b7314fb3c930e9440220a4ffa2099229fc46ad11669280b492b990de6da999
                                                                                                  • Instruction Fuzzy Hash: 0AE0C274E0420CEFCB44DFA9D584AADBBF5EB48310F10C5AE9819A3350D7329A51DF84
                                                                                                  Function 05C7C938 Relevance: .0, Instructions: 23COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 16d3fd4b1dd4950d78b6f1cf080e49b4f728125be4cd264f97202270340a7f00
                                                                                                  • Instruction ID: 2a0c65be311eb017adbb43c140712d2afc9c11359c17875174b9bd706a226693
                                                                                                  • Opcode Fuzzy Hash: 16d3fd4b1dd4950d78b6f1cf080e49b4f728125be4cd264f97202270340a7f00
                                                                                                  • Instruction Fuzzy Hash: D8F0323490820DEFCB40CF94D844AADBBB9EB48310F10C0AAED1853391D6329A21EF80
                                                                                                  Function 05C7A0C8 Relevance: .0, Instructions: 23COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: a8f3a8b67049345a1e0d8e2683e0f38290469f6d2cfffb42bba7ab76cee84ae3
                                                                                                  • Instruction ID: f73a75da32208f51b1a9b28df6a4d05563ba33db281406c1b9631609953de8be
                                                                                                  • Opcode Fuzzy Hash: a8f3a8b67049345a1e0d8e2683e0f38290469f6d2cfffb42bba7ab76cee84ae3
                                                                                                  • Instruction Fuzzy Hash: D5E0C23590820CEBCB05DF94D944AAEBBBAEB49310F10C899AD0527251D7329A61EB91
                                                                                                  Function 05C73CB1 Relevance: .0, Instructions: 22COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 580df86e33008f1cccf4eef70aa7fbd504a6fb41c8023c74b3828432e56e578e
                                                                                                  • Instruction ID: 4bf75975dcbef2025505b14cab11798bd2c06a135ce654f54e7dc159b3e4acf6
                                                                                                  • Opcode Fuzzy Hash: 580df86e33008f1cccf4eef70aa7fbd504a6fb41c8023c74b3828432e56e578e
                                                                                                  • Instruction Fuzzy Hash: 47E09A35908208DFC708EBA0D59EE69FBF8EB45304F24D5ADE8092B352C731AA41DB40
                                                                                                  Function 05C7E848 Relevance: .0, Instructions: 22COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b6c510cf47b8a132c40cebe60038e3f82fdfca3535e750bb9ea39429500b095d
                                                                                                  • Instruction ID: a16c515cc9c898bf7c2ad79943f0c0dca1f7d42d5ca7945fe8dc5afcc5f9a2ad
                                                                                                  • Opcode Fuzzy Hash: b6c510cf47b8a132c40cebe60038e3f82fdfca3535e750bb9ea39429500b095d
                                                                                                  • Instruction Fuzzy Hash: 8FE0C235904208EFCB44DFA9D584AADBBB9EB48310F10C5AAAC1867351D7329A51DF81
                                                                                                  Function 06D1FED8 Relevance: .0, Instructions: 21COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1725263223.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_6d00000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 8cb1ffbb91206088813e5ba1dbd928937e32a8a298f3a9d8470d9f29b2843dae
                                                                                                  • Instruction ID: aac1a11831692e743db040716c1ab122bd6680b7fc2df69b5eeba50923d7812c
                                                                                                  • Opcode Fuzzy Hash: 8cb1ffbb91206088813e5ba1dbd928937e32a8a298f3a9d8470d9f29b2843dae
                                                                                                  • Instruction Fuzzy Hash: D1E08674908348EFC744DF94E545E6DBBF8EB45310F20C0A9D84497341C7719B41DB91
                                                                                                  Function 06D1FB08 Relevance: .0, Instructions: 20COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1725263223.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_6d00000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 4e7a83fefef4170887d484d355c7639e16c55a7e0a1e542c0866eaf15e69d838
                                                                                                  • Instruction ID: 1a948284aad3636bec8a42e9930c35d3c7705a907b6baae1d6df8bfe9e07d858
                                                                                                  • Opcode Fuzzy Hash: 4e7a83fefef4170887d484d355c7639e16c55a7e0a1e542c0866eaf15e69d838
                                                                                                  • Instruction Fuzzy Hash: E7E04F34D04208EFC744DF94E594AACFBF4EB88300F10C0E9D85857341D671AA01DF80
                                                                                                  Function 06D18818 Relevance: .0, Instructions: 20COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1725263223.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_6d00000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 4e7a83fefef4170887d484d355c7639e16c55a7e0a1e542c0866eaf15e69d838
                                                                                                  • Instruction ID: 79daa8df8184f2ee81b34dbc317b3dcaa9512635d5b1ee81bc3347c5b64683c2
                                                                                                  • Opcode Fuzzy Hash: 4e7a83fefef4170887d484d355c7639e16c55a7e0a1e542c0866eaf15e69d838
                                                                                                  • Instruction Fuzzy Hash: A8E01A34D04208EFC744DF94E544AACBBF4EB48200F10C0E99C5857341D7719A02DF80
                                                                                                  Function 05C75D41 Relevance: .0, Instructions: 20COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 92351c31f80c5927826a0e955807e93475daaafa128f0e8e87ebc184a53ab0c1
                                                                                                  • Instruction ID: 97194c4beee8bf8372334f8ac5f97aeeee843652238777d59a3ea8bcab15e1f4
                                                                                                  • Opcode Fuzzy Hash: 92351c31f80c5927826a0e955807e93475daaafa128f0e8e87ebc184a53ab0c1
                                                                                                  • Instruction Fuzzy Hash: C0F0157490405D8BCB28CF28D4847AABAB2FB46304F4014E6E86662681D7380A84DE14
                                                                                                  Function 05C7D7B8 Relevance: .0, Instructions: 20COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 63e0c4953e2fe3a8fd35888b136d16424e19fc56e384465c20cb42bd6fb0b16d
                                                                                                  • Instruction ID: 066e7b1589f9b68c281698f37916454309321154b522c4b33e893ffe23b1bad3
                                                                                                  • Opcode Fuzzy Hash: 63e0c4953e2fe3a8fd35888b136d16424e19fc56e384465c20cb42bd6fb0b16d
                                                                                                  • Instruction Fuzzy Hash: 19E0E67490424CDFC744DFA8D585B9DBBF4EF48214F1084E99909D7745E7319E41CB81
                                                                                                  Function 05C79766 Relevance: .0, Instructions: 20COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 147081f3687cd1684efac353cc95368081df5a662527b50330e637727d78c5e7
                                                                                                  • Instruction ID: ad6db3ead74af3b3dba475e189cf2edcc7cf1531ba0f09b413f501a1ee630205
                                                                                                  • Opcode Fuzzy Hash: 147081f3687cd1684efac353cc95368081df5a662527b50330e637727d78c5e7
                                                                                                  • Instruction Fuzzy Hash: BCE09A3550420CEFCF05CFA0D984EADBBB2FB49310F14C499AD1527251C7329A61EF40
                                                                                                  Function 05C7FE88 Relevance: .0, Instructions: 20COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5c2e82a4bea9872e1d8a0803674df92eefdad4ababefc8315f3048f02e559f6b
                                                                                                  • Instruction ID: 744a2188a2afa82f3d509f9d99d66229746080bd35ab2d814c1f797e6f975b18
                                                                                                  • Opcode Fuzzy Hash: 5c2e82a4bea9872e1d8a0803674df92eefdad4ababefc8315f3048f02e559f6b
                                                                                                  • Instruction Fuzzy Hash: 7AE01A74D04208EFC704DF99D584AACB7F4FB89300F10C0AD980863341D7319A01CF40
                                                                                                  Function 05C7D960 Relevance: .0, Instructions: 20COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 63e0c4953e2fe3a8fd35888b136d16424e19fc56e384465c20cb42bd6fb0b16d
                                                                                                  • Instruction ID: f81fe342a8d1b53d3600b6207512477beed5ed7024293ee2c0284f9e453ce620
                                                                                                  • Opcode Fuzzy Hash: 63e0c4953e2fe3a8fd35888b136d16424e19fc56e384465c20cb42bd6fb0b16d
                                                                                                  • Instruction Fuzzy Hash: D6E0BF74904208DFC744DFA8D585B5DBBF5EB48214F1084A9984A93351EB319A41CB81
                                                                                                  Function 05C7F170 Relevance: .0, Instructions: 20COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b262e899851e00d8a755c4bb9ca232361368ef5f5dbbd77b43c207039c26e40b
                                                                                                  • Instruction ID: 35138037a6995ddab5f10ee3af6700df5ceec6ff5f519b9e26a79469c31ab8a9
                                                                                                  • Opcode Fuzzy Hash: b262e899851e00d8a755c4bb9ca232361368ef5f5dbbd77b43c207039c26e40b
                                                                                                  • Instruction Fuzzy Hash: 53E0463490820CEBCB04DF95DA84EADBBB5EB49320F10C1A9980423340C6329A52DF80
                                                                                                  Function 05C7D3E8 Relevance: .0, Instructions: 20COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 63e0c4953e2fe3a8fd35888b136d16424e19fc56e384465c20cb42bd6fb0b16d
                                                                                                  • Instruction ID: bca558195878c230235461fbb1ba085d9572bd99cf3dd1af6425d24c029d77c6
                                                                                                  • Opcode Fuzzy Hash: 63e0c4953e2fe3a8fd35888b136d16424e19fc56e384465c20cb42bd6fb0b16d
                                                                                                  • Instruction Fuzzy Hash: 4DE0B674904248EFC784DFA8D585AADBBF4EB48214F2084E9980997741E632AA42CB41
                                                                                                  Function 06D1DEB8 Relevance: .0, Instructions: 19COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1725263223.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_6d00000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f298e0bdba9f04244f50096e2bc8fe213a95b9fe7ff46485a0441ec0e193e775
                                                                                                  • Instruction ID: 498e039b305218fce6c13ac1eab21bd0c0e0664282cca9da34825254063f7b5b
                                                                                                  • Opcode Fuzzy Hash: f298e0bdba9f04244f50096e2bc8fe213a95b9fe7ff46485a0441ec0e193e775
                                                                                                  • Instruction Fuzzy Hash: E1E08C34908208EBC704DF94E584A6DFBB9EB45311F1080A8984867340CB72AE02CB80
                                                                                                  Function 06D1B248 Relevance: .0, Instructions: 19COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1725263223.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_6d00000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 18b9c5baf15616f38ee129e427c5b88ba6c80fc513119fa5165ed35eb34e8a3e
                                                                                                  • Instruction ID: a322e48059634bce3dfe962946a99489edcec49ee8c3fb3c3d430d80ab36ca04
                                                                                                  • Opcode Fuzzy Hash: 18b9c5baf15616f38ee129e427c5b88ba6c80fc513119fa5165ed35eb34e8a3e
                                                                                                  • Instruction Fuzzy Hash: 49E01275D01308EFDB90EFF6A504B9FB7E8DB46214F0044AA950597110EA724A14EB96
                                                                                                  Function 0309CA90 Relevance: .0, Instructions: 19COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1710750196.0000000003090000.00000040.00000800.00020000.00000000.sdmp, Offset: 03090000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_3090000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 6fea86192d7ef7e548950a95f79a38f4ecf2109f38b5c6f6d35466246952a530
                                                                                                  • Instruction ID: 0e00c34b57da536eeec42ab06ea7c7f05ea78e5d80f12ff33c8fb31dc058114a
                                                                                                  • Opcode Fuzzy Hash: 6fea86192d7ef7e548950a95f79a38f4ecf2109f38b5c6f6d35466246952a530
                                                                                                  • Instruction Fuzzy Hash: C7E0EC71801308EFDB51EFB2A558B9BB7F9EB05215F1044AAD50AA3110EA725A04DBA5
                                                                                                  Function 05C73580 Relevance: .0, Instructions: 19COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 4ccc629fa0ade4605aa63a223d16418d3532b88fdf199331c76a229b4e9a308e
                                                                                                  • Instruction ID: 2ee8b026a4db20a0b1a62d37742648819c0fee4ec9c96c297aa462cd10939f0d
                                                                                                  • Opcode Fuzzy Hash: 4ccc629fa0ade4605aa63a223d16418d3532b88fdf199331c76a229b4e9a308e
                                                                                                  • Instruction Fuzzy Hash: 47E0C23490820CDBCB04DF94D588A6DBBF4EB49301F10C8E8C80813340C7329E02DB80
                                                                                                  Function 05C77578 Relevance: .0, Instructions: 19COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 4ccc629fa0ade4605aa63a223d16418d3532b88fdf199331c76a229b4e9a308e
                                                                                                  • Instruction ID: add6811b5a95cc5f7250d5a49fec14d97baebb5e3118c3e7effca673920ec278
                                                                                                  • Opcode Fuzzy Hash: 4ccc629fa0ade4605aa63a223d16418d3532b88fdf199331c76a229b4e9a308e
                                                                                                  • Instruction Fuzzy Hash: A7E0EC7490820CDBC754DFA4D585A6DBBF9EB49314F10C5A9980917341DA329E52DF81
                                                                                                  Function 05C78D28 Relevance: .0, Instructions: 19COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b83c93848932c5b1590634df397ee2acded16d5dc08e1d9a0142f700cc8589bc
                                                                                                  • Instruction ID: 9f996f6829ec9559c1ee885f656d5f022d286e8f8722b66f03cec27e8bccc1e1
                                                                                                  • Opcode Fuzzy Hash: b83c93848932c5b1590634df397ee2acded16d5dc08e1d9a0142f700cc8589bc
                                                                                                  • Instruction Fuzzy Hash: 29E0C27280130CDBDB40EFF19504B8FB3F8DB45200F0048AA820997100EA324A00AB91
                                                                                                  Function 05C73CC0 Relevance: .0, Instructions: 19COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 4ccc629fa0ade4605aa63a223d16418d3532b88fdf199331c76a229b4e9a308e
                                                                                                  • Instruction ID: e262220355a33c870f519567f6fad8e0c79319cf5a59c2582ea7744df3c9be18
                                                                                                  • Opcode Fuzzy Hash: 4ccc629fa0ade4605aa63a223d16418d3532b88fdf199331c76a229b4e9a308e
                                                                                                  • Instruction Fuzzy Hash: B6E01234A0824CDBC704DF94D585A6DBBB5EB45314F24C5E9D80927345D7329E42DB81
                                                                                                  Function 05C71FE8 Relevance: .0, Instructions: 19COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 4ccc629fa0ade4605aa63a223d16418d3532b88fdf199331c76a229b4e9a308e
                                                                                                  • Instruction ID: 48f15a4dcb69cfe7a747ed92c250c4da234f0ec0e062d8da69b4df0d97b35f9f
                                                                                                  • Opcode Fuzzy Hash: 4ccc629fa0ade4605aa63a223d16418d3532b88fdf199331c76a229b4e9a308e
                                                                                                  • Instruction Fuzzy Hash: 41E0EC38908208DBD714DFA4D585A6DFBB9EB45314F1085A9D80917341DB329E42DB91
                                                                                                  Function 05C77E08 Relevance: .0, Instructions: 19COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 4ccc629fa0ade4605aa63a223d16418d3532b88fdf199331c76a229b4e9a308e
                                                                                                  • Instruction ID: b156be4f3002ec56603c0dbb47e0df4fd689256ed21c709fb334417bb5dc1d2e
                                                                                                  • Opcode Fuzzy Hash: 4ccc629fa0ade4605aa63a223d16418d3532b88fdf199331c76a229b4e9a308e
                                                                                                  • Instruction Fuzzy Hash: 5BE0EC3490820CDFC718DFA4E585AADBBF9EB45314F10D5E9980917341DB329E52DB81
                                                                                                  Function 05C70940 Relevance: .0, Instructions: 19COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 4ccc629fa0ade4605aa63a223d16418d3532b88fdf199331c76a229b4e9a308e
                                                                                                  • Instruction ID: e228f0b214ad1e8ef871b5d1be24e0d82fd69d5809f76ba986fc77250c73ba01
                                                                                                  • Opcode Fuzzy Hash: 4ccc629fa0ade4605aa63a223d16418d3532b88fdf199331c76a229b4e9a308e
                                                                                                  • Instruction Fuzzy Hash: FDE0C23490820CDBCB04DF95D588A6DBBB4EB45300F10C0E8C81823380C7329E02DF80
                                                                                                  Function 05C70108 Relevance: .0, Instructions: 19COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 4ccc629fa0ade4605aa63a223d16418d3532b88fdf199331c76a229b4e9a308e
                                                                                                  • Instruction ID: 76439732f0d0d67e7c5fbfb21791054964c17753602e30cd3c2b33a4e3528f5e
                                                                                                  • Opcode Fuzzy Hash: 4ccc629fa0ade4605aa63a223d16418d3532b88fdf199331c76a229b4e9a308e
                                                                                                  • Instruction Fuzzy Hash: C3E01234A0820CEBCB04DF94E989AADBBB9EB45314F10D5EDD80927341DB329E52DF81
                                                                                                  Function 05C71018 Relevance: .0, Instructions: 19COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 4ccc629fa0ade4605aa63a223d16418d3532b88fdf199331c76a229b4e9a308e
                                                                                                  • Instruction ID: 974fd7c0bcd718d8148ffdff0b17c8c48bf98ea337c7b5d4079b3fc9b4d4ea42
                                                                                                  • Opcode Fuzzy Hash: 4ccc629fa0ade4605aa63a223d16418d3532b88fdf199331c76a229b4e9a308e
                                                                                                  • Instruction Fuzzy Hash: 43E0123490824CDBC704DFA4D585A6DBFB9EB45314F24C5EDD80917351DB329E42DB81
                                                                                                  Function 05C7A303 Relevance: .0, Instructions: 19COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 383dd086b5ba7b4c67db441ea44427e8ee2df0b5bf1ed633d1c526a2c09af0f4
                                                                                                  • Instruction ID: 0f342db85cda258fcf4f4a1ee1b7ca31db3a6f62883937029de063645c997d3e
                                                                                                  • Opcode Fuzzy Hash: 383dd086b5ba7b4c67db441ea44427e8ee2df0b5bf1ed633d1c526a2c09af0f4
                                                                                                  • Instruction Fuzzy Hash: 5AF0A5B89052188FDB25DF21D9987EDBBB2FB88315F1081E9D40963295CB344E89CF10
                                                                                                  Function 05C7B332 Relevance: .0, Instructions: 19COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b9be2d0e8101cac61447a9d3b8fe93d97e543880ca5b6b9b6938318e06617e62
                                                                                                  • Instruction ID: a5e3a3fddc0448bad4519642ff625d91bb85f8774e9d99408e31b0fd5a368963
                                                                                                  • Opcode Fuzzy Hash: b9be2d0e8101cac61447a9d3b8fe93d97e543880ca5b6b9b6938318e06617e62
                                                                                                  • Instruction Fuzzy Hash: 0DF09278A05128DFDB54DF20D888BEABBB2FB85301F4081E6984963294DB744E85CF01
                                                                                                  Function 05C72A40 Relevance: .0, Instructions: 19COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 4ccc629fa0ade4605aa63a223d16418d3532b88fdf199331c76a229b4e9a308e
                                                                                                  • Instruction ID: b74d8849e3f63f9fa8ee3a487b82ed6bfeeb3cbf418f9f998c5e2a83a7fffd29
                                                                                                  • Opcode Fuzzy Hash: 4ccc629fa0ade4605aa63a223d16418d3532b88fdf199331c76a229b4e9a308e
                                                                                                  • Instruction Fuzzy Hash: 54E0123890820CDFCB14DF95D585A6EBBB5EB45314F10D5E9D81917341D7329E42DB81
                                                                                                  Function 05C787E6 Relevance: .0, Instructions: 17COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: fe3a6ac56ab9bc7783302bfe2795d3823a1ac6a154b828a8e9bded3f8fbf540a
                                                                                                  • Instruction ID: 4ca41d435c8add1bc2cf717c5921288d335c8fa228bf52c734f6b83706ee2bd4
                                                                                                  • Opcode Fuzzy Hash: fe3a6ac56ab9bc7783302bfe2795d3823a1ac6a154b828a8e9bded3f8fbf540a
                                                                                                  • Instruction Fuzzy Hash: 89E0EC74904208DFC744CF99C584BACBBF1EB48214F2088E99809E3340DB329A42CB00
                                                                                                  Function 05C765B6 Relevance: .0, Instructions: 15COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e8cdc24dd9f9f03837e1bd7bc27f6ccbf42bf33feca4b995aa936648b012ba2c
                                                                                                  • Instruction ID: 073d09300b117a6822cddbe21ea4bae9a041b97ed16ed5ad1f9c501a0f23a596
                                                                                                  • Opcode Fuzzy Hash: e8cdc24dd9f9f03837e1bd7bc27f6ccbf42bf33feca4b995aa936648b012ba2c
                                                                                                  • Instruction Fuzzy Hash: 1DD01770908248DFC794CBA4C194ABCBBF0EB49318F1488DA980953641D6328A82EB00
                                                                                                  Function 05C7851E Relevance: .0, Instructions: 15COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e8cdc24dd9f9f03837e1bd7bc27f6ccbf42bf33feca4b995aa936648b012ba2c
                                                                                                  • Instruction ID: 89a92619b337c060eb89018a2d661f4e8d6f07a06bbbc7c64eb0cd41e3bf8c5b
                                                                                                  • Opcode Fuzzy Hash: e8cdc24dd9f9f03837e1bd7bc27f6ccbf42bf33feca4b995aa936648b012ba2c
                                                                                                  • Instruction Fuzzy Hash: 5CD0177090824CDFD794CB94D198AACBBF0EB49215F1484D9995953641DB328A42DF00
                                                                                                  Function 05C799D3 Relevance: .0, Instructions: 14COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1723093777.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_5c70000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f3b463be2f4cccab58cda481b381cc98fc3bf51ebe29f0915eb540dae95f7764
                                                                                                  • Instruction ID: e02d687d84262b21ce27a16a36750a884f27c8bbf79d2ac71e788cd12872af87
                                                                                                  • Opcode Fuzzy Hash: f3b463be2f4cccab58cda481b381cc98fc3bf51ebe29f0915eb540dae95f7764
                                                                                                  • Instruction Fuzzy Hash: 5BE017356000089FDF02CFC4C844ADEBB73FB8D301F008104E5097B298C7758948CB41
                                                                                                  Function 06D1E320 Relevance: .0, Instructions: 12COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1725263223.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_6d00000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: cf11380c3f7652507cab4bb29d824b17e1ab39ac6f002f90182663fd6a657572
                                                                                                  • Instruction ID: 0ed47407bbc012e2036228f593ee5093d1b8c00a044f46f6578f5f52c2e37413
                                                                                                  • Opcode Fuzzy Hash: cf11380c3f7652507cab4bb29d824b17e1ab39ac6f002f90182663fd6a657572
                                                                                                  • Instruction Fuzzy Hash: 36C02B3004F304CBE2541352704CF3673FC8306307F005410E94C010330BF09000CB81
                                                                                                  Function 0309C880 Relevance: .0, Instructions: 11COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000005.00000002.1710750196.0000000003090000.00000040.00000800.00020000.00000000.sdmp, Offset: 03090000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_5_2_3090000_svcost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 88b4e75481397dafe0887ccf4a9967ed25f346557f8555477b5837cabd58809d
                                                                                                  • Instruction ID: c08ac5af6ccffb0dd4cd767143578bf0009ecef6b4f51f087c2682ef2adeb2bf
                                                                                                  • Opcode Fuzzy Hash: 88b4e75481397dafe0887ccf4a9967ed25f346557f8555477b5837cabd58809d
                                                                                                  • Instruction Fuzzy Hash: C5C08C3040A3048FE2E0BBF3B90EB3A7AE8BB0121AF000065F18C010114F726400DB67

                                                                                                  Executed Functions

                                                                                                  Function 00CA6730 Relevance: 5.4, Strings: 4, Instructions: 443COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818543149.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_ca0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: (oq$(oq$,q$,q
                                                                                                  • API String ID: 0-620556200
                                                                                                  • Opcode ID: 7aaebb052030c41e38b18b7d0897a6fed2e6ac5116b43753f495cd3c0d8be96a
                                                                                                  • Instruction ID: 191289b5add43ae99b30805890f1342ab2d01538a4e60b1ac660ac6aa3ead5f8
                                                                                                  • Opcode Fuzzy Hash: 7aaebb052030c41e38b18b7d0897a6fed2e6ac5116b43753f495cd3c0d8be96a
                                                                                                  • Instruction Fuzzy Hash: 6E026470A0020ADFCB14CF69D984AAEBBF6FF4A318F198069E455EB2A1D730DD41DB50
                                                                                                  Function 00CAC470 Relevance: 5.2, Strings: 4, Instructions: 242COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818543149.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_ca0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: PHq$PHq$PHq$PHq
                                                                                                  • API String ID: 0-376399332
                                                                                                  • Opcode ID: 86a6127c53c8b100f3fa248605c892223af0fa244ca872a5267eed2e84809158
                                                                                                  • Instruction ID: e822a07fa3cacf755491beceff6798166cc4cd5bddf61bbac9ff8de47631505b
                                                                                                  • Opcode Fuzzy Hash: 86a6127c53c8b100f3fa248605c892223af0fa244ca872a5267eed2e84809158
                                                                                                  • Instruction Fuzzy Hash: 18B1E674E00219CFDB14DFA9D994BADBBF2BF49314F24806AE419AB361DB309942DF50
                                                                                                  Function 00CA9858 Relevance: 3.4, Strings: 2, Instructions: 864COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818543149.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_ca0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: (oq$4'q
                                                                                                  • API String ID: 0-1336004174
                                                                                                  • Opcode ID: 070ea6421813783f596e51167639d9007ad3de1c5837678700866436b2d1dd49
                                                                                                  • Instruction ID: 892f5e54ece66b0eb92d75f269ca2eeb1809d43e940a9e2229b715706188becf
                                                                                                  • Opcode Fuzzy Hash: 070ea6421813783f596e51167639d9007ad3de1c5837678700866436b2d1dd49
                                                                                                  • Instruction Fuzzy Hash: 17728270A0020ADFCF15CF68C984AAEBBF2FF89318F158559E9169B2A1D730ED41DB51
                                                                                                  Function 00CA6108 Relevance: 3.0, Strings: 2, Instructions: 515COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818543149.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_ca0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: (oq$Hq
                                                                                                  • API String ID: 0-2917151738
                                                                                                  • Opcode ID: f9ec01e3103284cf8c47f78374f1e73ea7f646dc27f885666974d979b3630bee
                                                                                                  • Instruction ID: 15ac5f23be93f5eec171460ac1997d02a1ca7feb72d4ba68d77cc3130c47ed4c
                                                                                                  • Opcode Fuzzy Hash: f9ec01e3103284cf8c47f78374f1e73ea7f646dc27f885666974d979b3630bee
                                                                                                  • Instruction Fuzzy Hash: 7A12A270A002198FDB14DF69C854BAEBBF6FF89308F248529E416DB3A1DB349D45CB90
                                                                                                  Function 05288B58 Relevance: 2.7, Strings: 2, Instructions: 227COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3824899827.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_5280000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: PHq$PHq
                                                                                                  • API String ID: 0-1274609152
                                                                                                  • Opcode ID: 4ca020668d016509a6bb473bb28d7af87dc0945a44412fb4bee0ee349bb82b2d
                                                                                                  • Instruction ID: c07214bd386487b6c8e6530f24651fcdc0bef1fbc8589e6b2a3c852ad50b01ba
                                                                                                  • Opcode Fuzzy Hash: 4ca020668d016509a6bb473bb28d7af87dc0945a44412fb4bee0ee349bb82b2d
                                                                                                  • Instruction Fuzzy Hash: 99A13370E15258CFDB58DFB9C8847ADBBB2BF8A300F5484AAD409AB395DB305946CF50
                                                                                                  Function 00CAB4F3 Relevance: 2.7, Strings: 2, Instructions: 193COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818543149.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_ca0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: PHq$PHq
                                                                                                  • API String ID: 0-1274609152
                                                                                                  • Opcode ID: a264beb73408f70f9e869c2ff70602d31a0e573283c5d5a7bf8e712d592158d2
                                                                                                  • Instruction ID: ce43af07a3bf1842d3ffd02b7b5b743bda54d7f97b66aa4927257055cfba41e1
                                                                                                  • Opcode Fuzzy Hash: a264beb73408f70f9e869c2ff70602d31a0e573283c5d5a7bf8e712d592158d2
                                                                                                  • Instruction Fuzzy Hash: 9791B374E00259CFDB18DFAAD984A9DBBF2BF89304F148069E419AB366DB709D41DF10
                                                                                                  Function 00CAC190 Relevance: 2.7, Strings: 2, Instructions: 192COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818543149.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_ca0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: PHq$PHq
                                                                                                  • API String ID: 0-1274609152
                                                                                                  • Opcode ID: 7d19e62af2a7f8204fee2213c6e3eb5f336a993511ead2d00248ab5d5e068ac5
                                                                                                  • Instruction ID: d1a3622c97c21b33f28d9ec22cbaead9de5c95836d2ee0a6df2b125cb78ae653
                                                                                                  • Opcode Fuzzy Hash: 7d19e62af2a7f8204fee2213c6e3eb5f336a993511ead2d00248ab5d5e068ac5
                                                                                                  • Instruction Fuzzy Hash: 8581B274E00219DFDB14DFAAD884A9DBBF2BF89304F24C06AE419AB365DB349941DF10
                                                                                                  Function 00CABBD3 Relevance: 2.7, Strings: 2, Instructions: 192COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818543149.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_ca0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: PHq$PHq
                                                                                                  • API String ID: 0-1274609152
                                                                                                  • Opcode ID: 74d40541f593403384f77211d4abc0329eeee5636bc66acc0beb18d5d3a52e8f
                                                                                                  • Instruction ID: 93b7e906fb28c44b6ddf0ebed306656919442cb5142f61bf895e5cacfc231626
                                                                                                  • Opcode Fuzzy Hash: 74d40541f593403384f77211d4abc0329eeee5636bc66acc0beb18d5d3a52e8f
                                                                                                  • Instruction Fuzzy Hash: 4681B374E00219DFDB14DFAAD984A9DBBF2BF89314F248069E419AB366DB309D41DF10
                                                                                                  Function 00CAC753 Relevance: 2.7, Strings: 2, Instructions: 191COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818543149.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_ca0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: PHq$PHq
                                                                                                  • API String ID: 0-1274609152
                                                                                                  • Opcode ID: b4039ae6ce2d7d19ded999331b57773fa78d25d7903a263f5b52e16871e3e658
                                                                                                  • Instruction ID: 01539a13591bbdef966bcc36fac65fd668b040a234e78e0f78ed41b7f4d30100
                                                                                                  • Opcode Fuzzy Hash: b4039ae6ce2d7d19ded999331b57773fa78d25d7903a263f5b52e16871e3e658
                                                                                                  • Instruction Fuzzy Hash: D681C374E00219CFDB14DFAAD984A9DBBF2BF89304F24C06AE419AB365DB349941DF10
                                                                                                  Function 00CA4AD9 Relevance: 2.7, Strings: 2, Instructions: 187COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818543149.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_ca0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: PHq$PHq
                                                                                                  • API String ID: 0-1274609152
                                                                                                  • Opcode ID: a351f56938cf0500deff371283746352926af6012e4b2e667ca8dac18318eaa2
                                                                                                  • Instruction ID: 3e9d72f8cbad81803fda3079113f9bdc99681b6b7e6d3c4ea0ad5ef4c250ab11
                                                                                                  • Opcode Fuzzy Hash: a351f56938cf0500deff371283746352926af6012e4b2e667ca8dac18318eaa2
                                                                                                  • Instruction Fuzzy Hash: C281B274E00219CFDB18DFAAD984B9DBBF2BF89314F248069E419AB365DB709941CF10
                                                                                                  Function 00CACA33 Relevance: 2.7, Strings: 2, Instructions: 184COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818543149.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_ca0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: PHq$PHq
                                                                                                  • API String ID: 0-1274609152
                                                                                                  • Opcode ID: d54214b3b90ac6ee1278d94c8fd590dca377d85e82488b3944c0e98cdabfcbf2
                                                                                                  • Instruction ID: 8eaef182f9d4645ae68233d5c3611c6d02db296d30ef15ff07ad2ba3f73facae
                                                                                                  • Opcode Fuzzy Hash: d54214b3b90ac6ee1278d94c8fd590dca377d85e82488b3944c0e98cdabfcbf2
                                                                                                  • Instruction Fuzzy Hash: 9081A274E00219CFDB14DFAAD984A9DBBF2BF89314F24C069E819AB365DB349941DF10
                                                                                                  Function 05288608 Relevance: .3, Instructions: 296COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3824899827.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_5280000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: dd778a437127428ead6b5501ee018a90d366ac8f1d03c4fbec605657c4e4c0be
                                                                                                  • Instruction ID: c1da63dece83cf639c283bc005f53ee05ec06c9a20f948c291ab9cf4f8b0ab73
                                                                                                  • Opcode Fuzzy Hash: dd778a437127428ead6b5501ee018a90d366ac8f1d03c4fbec605657c4e4c0be
                                                                                                  • Instruction Fuzzy Hash: ACE1B174E01218CFEB24DFA5C994B9DBBB2BF89304F2081A9D409AB395DB355A85CF50
                                                                                                  Function 0528BD38 Relevance: .2, Instructions: 219COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3824899827.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_5280000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e109eb0b4c30bafee8d247139c1577121ab8b70fe32b80501c4063b003084eec
                                                                                                  • Instruction ID: 9379c961ee7b17ed8af545f4e076dbedfacb14019a814eb705eb86093e38699a
                                                                                                  • Opcode Fuzzy Hash: e109eb0b4c30bafee8d247139c1577121ab8b70fe32b80501c4063b003084eec
                                                                                                  • Instruction Fuzzy Hash: 24A19F74E112288FEB28DF6AD944B9DBBF2BF89300F14C0AAD40DA7255DB745A85CF10
                                                                                                  Function 0528C9D8 Relevance: .2, Instructions: 219COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3824899827.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_5280000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 94af75768e37e32c70a980909943ea4d75a1cf4e0ffc66a84ee874b3c30558d4
                                                                                                  • Instruction ID: e50c990f95235f57361f6cf0e84734ae97b1b0438bc17d812b063378461b2d40
                                                                                                  • Opcode Fuzzy Hash: 94af75768e37e32c70a980909943ea4d75a1cf4e0ffc66a84ee874b3c30558d4
                                                                                                  • Instruction Fuzzy Hash: EFA19271E112188FEB28DF6AD944B9DBAF2BF89300F14C1AAD40DBB255DB745A85CF10
                                                                                                  Function 0528A408 Relevance: .2, Instructions: 219COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3824899827.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_5280000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 6e197666d3d79a8838aa0ba525b9a32bf03dd917de6d93fb74ec0afc847edb3c
                                                                                                  • Instruction ID: a3dfb2f42b8471d73d3ba1dd77f9bd09a41b2ee2c0cfd22f58924e7293a7165d
                                                                                                  • Opcode Fuzzy Hash: 6e197666d3d79a8838aa0ba525b9a32bf03dd917de6d93fb74ec0afc847edb3c
                                                                                                  • Instruction Fuzzy Hash: D0A1A174E012288FEB28DF6AD944B9DBBF2BF89310F14C1AAD40DA7255DB745A85CF10
                                                                                                  Function 0528C388 Relevance: .2, Instructions: 219COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3824899827.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_5280000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2abf6c753a017e409a918a5f7c230aeb73f9820359fc393829a3395c70c096c2
                                                                                                  • Instruction ID: a880a225c0d7138c4e93c4fd9430100a432c04bb319e831fb738075da50a0186
                                                                                                  • Opcode Fuzzy Hash: 2abf6c753a017e409a918a5f7c230aeb73f9820359fc393829a3395c70c096c2
                                                                                                  • Instruction Fuzzy Hash: 22A18475E112188FEB28DF6AD944B9DBAF2BF89300F14C0AAD40DB7255D7745A85CF20
                                                                                                  Function 0528D670 Relevance: .2, Instructions: 219COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3824899827.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_5280000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 46a29a649739fcbe297e6d01393049219a01ba08f26b0a431d150265b5234e30
                                                                                                  • Instruction ID: dde46a9a9610c1908661fb0bf6ab05a2b53c70bad188cdf177d39a4e5eeb06c9
                                                                                                  • Opcode Fuzzy Hash: 46a29a649739fcbe297e6d01393049219a01ba08f26b0a431d150265b5234e30
                                                                                                  • Instruction Fuzzy Hash: 70A1A371E112188FEB28DF6AD944B9DBBF2BF89300F14C0AAD40DA7295D7745A85CF10
                                                                                                  Function 0528B6E8 Relevance: .2, Instructions: 219COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3824899827.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_5280000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b7dea206e4f20d7cdbe9d7cc5df308e564f655b7ca6307f0891bb2037dd23fe9
                                                                                                  • Instruction ID: 32b11a53c1119ffdd15bfb2909299681369a5bf2dc4e3313d424dc2c6a2011f3
                                                                                                  • Opcode Fuzzy Hash: b7dea206e4f20d7cdbe9d7cc5df308e564f655b7ca6307f0891bb2037dd23fe9
                                                                                                  • Instruction Fuzzy Hash: E5A19175E012288FEB28DF6AD944B9DBBF2BF89300F14C0AAD40DA7255DB745A85CF10
                                                                                                  Function 0528D028 Relevance: .2, Instructions: 218COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3824899827.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_5280000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 74c55ee8812b71ba164f2d871d878995b351f1b60660e8bfac844fae4d1c970e
                                                                                                  • Instruction ID: 08e88dcf2ab905ff89dcae467193995c1c051cc6dc6d63fb2c2f5212fdb58031
                                                                                                  • Opcode Fuzzy Hash: 74c55ee8812b71ba164f2d871d878995b351f1b60660e8bfac844fae4d1c970e
                                                                                                  • Instruction Fuzzy Hash: 96A19270E012188FEB68DF6AD944B9DBBF2BF89300F14C0AAD40DA7295DB745A85CF10
                                                                                                  Function 0528B0A0 Relevance: .2, Instructions: 218COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3824899827.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_5280000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 69e0b0af975e115beda219c3f1a6e287eb5feb78ac7e19f3989771f8149cd79a
                                                                                                  • Instruction ID: 5ae6a6c6fd76d878060fcdc39d3c4e2556e454b01d2ce1da193a2362dcc19ab4
                                                                                                  • Opcode Fuzzy Hash: 69e0b0af975e115beda219c3f1a6e287eb5feb78ac7e19f3989771f8149cd79a
                                                                                                  • Instruction Fuzzy Hash: 12A19F75E012288FEB28DF6AD944B9DBBF2BF89300F14C1AAD40DA7255DB745A85CF10
                                                                                                  Function 0528AA58 Relevance: .2, Instructions: 218COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3824899827.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_5280000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2ef74e82957da59dc2b12b669c5637e5056ee5a2c800b49abc5d203d4751909c
                                                                                                  • Instruction ID: 4d58185d6262ef58e99936717d2a6a2702a40f9d274a988ec831766f82de11e2
                                                                                                  • Opcode Fuzzy Hash: 2ef74e82957da59dc2b12b669c5637e5056ee5a2c800b49abc5d203d4751909c
                                                                                                  • Instruction Fuzzy Hash: ACA1A071E012288FEB28DF6AD944B9DBBF2BF89310F14C0AAD40DA7255DB745A85CF10
                                                                                                  Function 00CAF007 Relevance: .2, Instructions: 200COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818543149.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_ca0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5b707fa94ff417c61ba473497112c2346c903fe7279a2da4743cd598b8c4c40d
                                                                                                  • Instruction ID: e79bef2f015d12a208a5eaac0ec0a36ae44757567a8e83c1c0f646d9d23f105d
                                                                                                  • Opcode Fuzzy Hash: 5b707fa94ff417c61ba473497112c2346c903fe7279a2da4743cd598b8c4c40d
                                                                                                  • Instruction Fuzzy Hash: 7B81D374E01219CFDB24DFAAD9847DDBBF2AB8A305F1490AAD408A7355D7349E82CF50
                                                                                                  Function 0528B08F Relevance: .2, Instructions: 166COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3824899827.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_5280000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 765951763ee1dcc13251c0e36e3ebe9ec7bd65dc28182d874d0beb2c8833bb93
                                                                                                  • Instruction ID: 83d7643d648de72129420fa086350c73db0895aed9d4481ae71815442efce75d
                                                                                                  • Opcode Fuzzy Hash: 765951763ee1dcc13251c0e36e3ebe9ec7bd65dc28182d874d0beb2c8833bb93
                                                                                                  • Instruction Fuzzy Hash: F971A5B1E016188FEB68DF6AD944B9DFAF2BF89300F14C0AAD40DA7255DB345A85CF10
                                                                                                  Function 0528D018 Relevance: .2, Instructions: 165COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3824899827.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_5280000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ea4180364067185e868c916d451b018f72d85901f48de67ba76ca999d6e36a0e
                                                                                                  • Instruction ID: e6462610f04ba309bcb9347b52ab17ec521683c1c31458910e2984e5e75bcccc
                                                                                                  • Opcode Fuzzy Hash: ea4180364067185e868c916d451b018f72d85901f48de67ba76ca999d6e36a0e
                                                                                                  • Instruction Fuzzy Hash: 8271A470E016288FEB68DF6AC944B9DBAF2BF89300F14C0AAD40DA7255DB345A85CF10
                                                                                                  Function 0528AA48 Relevance: .2, Instructions: 164COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3824899827.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_5280000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 64e828643a535306e84877e90caae82be17968245ef3f3cf5eac525a4bc80d84
                                                                                                  • Instruction ID: 5e8d44a362ce3d7507e71caf463ebd3cc7c689980a8f718d1676cded239aa0a1
                                                                                                  • Opcode Fuzzy Hash: 64e828643a535306e84877e90caae82be17968245ef3f3cf5eac525a4bc80d84
                                                                                                  • Instruction Fuzzy Hash: 22719571E016288FEB68DF6AC944B9DFAF2BF89304F14C0AAD40DA7255DB345A85CF50
                                                                                                  Function 052885FC Relevance: .1, Instructions: 115COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3824899827.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_5280000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5899e682044f5ae4166a8db24acdf18dad9bca6b22dee3b2a3f3ab0eb2d94416
                                                                                                  • Instruction ID: 370e5073ae5b7c70ede9a8804fa9f2ade90dbef55575a3e290a074f73e91eede
                                                                                                  • Opcode Fuzzy Hash: 5899e682044f5ae4166a8db24acdf18dad9bca6b22dee3b2a3f3ab0eb2d94416
                                                                                                  • Instruction Fuzzy Hash: DB41D5B0D012088BEB18DFAAC9547EEBBF2BF88304F14C169C419BB294DB755946CF54
                                                                                                  Function 0528BD28 Relevance: .1, Instructions: 108COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3824899827.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_5280000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 31c292792d357acd9f093fc5e0c8f81dccbb6b213b55c588721301b349ad9af7
                                                                                                  • Instruction ID: 91152eb84aa2407ce160d36c04cdec3efe9c20d706ba7e6daddf413fc1112002
                                                                                                  • Opcode Fuzzy Hash: 31c292792d357acd9f093fc5e0c8f81dccbb6b213b55c588721301b349ad9af7
                                                                                                  • Instruction Fuzzy Hash: C34169B1D016188BEB58CF6BC9457CAFAF3AFC9304F14C1AAC50CA6264DB744A868F51
                                                                                                  Function 0528C9C8 Relevance: .1, Instructions: 108COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3824899827.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_5280000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: bb5086b3deefb163fb5c89e8823fb84c1f1ceb7af5bf523ee385f1acdd83b514
                                                                                                  • Instruction ID: 42a062d5efe34153ff08d417dabcab0681b6f72ae38b9a6bd05a69c88c6f15a6
                                                                                                  • Opcode Fuzzy Hash: bb5086b3deefb163fb5c89e8823fb84c1f1ceb7af5bf523ee385f1acdd83b514
                                                                                                  • Instruction Fuzzy Hash: 0F4179B1E016188BEB58CF6BCD457C9FAF3AFC9300F14C1AAC50CA6265DB740A858F51
                                                                                                  Function 0528C378 Relevance: .1, Instructions: 108COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3824899827.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_5280000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 37e00e64330e7e48fdabae5f4381015dd10b2974f6fb6d93acc67733aee79aed
                                                                                                  • Instruction ID: 86a953121797db94300a4bd74f03ec9d5266771539eb53db9e031894536dd999
                                                                                                  • Opcode Fuzzy Hash: 37e00e64330e7e48fdabae5f4381015dd10b2974f6fb6d93acc67733aee79aed
                                                                                                  • Instruction Fuzzy Hash: 33416AB1D016288BEB58CF6BCD457DAFAF3AFC9300F04C1AAD50CA6254DB744A868F51
                                                                                                  Function 0528A3F8 Relevance: .1, Instructions: 107COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3824899827.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_5280000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d3729ebe9ca18ffd1142ac3e407153ac1a724fd6c446bf68e5fbe4e673d592ac
                                                                                                  • Instruction ID: 64642234a44fda60ebf0c8ac079f26f03ac61ced1dd28fb3ce71709193dce00a
                                                                                                  • Opcode Fuzzy Hash: d3729ebe9ca18ffd1142ac3e407153ac1a724fd6c446bf68e5fbe4e673d592ac
                                                                                                  • Instruction Fuzzy Hash: F14167B1D016188BEB58CF6BC94579AFAF3BFC8310F14C1AAC50CA6265EB744A858F51
                                                                                                  Function 0528D663 Relevance: .1, Instructions: 107COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3824899827.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_5280000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e292c9861fec75ca556dd41a89d823ebf92594408918e5a990b935c226d7317f
                                                                                                  • Instruction ID: 1a229ad9792e06ee8a0268fb2add015ec9c501a026190ed4af6f68536b984547
                                                                                                  • Opcode Fuzzy Hash: e292c9861fec75ca556dd41a89d823ebf92594408918e5a990b935c226d7317f
                                                                                                  • Instruction Fuzzy Hash: 924177B1D016288BEB58CF6BC9457CAFAF3BFC8310F04C0AAC50CA6264DB740A858F50
                                                                                                  Function 0528B6D9 Relevance: .1, Instructions: 107COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3824899827.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_5280000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 6aeeaf60d3f64edc40f5043256541c3d09801218aeaaa12df25dc138ff6e431c
                                                                                                  • Instruction ID: 245171d8c2bc209db4da44c16dd396cd6aad990c6ea337700d78a45993af60a8
                                                                                                  • Opcode Fuzzy Hash: 6aeeaf60d3f64edc40f5043256541c3d09801218aeaaa12df25dc138ff6e431c
                                                                                                  • Instruction Fuzzy Hash: 944169B1D016188BEB58CF6BC9457D9FAF3BFC8304F14C1AAC50CA6264DB744A868F51
                                                                                                  Function 00CA87E9 Relevance: 4.3, Strings: 3, Instructions: 505COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818543149.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_ca0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 4'q$4'q$;q
                                                                                                  • API String ID: 0-144927120
                                                                                                  • Opcode ID: e1b658d3af213b38d0bf513eb29d3cb29d52689d74c1540e59d2969ba15b1670
                                                                                                  • Instruction ID: 7f4fa4b61592c626103993e311d067656f29b4a8152e7b9c53803da666da831b
                                                                                                  • Opcode Fuzzy Hash: e1b658d3af213b38d0bf513eb29d3cb29d52689d74c1540e59d2969ba15b1670
                                                                                                  • Instruction Fuzzy Hash: 0BF1A2707142038FDB199B3ADC58B397696AF97708F1840AAE512CF3A1EE28CD49D761
                                                                                                  Function 00CA77F0 Relevance: 3.2, Strings: 2, Instructions: 702COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818543149.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_ca0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: $q$$q
                                                                                                  • API String ID: 0-3126353813
                                                                                                  • Opcode ID: 20e740bece936529e7e24982ad0980c7a93476de7291734d094f13b639a39462
                                                                                                  • Instruction ID: 26d949b5205456f9753fefbf4c9a9e25892cdf50fc837785a397f6597e9d10d0
                                                                                                  • Opcode Fuzzy Hash: 20e740bece936529e7e24982ad0980c7a93476de7291734d094f13b639a39462
                                                                                                  • Instruction Fuzzy Hash: 88522674A00259CFEB249BA4C864BEEBB72EF84300F1081ADD10A6B3A5DF355E45DF65
                                                                                                  Function 00CA56A8 Relevance: 2.8, Strings: 2, Instructions: 326COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818543149.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_ca0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Hq$Hq
                                                                                                  • API String ID: 0-925789375
                                                                                                  • Opcode ID: 1618a5b8b96ca08f00641e51d5daac2ce1b709203e75d536b373a3f1dc301ce3
                                                                                                  • Instruction ID: 59ae3e744c8ad8b71808ae995e568ef048030bf6243af9b729ee50243e96b000
                                                                                                  • Opcode Fuzzy Hash: 1618a5b8b96ca08f00641e51d5daac2ce1b709203e75d536b373a3f1dc301ce3
                                                                                                  • Instruction Fuzzy Hash: 3AB1DD707046068FDB159F79D898B3E7BA2ABCA318F14C529E816CB3A1DB38CD01D791
                                                                                                  Function 00CA5C08 Relevance: 2.7, Strings: 2, Instructions: 232COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818543149.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_ca0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: ,q$,q
                                                                                                  • API String ID: 0-1667412543
                                                                                                  • Opcode ID: e2582d902103de7303763b845d904f0015c0718456cc489be4ff3fc4e017a2ed
                                                                                                  • Instruction ID: 1168bff09557e188dcc3c1a6742bfc263a31af55e76f7e0394772608118a0faf
                                                                                                  • Opcode Fuzzy Hash: e2582d902103de7303763b845d904f0015c0718456cc489be4ff3fc4e017a2ed
                                                                                                  • Instruction Fuzzy Hash: CF81A035B00A06DFCB14CF69C888AAEB7B2BF8A318B24C169D416DB365D735ED41CB50
                                                                                                  Function 05289510 Relevance: 2.7, Strings: 2, Instructions: 212COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3824899827.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_5280000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: (&q$(q
                                                                                                  • API String ID: 0-2464455664
                                                                                                  • Opcode ID: 31e15960775cc734efb1587bb06ca10f94a592820196630f42aa5e8aab221e8f
                                                                                                  • Instruction ID: 31e534b8854145a66c4493040df86839c27eceaea38ff6f817490a129fb97518
                                                                                                  • Opcode Fuzzy Hash: 31e15960775cc734efb1587bb06ca10f94a592820196630f42aa5e8aab221e8f
                                                                                                  • Instruction Fuzzy Hash: 4E71B231F112198BEB15EFA8D8507AEBBB6AFC9700F148429E406BB380DF349D46C791
                                                                                                  Function 00CA95D4 Relevance: 2.7, Strings: 2, Instructions: 188COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818543149.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_ca0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 4'q$T
                                                                                                  • API String ID: 0-1023365893
                                                                                                  • Opcode ID: 439d9bcc69fbc3445f7b85165f40966c19ba7b14c30f8668db6d5c66d15253e9
                                                                                                  • Instruction ID: 97a78e77c2f49ebac0bb8967ceefaaef1f1ae70f2c634156690509a08ce6ff36
                                                                                                  • Opcode Fuzzy Hash: 439d9bcc69fbc3445f7b85165f40966c19ba7b14c30f8668db6d5c66d15253e9
                                                                                                  • Instruction Fuzzy Hash: 6A512970B142478FDB45DB79C8567BEBBB5DF86308F2884A6E412CF292DA34CD428761
                                                                                                  Function 00CA9390 Relevance: 2.7, Strings: 2, Instructions: 151COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818543149.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_ca0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 4'q$4'q
                                                                                                  • API String ID: 0-1467158625
                                                                                                  • Opcode ID: e23bc3d463cec362be3cddd309f835683fad10e9c4774dfdcce2a1feb58a547b
                                                                                                  • Instruction ID: 5add47b3af5363ce2468c884f649200c835298c5ac03a7bba07082858fa8ca57
                                                                                                  • Opcode Fuzzy Hash: e23bc3d463cec362be3cddd309f835683fad10e9c4774dfdcce2a1feb58a547b
                                                                                                  • Instruction Fuzzy Hash: BF51D1307002169FDB00DFA9C885BAEBBE6EF8D354F148465E918CB2A1DB71CD068761
                                                                                                  Function 00CA3418 Relevance: 2.6, Strings: 2, Instructions: 120COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818543149.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_ca0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Xq$Xq
                                                                                                  • API String ID: 0-1556399337
                                                                                                  • Opcode ID: ce079f8fc644fb8ce86cec5b6ccbba8c390696f74aabf5fa30dd058fa3a19758
                                                                                                  • Instruction ID: aeaaa97f000605667eb4ef5c0777eead42cdeb513d47549192f2a347a1b0788d
                                                                                                  • Opcode Fuzzy Hash: ce079f8fc644fb8ce86cec5b6ccbba8c390696f74aabf5fa30dd058fa3a19758
                                                                                                  • Instruction Fuzzy Hash: 5F313931F043964BDF29466A58B537E6AA6ABCA314F18403AF817C7391DB74CF068761
                                                                                                  Function 00CA0C8F Relevance: 1.7, Strings: 1, Instructions: 405COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818543149.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_ca0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: LRq
                                                                                                  • API String ID: 0-3187445251
                                                                                                  • Opcode ID: 63dc06e8029e3b13d092297c011254c2257470b81c96d98eff7843de6194904d
                                                                                                  • Instruction ID: e335eb1da64ca2bed9b67ba5291414315286db3fb9c37e2f194f76b98b58ea0a
                                                                                                  • Opcode Fuzzy Hash: 63dc06e8029e3b13d092297c011254c2257470b81c96d98eff7843de6194904d
                                                                                                  • Instruction Fuzzy Hash: A322E778A0021ACFDB54EF64E894B8DBBB1BF89701F20C5A9D809A7365DB345D85CF50
                                                                                                  Function 00CA0CA0 Relevance: 1.6, Strings: 1, Instructions: 395COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818543149.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_ca0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: LRq
                                                                                                  • API String ID: 0-3187445251
                                                                                                  • Opcode ID: b79225692d1d93714d99e20a9c90201bceefef944ce4a5fe2fec794be70aef8e
                                                                                                  • Instruction ID: 1f3db2c2646024aa11b3772ee24f74eef845130aab77128514df9cac5c4b1548
                                                                                                  • Opcode Fuzzy Hash: b79225692d1d93714d99e20a9c90201bceefef944ce4a5fe2fec794be70aef8e
                                                                                                  • Instruction Fuzzy Hash: 8622E778A0021ACFDB54EF64E894B9DBBB1BF89701F20C5A9D809A7365DB346D85CF40
                                                                                                  Function 00CA964C Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818543149.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_ca0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 4'q
                                                                                                  • API String ID: 0-1807707664
                                                                                                  • Opcode ID: 56894c8872fc7a0c458151abe5a59bf51b7042f29d4d137b9c51dc59e50e4312
                                                                                                  • Instruction ID: 19285631f02d91c19acd7f2758f5de226b3330451faee891d147a090eec71f4f
                                                                                                  • Opcode Fuzzy Hash: 56894c8872fc7a0c458151abe5a59bf51b7042f29d4d137b9c51dc59e50e4312
                                                                                                  • Instruction Fuzzy Hash: 0441E874B042078FDF55DB69C882BBEB7B9EF8A308F248465F512DB251DA34CD418BA0
                                                                                                  Function 00CAA650 Relevance: 1.4, Strings: 1, Instructions: 127COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818543149.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_ca0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: (oq
                                                                                                  • API String ID: 0-1999159160
                                                                                                  • Opcode ID: b3c03bf2952d248d7883716b353d1f0341224befd7fec1701d13926e11ce572d
                                                                                                  • Instruction ID: b704aaef066562319791791b0258418e6c223c5597a4d04790d52484c6ba0e89
                                                                                                  • Opcode Fuzzy Hash: b3c03bf2952d248d7883716b353d1f0341224befd7fec1701d13926e11ce572d
                                                                                                  • Instruction Fuzzy Hash: 5B41E135B042058FDB149B75D859BAE7BB6ABCD310F28816DE516D73A1CF308D02CBA1
                                                                                                  Function 00CAA818 Relevance: .4, Instructions: 414COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818543149.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_ca0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b6829d4dd8299fdb4d23518f94ba5906695c502803ed7115a986ad65f411e934
                                                                                                  • Instruction ID: a6039a5d986be5eec460e1438c47c33e94498c63a94b38daa2f451dc464a5c65
                                                                                                  • Opcode Fuzzy Hash: b6829d4dd8299fdb4d23518f94ba5906695c502803ed7115a986ad65f411e934
                                                                                                  • Instruction Fuzzy Hash: 63F13F75A002158FCB04CF6DD988A9DBBF2FF89314B1A8059E515AB371C735ED42CB61
                                                                                                  Function 00CA9170 Relevance: .2, Instructions: 244COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818543149.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_ca0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: a8eb32f1e1030974a500e672f5ae07edceff684c7ef83d8d87607e5ee86ff5cd
                                                                                                  • Instruction ID: bbc6a6db56355d28245df8bf6b30a0478cf436b7e47ca98c32b40eb5fb57c9ec
                                                                                                  • Opcode Fuzzy Hash: a8eb32f1e1030974a500e672f5ae07edceff684c7ef83d8d87607e5ee86ff5cd
                                                                                                  • Instruction Fuzzy Hash: 2C912B309056469FC715CF68C885AAEBBF1FF87328B148356D8659B3A1C331ED16CB60
                                                                                                  Function 00CA7438 Relevance: .2, Instructions: 201COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818543149.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_ca0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 66f5def50d323c8795b3029b4dfffe3021434b5d2e08e25664c2526cfc89d792
                                                                                                  • Instruction ID: 0fd8acb473cd13e5432a5b4732529e1334aefd561e7f8bfbfc9d0ced6669b72b
                                                                                                  • Opcode Fuzzy Hash: 66f5def50d323c8795b3029b4dfffe3021434b5d2e08e25664c2526cfc89d792
                                                                                                  • Instruction Fuzzy Hash: 9571E6347046068FCB15DF29C898AAD7BE5BF9A308B1941A9E812CB3B1DB70DD41CB90
                                                                                                  Function 00CACEC7 Relevance: .2, Instructions: 172COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818543149.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_ca0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 39f92ecb632cf47a81fd5cce6f07baa74306e1ca9174dbc795139015e7a3714a
                                                                                                  • Instruction ID: 9a09f6b58dd60e7dccfb7cedb66f11c2a786109af8ddfeedfdb8dc51eff971c3
                                                                                                  • Opcode Fuzzy Hash: 39f92ecb632cf47a81fd5cce6f07baa74306e1ca9174dbc795139015e7a3714a
                                                                                                  • Instruction Fuzzy Hash: 27519E70061782DFD2046B24E9ACB6EBBB4FB8F327709AD64F10F85475DB345486CA26
                                                                                                  Function 00CACED8 Relevance: .2, Instructions: 167COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818543149.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_ca0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 9a001813139b5bd5ae7322ed902ff431da115f0e4790ea88cfa413af63aa0ad0
                                                                                                  • Instruction ID: b646de798860767a9b894e881f72c8810b7d1a4bada20bc019ef684751cb12ba
                                                                                                  • Opcode Fuzzy Hash: 9a001813139b5bd5ae7322ed902ff431da115f0e4790ea88cfa413af63aa0ad0
                                                                                                  • Instruction Fuzzy Hash: 0D519D70061686CF92046B24E9ACB6EBAB4FB8F327709AD64F10F85475DB345486CA16
                                                                                                  Function 00CAE2D9 Relevance: .2, Instructions: 156COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818543149.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_ca0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d6b72045b2a56fd0a1cc764d173384c028d7e00fbee005cd3db765a41723871c
                                                                                                  • Instruction ID: a8704fd9a438867771fbbef8d241da4a490c67c5c4b9199565e9020a3e16b086
                                                                                                  • Opcode Fuzzy Hash: d6b72045b2a56fd0a1cc764d173384c028d7e00fbee005cd3db765a41723871c
                                                                                                  • Instruction Fuzzy Hash: 0B61C274D01319CFDB24DFA5D854BADBBB2BF89304F208529E805AB298DB355A46CF50
                                                                                                  Function 00CACD10 Relevance: .1, Instructions: 139COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818543149.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_ca0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 67641b136748e5bf02197aa8356e84c6a80112e8b8db4b50a31266162571a344
                                                                                                  • Instruction ID: d71982857e9e842daf1e11c3f35deb122f302c9b56f579659f6c6d76d86909e1
                                                                                                  • Opcode Fuzzy Hash: 67641b136748e5bf02197aa8356e84c6a80112e8b8db4b50a31266162571a344
                                                                                                  • Instruction Fuzzy Hash: E7518674E01208DFDB54DFA9D584A9DBBF2FF89300F248169E819AB365DB30A941CF50
                                                                                                  Function 0528DCC0 Relevance: .1, Instructions: 136COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3824899827.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_5280000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b56d7afc01cddef795382cd0cd58238cf979a59f666a1aeae7191a307acf2b7a
                                                                                                  • Instruction ID: efb85f25fb8677f0d15b0f2c8c74a200053a1a5e8f843f0a8093b15e59a7dfc9
                                                                                                  • Opcode Fuzzy Hash: b56d7afc01cddef795382cd0cd58238cf979a59f666a1aeae7191a307acf2b7a
                                                                                                  • Instruction Fuzzy Hash: 7C416A35912319CFD704AFB5D45C7EEBBB1FB8A326F108865D202662D8CB780A49CF91
                                                                                                  Function 00CA3908 Relevance: .1, Instructions: 134COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818543149.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_ca0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 1f2c3799397a80d0937dfb6d27773a1dec41409d548cc0075e57145a75420ad9
                                                                                                  • Instruction ID: 1642348952b705c03bfce7d06dc93fdeaf001a34afb1c6d85dcda4cdd6a47060
                                                                                                  • Opcode Fuzzy Hash: 1f2c3799397a80d0937dfb6d27773a1dec41409d548cc0075e57145a75420ad9
                                                                                                  • Instruction Fuzzy Hash: 16519074E01248DFCB08DFA9D99499DBBF2FF8D301B208469E815AB365DB35A945CF40
                                                                                                  Function 00CA9A63 Relevance: .1, Instructions: 127COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818543149.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_ca0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 533ca8afcbff6b6fa7b55bb92063a7f058acf024262d073ca3b229f41bf48747
                                                                                                  • Instruction ID: d21248ad0dc2389378fcc40b0241777a767a3245ead97f255b1b66d829f0ba41
                                                                                                  • Opcode Fuzzy Hash: 533ca8afcbff6b6fa7b55bb92063a7f058acf024262d073ca3b229f41bf48747
                                                                                                  • Instruction Fuzzy Hash: FC51A031A0424ADFCF11CFA5E845B9DBFB2EF8A318F148156E8119B2A1D330DD15DBA1
                                                                                                  Function 05289500 Relevance: .1, Instructions: 119COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3824899827.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_5280000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: a066ba5f5c51ed94611282d4e095d83d1a1f65e2a77cd93ae852388add2648ca
                                                                                                  • Instruction ID: a9c6fb38e63020568f254fe8fcf34491d29dcb7da20e719bb510dafd170abfb2
                                                                                                  • Opcode Fuzzy Hash: a066ba5f5c51ed94611282d4e095d83d1a1f65e2a77cd93ae852388add2648ca
                                                                                                  • Instruction Fuzzy Hash: B4414231E113199BDB14DFE9C890BEEBBF5BF88710F148129E415B7284EB70A985CB90
                                                                                                  Function 05289A49 Relevance: .1, Instructions: 115COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3824899827.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_5280000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e86ac99d504e8dfd1399d462d5acd31133f59f4653f32ab363a5941abb319517
                                                                                                  • Instruction ID: 33a424f30723b64472467bb7a5d5a888884582e27a24a4b0da9144b3e4103500
                                                                                                  • Opcode Fuzzy Hash: e86ac99d504e8dfd1399d462d5acd31133f59f4653f32ab363a5941abb319517
                                                                                                  • Instruction Fuzzy Hash: 8D41D1B4E112088FCB04DFA9D594BEDBBF1BF49314F248029D819AB298D7789946CF50
                                                                                                  Function 00CAE134 Relevance: .1, Instructions: 113COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818543149.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_ca0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e00d0eb1a8ce6500edf32484560b16c3e603b558b822382045208fb10357b07d
                                                                                                  • Instruction ID: d0e92257f566c91d51692d36f7ea30dec73f14f646dd2c11de6d9c29fb2e642a
                                                                                                  • Opcode Fuzzy Hash: e00d0eb1a8ce6500edf32484560b16c3e603b558b822382045208fb10357b07d
                                                                                                  • Instruction Fuzzy Hash: D6416C74D0521ACFDB04DFA9D4947EDB7B1FF4A308F208019D416AB252C7759842EFA4
                                                                                                  Function 00CAD7CE Relevance: .1, Instructions: 113COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818543149.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_ca0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 12acf0d04ab9ddbec58a74d38330a4a4b613f7677236ad011d5a771d6fc1db68
                                                                                                  • Instruction ID: b4c13e71b837a3826f3ae6b139974f7a74a542a982c7e426375b187a034c2ac0
                                                                                                  • Opcode Fuzzy Hash: 12acf0d04ab9ddbec58a74d38330a4a4b613f7677236ad011d5a771d6fc1db68
                                                                                                  • Instruction Fuzzy Hash: 74412974D0420ACFDB04DFA9E488BEDB7B1FB4A309F609119E41BAB659D7349842CF54
                                                                                                  Function 05289A58 Relevance: .1, Instructions: 111COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3824899827.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_5280000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2aaac25b15a6d64c88b0c8adbcb78a1d1a519ba18ca8e7190c9e371db596d6d2
                                                                                                  • Instruction ID: 5b59130af31d39b9115d756a0ff4324a1eee7945c6676b431a0a18975ff29803
                                                                                                  • Opcode Fuzzy Hash: 2aaac25b15a6d64c88b0c8adbcb78a1d1a519ba18ca8e7190c9e371db596d6d2
                                                                                                  • Instruction Fuzzy Hash: 7041C374E01208CFDB04DFA9D5947EDBBF2BF49314F248029D419AB298DB789946CF50
                                                                                                  Function 00CAE0D4 Relevance: .1, Instructions: 107COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818543149.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_ca0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f63973608be348c85761d76644fbce05687ce7baaa53e515958aaa60688d8383
                                                                                                  • Instruction ID: d722f6c7bad4754a134b83242b4ebb8cc73e2c0191785ad858049ed221439089
                                                                                                  • Opcode Fuzzy Hash: f63973608be348c85761d76644fbce05687ce7baaa53e515958aaa60688d8383
                                                                                                  • Instruction Fuzzy Hash: 37412770D0121ACFDB04DFA9D5946EDB7B2FF4A308F209119D415BB252C7B59842EFA4
                                                                                                  Function 00CAD76E Relevance: .1, Instructions: 107COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818543149.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_ca0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 737e6391d38a99a3e7747b14a1665ee4ee04b033808c0c0c1ab0ed6d05a1bb0c
                                                                                                  • Instruction ID: a56959d24b4967fe55a823f7ffee9460d574b832af9f75e8559e58cb874496e9
                                                                                                  • Opcode Fuzzy Hash: 737e6391d38a99a3e7747b14a1665ee4ee04b033808c0c0c1ab0ed6d05a1bb0c
                                                                                                  • Instruction Fuzzy Hash: 06411774D0120ACFDB04DFA9E488BEDB7B1FB4A309F209119E417AB695D7389982CF54
                                                                                                  Function 00CAD620 Relevance: .1, Instructions: 103COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818543149.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_ca0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 1b211ca0d8e17852fe3dd3eb0f5911ab6e923aeb556ab00d5e1621af30d4bfaa
                                                                                                  • Instruction ID: e637d722d3f493f07cd11aa375ab046d3b2574d92cc20be526104793e6976acc
                                                                                                  • Opcode Fuzzy Hash: 1b211ca0d8e17852fe3dd3eb0f5911ab6e923aeb556ab00d5e1621af30d4bfaa
                                                                                                  • Instruction Fuzzy Hash: 69411470D012098FDB08DFAAD448BDEBBB2BB8A305F24D129D416AB659DB749841CF64
                                                                                                  Function 00CA4DC8 Relevance: .1, Instructions: 101COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818543149.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_ca0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 079a8022d75f0e4c4a168d5490b41acd5797ad78ec4069ed22247469dd9202c2
                                                                                                  • Instruction ID: dd4bec0b42adb77c04d1ffe1b98270eb9e012ae04a1acc90a174e1e90bf04bc2
                                                                                                  • Opcode Fuzzy Hash: 079a8022d75f0e4c4a168d5490b41acd5797ad78ec4069ed22247469dd9202c2
                                                                                                  • Instruction Fuzzy Hash: 9F31B07130414A9FCF099FA4D854FAF7BA6FB88309F108028F9168B291CB75CD61DBA1
                                                                                                  Function 0528DCB1 Relevance: .1, Instructions: 92COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3824899827.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_5280000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 8cfd92f3bc66b244baac9f9c3a496988076cb20ea2adf0be9bafd49f900355af
                                                                                                  • Instruction ID: 308adda8fc67526809c488ddb484afa023f5c1f96d2afb3c8f0922df544f3661
                                                                                                  • Opcode Fuzzy Hash: 8cfd92f3bc66b244baac9f9c3a496988076cb20ea2adf0be9bafd49f900355af
                                                                                                  • Instruction Fuzzy Hash: 17318D31916309DFD700AFB5D8587EEBBB1FB8A326F008495D1056B2D4CB780649CF51
                                                                                                  Function 00CA76D0 Relevance: .1, Instructions: 90COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818543149.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_ca0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2f537917459fdb68d03c2664e62159aef168883d1d3bdd4ad29d146ac53dd252
                                                                                                  • Instruction ID: 2b77c1dbff08b9c8bff787b51ee97b87dc27a09ca5d9654f3ce3b07d42fc480e
                                                                                                  • Opcode Fuzzy Hash: 2f537917459fdb68d03c2664e62159aef168883d1d3bdd4ad29d146ac53dd252
                                                                                                  • Instruction Fuzzy Hash: 6B21F7343083024BDB26173A8D94B7D6797BFDA718B1841B9D512CBB95EE24CC019791
                                                                                                  Function 00CAA809 Relevance: .1, Instructions: 90COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818543149.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_ca0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 92f30a554209937e29d9dc5e13f04608c581bf9c018a16fdd02e5796482089ba
                                                                                                  • Instruction ID: d6057b436471c4aec0398bd40c258c1f047ea221f0ab70c0968c153dd738975c
                                                                                                  • Opcode Fuzzy Hash: 92f30a554209937e29d9dc5e13f04608c581bf9c018a16fdd02e5796482089ba
                                                                                                  • Instruction Fuzzy Hash: A2317571E0060A8FCB04CF6DC8849AFBBB2BF89354B158159E515DB3B5CB359D42CB91
                                                                                                  Function 00CA76E0 Relevance: .1, Instructions: 87COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818543149.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_ca0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 57c87303bf5d2ac0489d3a1c6f9b23809e23784d9c2fa1d6a625720be7e568b0
                                                                                                  • Instruction ID: 16a2940d375e057cf492c2903759e15e0287e4d030f601358a20d268fe0450bc
                                                                                                  • Opcode Fuzzy Hash: 57c87303bf5d2ac0489d3a1c6f9b23809e23784d9c2fa1d6a625720be7e568b0
                                                                                                  • Instruction Fuzzy Hash: 4B21D3343082064BEB26172ACD54B7E768BBFC671CF248178D512CBB95EE25CC41A780
                                                                                                  Function 00CA2060 Relevance: .1, Instructions: 77COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818543149.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_ca0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 1b18d48f2a773e0b283a2e4c4ea51f816dbe52ef0039a311d2874ec344626206
                                                                                                  • Instruction ID: 15068822e3423c2ffc11997423f24ef8a2f9a29c2b363abd19db8946b5c1c164
                                                                                                  • Opcode Fuzzy Hash: 1b18d48f2a773e0b283a2e4c4ea51f816dbe52ef0039a311d2874ec344626206
                                                                                                  • Instruction Fuzzy Hash: E721B231A002259FCB14DF2CC850AAE3BB5EB9D354B60C519D9198B384DB35EF42CBD1
                                                                                                  Function 00CA5A63 Relevance: .1, Instructions: 77COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818543149.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_ca0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 166b51ae9841beb46e1421e936b6249fbab49f45fc1cc005f26a28dc026bb24f
                                                                                                  • Instruction ID: 159a246e4370ab2ed0e561e32ea7770d10f8e8fbd7c3bb68526a89818fe646db
                                                                                                  • Opcode Fuzzy Hash: 166b51ae9841beb46e1421e936b6249fbab49f45fc1cc005f26a28dc026bb24f
                                                                                                  • Instruction Fuzzy Hash: 1D210A35304A168FC7199B25D898B3E7BA2FF8A35571581B9E816CB365CE34DC02C7C0
                                                                                                  Function 00C0D404 Relevance: .1, Instructions: 75COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818145103.0000000000C0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0D000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_c0d000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: fe7647f3abf3defef92f13ed597d6212c737329701e058719cd955015482cb65
                                                                                                  • Instruction ID: 081480c3659b9962709a190d7db67e68fcd8a6f13c63db088525cb5db1020206
                                                                                                  • Opcode Fuzzy Hash: fe7647f3abf3defef92f13ed597d6212c737329701e058719cd955015482cb65
                                                                                                  • Instruction Fuzzy Hash: 2C212572504240EFDF14DFD0D9C0B16BBA5FB94324F20C569E90A0F296C336E856CBA2
                                                                                                  Function 00C1D005 Relevance: .1, Instructions: 74COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818236495.0000000000C1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C1D000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_c1d000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 6a91bd9df806739ecda2908bfe7edef0a0ac4209103d81527e545328508e94d7
                                                                                                  • Instruction ID: 668c1a67047fc7d7cbad95fdb402749d4ef3712af11340f54c97057488ed6fed
                                                                                                  • Opcode Fuzzy Hash: 6a91bd9df806739ecda2908bfe7edef0a0ac4209103d81527e545328508e94d7
                                                                                                  • Instruction Fuzzy Hash: B5313C7550E3C09FCB03CB34C994745BF71AF47214F2985DBD8898F2A3C22A984ACB62
                                                                                                  Function 00C1D044 Relevance: .1, Instructions: 72COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818236495.0000000000C1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C1D000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_c1d000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 6f3686201ec47a3ee82babe4712d6c7d5f43abe9f2ad333f70decad0b1f4a382
                                                                                                  • Instruction ID: d9381887828858b452205374bc3aba428316e55d8cdd91e4d794fcfac0660661
                                                                                                  • Opcode Fuzzy Hash: 6f3686201ec47a3ee82babe4712d6c7d5f43abe9f2ad333f70decad0b1f4a382
                                                                                                  • Instruction Fuzzy Hash: FC21F571504204EFDB14DF20D9C4B56BBA5FB89314F20C5ADE84A4B252C736D887EA62
                                                                                                  Function 052896F0 Relevance: .1, Instructions: 70COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3824899827.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_5280000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: de237e4844071129972917bd966d146a62c25c11de979c4ce3da0fdb4812fed0
                                                                                                  • Instruction ID: 66f1f9719a4e44924851bdec5378c36a75f7e4b77fbc77222fb65122c9e66df5
                                                                                                  • Opcode Fuzzy Hash: de237e4844071129972917bd966d146a62c25c11de979c4ce3da0fdb4812fed0
                                                                                                  • Instruction Fuzzy Hash: C811EB317182545FEB0AAFB8682526E7BB7DFC9350B14446BE906DB3C1DE348D1683E2
                                                                                                  Function 00CA215C Relevance: .1, Instructions: 70COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818543149.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_ca0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 4816a17cf14fdbc5ffeb488ccbfb9428261e340e3c0eb6dbcf17aa292bddbd60
                                                                                                  • Instruction ID: f3bc9ca2172d44aa203c815b282ae837043c63cdaa7488b0e1539595d08ae987
                                                                                                  • Opcode Fuzzy Hash: 4816a17cf14fdbc5ffeb488ccbfb9428261e340e3c0eb6dbcf17aa292bddbd60
                                                                                                  • Instruction Fuzzy Hash: 82117F31E483999FCB019BBC9C105DEFB30FF9A3207258797D266B7151EA315806C751
                                                                                                  Function 00CA4DBB Relevance: .1, Instructions: 68COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818543149.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_ca0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 8016f3fb4fc0af3eccce7b814112cc0df92703e5cc9a2a01ece92f3deee447ee
                                                                                                  • Instruction ID: 0e04ea20755c68d42f7b0d7fde6e966ff5489b24bb1cd4001e220b0a5c439024
                                                                                                  • Opcode Fuzzy Hash: 8016f3fb4fc0af3eccce7b814112cc0df92703e5cc9a2a01ece92f3deee447ee
                                                                                                  • Instruction Fuzzy Hash: 8C21D47170818A8FCB199FA4D854B6A7FA6FF85318F10406DF4168B291CB78CD15CBA1
                                                                                                  Function 00CA8EC1 Relevance: .1, Instructions: 65COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818543149.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_ca0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 3c33d42eb29ce7abe37e5db584363665b5432f5db07ae9bf33b0e065fd26375b
                                                                                                  • Instruction ID: e3e858fea75438a4e8da3088fa4bc2364fc759ff1efc751db77e3dd8e9b74601
                                                                                                  • Opcode Fuzzy Hash: 3c33d42eb29ce7abe37e5db584363665b5432f5db07ae9bf33b0e065fd26375b
                                                                                                  • Instruction Fuzzy Hash: CA215A70E0124A9FDB05CFE1D990AEEBBB6EF89304F248069E411E6290DB349A41DF50
                                                                                                  Function 00CAD60F Relevance: .1, Instructions: 64COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818543149.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_ca0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: da1000a33d8dabd26ed3a0e2979ef2ae9e8e3e1517d1593f7dbcc46e845a2062
                                                                                                  • Instruction ID: 20bce75a6d580b338780e737affdc58dc12ee6ae018c1db77c0829f07dd4830c
                                                                                                  • Opcode Fuzzy Hash: da1000a33d8dabd26ed3a0e2979ef2ae9e8e3e1517d1593f7dbcc46e845a2062
                                                                                                  • Instruction Fuzzy Hash: BD114F75D006068BDB08DFAAD8486DEFBF2EFCA305F14C425E42AB7255D77449468F50
                                                                                                  Function 0528E0C0 Relevance: .1, Instructions: 61COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3824899827.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_5280000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 8607a03fbfe4ff0a8a91e3cc4eb040edabe58fad8fb5c4cf224b779bd47f25a3
                                                                                                  • Instruction ID: 1deb917a0445d54b46e20576611eb875a6532a2058ced3b6352748bcd90fcb47
                                                                                                  • Opcode Fuzzy Hash: 8607a03fbfe4ff0a8a91e3cc4eb040edabe58fad8fb5c4cf224b779bd47f25a3
                                                                                                  • Instruction Fuzzy Hash: E411E5307152448FD7051B769C18BBFBEABAFCA210F19847BE146C72E6CD348C0A8365
                                                                                                  Function 00CAE1FB Relevance: .1, Instructions: 60COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818543149.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_ca0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f76b32e41239061978fb38e3e1b08134240a9c21ab1624b2e610e4880f8b0ef3
                                                                                                  • Instruction ID: e41f4d206e7325153771eb5031561049bc8a4a03487e04935a2bb58cd274d111
                                                                                                  • Opcode Fuzzy Hash: f76b32e41239061978fb38e3e1b08134240a9c21ab1624b2e610e4880f8b0ef3
                                                                                                  • Instruction Fuzzy Hash: A7214C74E002099FEB45EFB8D94479EBBF1FB46300F14C6AAC0149B255E7744A06CB81
                                                                                                  Function 00CA5A70 Relevance: .1, Instructions: 59COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818543149.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_ca0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 107b837f2d5c5606c1e645a512b91738afdf46deb7630d2882b745576daf102c
                                                                                                  • Instruction ID: c519680ce3762d51264dce354ea849710bcd268b68a21483f7f80e01fc6d9bc6
                                                                                                  • Opcode Fuzzy Hash: 107b837f2d5c5606c1e645a512b91738afdf46deb7630d2882b745576daf102c
                                                                                                  • Instruction Fuzzy Hash: 9F11E531300A168FC7195B29D898A3E77A6FF8575571581B8E906CB360DF35DC0287D0
                                                                                                  Function 00C0D3FF Relevance: .1, Instructions: 56COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818145103.0000000000C0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0D000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_c0d000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b6c069b3d400d01fa3022dda7a4192202465086b1da4fe746ff97b9e65d68317
                                                                                                  • Instruction ID: f41382688b10c8fdb6eb5f16824b3cc6371bb52ef38953bbd12f8235c5779c3f
                                                                                                  • Opcode Fuzzy Hash: b6c069b3d400d01fa3022dda7a4192202465086b1da4fe746ff97b9e65d68317
                                                                                                  • Instruction Fuzzy Hash: F511B176504280DFCB15CF90D5C4B16BF71FB94324F24C5A9D90A0B656C33AE956CBA1
                                                                                                  Function 05289999 Relevance: .1, Instructions: 55COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3824899827.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_5280000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 108b7d773160a1e7428d3e974e9f7d9c350c29c4f7b8a02eca6b7a9c4c229011
                                                                                                  • Instruction ID: 2ed4dc31d83c7f356f54fedab6e3fad0e9b3fb2027441162fad9dc509f1ed166
                                                                                                  • Opcode Fuzzy Hash: 108b7d773160a1e7428d3e974e9f7d9c350c29c4f7b8a02eca6b7a9c4c229011
                                                                                                  • Instruction Fuzzy Hash: 341112B68002499FDB20DF99C845BEEBBF4EB48324F14841AE918A7650C339A550DFA5
                                                                                                  Function 05289350 Relevance: .1, Instructions: 55COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3824899827.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_5280000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b3874a6acb060538a6da3c282bcb029facfe1fcf83064896050db14a9b99351f
                                                                                                  • Instruction ID: 842eb08e4b8e78d26fc7d2f9bed1ea9aee30fbc5e3aea6ee89a54210c1460385
                                                                                                  • Opcode Fuzzy Hash: b3874a6acb060538a6da3c282bcb029facfe1fcf83064896050db14a9b99351f
                                                                                                  • Instruction Fuzzy Hash: 141144B680024DDFDB20DF99C844BEEBBF4EF48320F108419E919A7250C379A550CFA5
                                                                                                  Function 00CA5607 Relevance: .1, Instructions: 55COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818543149.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_ca0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 9a4a981a9bd43af2e482c20ab82f67d3312db1b33bebe577fc154d20774997bb
                                                                                                  • Instruction ID: 560fc13f05163eeb4265142acc80390dca16825c00878e90c0b1851ff8c41ed3
                                                                                                  • Opcode Fuzzy Hash: 9a4a981a9bd43af2e482c20ab82f67d3312db1b33bebe577fc154d20774997bb
                                                                                                  • Instruction Fuzzy Hash: DB012671B041156FCB068E649814BEF3BA6DFCA355B18C02AF516C72D1CA718D02DBA1
                                                                                                  Function 05288EC1 Relevance: .1, Instructions: 54COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3824899827.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_5280000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 96bd9fb9c0ec99be9465f3c27579729e641a1e69e33e1b82d33688524e9ca74d
                                                                                                  • Instruction ID: 255dd1a0dff069ec88906da488edc3f13ab1bdf91f578ad71f224d4eace54daa
                                                                                                  • Opcode Fuzzy Hash: 96bd9fb9c0ec99be9465f3c27579729e641a1e69e33e1b82d33688524e9ca74d
                                                                                                  • Instruction Fuzzy Hash: 28113034F011498FEB04EFE8D954BAEBBF6EF58311F848451E808AB386E73099428F51
                                                                                                  Function 00CAE208 Relevance: .1, Instructions: 54COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818543149.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_ca0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 95933a01b2b911bab2f5039dbb7fb3e6af321cb5563682ac2f609ce403c84cc0
                                                                                                  • Instruction ID: 2f026b74bc3ec20b6665fe228dcdc7584a4f1cfdb62c992db983205cbc631778
                                                                                                  • Opcode Fuzzy Hash: 95933a01b2b911bab2f5039dbb7fb3e6af321cb5563682ac2f609ce403c84cc0
                                                                                                  • Instruction Fuzzy Hash: 15114978E002099FEB44EFB8D94479EBBF2FB45304F10C6AAC0189B355EB745A46CB91
                                                                                                  Function 05289760 Relevance: .0, Instructions: 35COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3824899827.0000000005280000.00000040.00000800.00020000.00000000.sdmp, Offset: 05280000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_5280000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 918d54dc6ef9cd62917967cc4a61ad394c82a48a2e0ebc306ed7a221d30e3346
                                                                                                  • Instruction ID: 25ea81a577be43c1e8db22d9a6a1c5be53a620076b72ebdefdde487d710a81e0
                                                                                                  • Opcode Fuzzy Hash: 918d54dc6ef9cd62917967cc4a61ad394c82a48a2e0ebc306ed7a221d30e3346
                                                                                                  • Instruction Fuzzy Hash: 35F089323002186F9F056E9898149AF7BABEFC8350B004429FA0A97351DE319D2197B5
                                                                                                  Function 00CAD449 Relevance: .0, Instructions: 33COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818543149.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_ca0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 31d188fae7161d62972c46c5c2e0c4da5b936505ce89eac027e9056c9638d052
                                                                                                  • Instruction ID: 2cbb82971005f01db41649de52712ff18076f84320743300a5bf015cc4f7b350
                                                                                                  • Opcode Fuzzy Hash: 31d188fae7161d62972c46c5c2e0c4da5b936505ce89eac027e9056c9638d052
                                                                                                  • Instruction Fuzzy Hash: 25E0E570D002069BCB05AB61AC083AE7375A78B306F409024D537A7661CB309B059A51
                                                                                                  Function 00CA2010 Relevance: .0, Instructions: 27COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818543149.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_ca0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 186085cf128b3d2e95fc44a5a31cca44e010f6cb447eaafde2e9355cb4b6e2ce
                                                                                                  • Instruction ID: 2b9d89cc3775503668e7e0b17660874af0ab886eba7ca2d04c655b70567505e2
                                                                                                  • Opcode Fuzzy Hash: 186085cf128b3d2e95fc44a5a31cca44e010f6cb447eaafde2e9355cb4b6e2ce
                                                                                                  • Instruction Fuzzy Hash: 1BE02234C243A98FCB0187B888004EEBF30EE97310B1086AAC8613B091EB70151AC760
                                                                                                  Function 00CAD4B4 Relevance: .0, Instructions: 27COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818543149.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_ca0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 3589548e8ccac5de22f45b2cd4cf57598b1563bf7fc2c3b1ca152f61e1b80da8
                                                                                                  • Instruction ID: ada0730f312af51c5cd9a35ab89ed80f64f826ac375376daf80ca94200b455f3
                                                                                                  • Opcode Fuzzy Hash: 3589548e8ccac5de22f45b2cd4cf57598b1563bf7fc2c3b1ca152f61e1b80da8
                                                                                                  • Instruction Fuzzy Hash: F0E020D3C08241CFD7108BA254151B9BF70DDD731574450D7C097DB931D624E6079B11
                                                                                                  Function 00CA2020 Relevance: .0, Instructions: 19COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818543149.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_ca0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 72f15895239bcbb4220f1b76c04799cdc7d224f933721d53565589fda738004e
                                                                                                  • Instruction ID: 01bee33d49dbe891f419d92e91c8902dac4829102c03bb42200e91b9da9e6017
                                                                                                  • Opcode Fuzzy Hash: 72f15895239bcbb4220f1b76c04799cdc7d224f933721d53565589fda738004e
                                                                                                  • Instruction Fuzzy Hash: 46D05B31D2033A57CB10E7A5DC044DFFB38EED5321B514666D51437144FB706659C6E1
                                                                                                  Function 00CA8258 Relevance: .0, Instructions: 18COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818543149.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_ca0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                                                                                  • Instruction ID: ae906eac30adc4eccce3c5c1909e5e29c2c3d201def1468e2def9e2e719dcc59
                                                                                                  • Opcode Fuzzy Hash: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                                                                                  • Instruction Fuzzy Hash: 9FC0123320D1282BAA28108F7C40AB3AB8CC2C27B8A250237F96CA3240A8429C8401A8
                                                                                                  Function 00CAA70D Relevance: .0, Instructions: 16COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818543149.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_ca0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 56c9aff475d7bce723691ae362840527aebcd404f7c6a88971fe8540b04727c8
                                                                                                  • Instruction ID: 8f57d27df108cfc67abab4be3f2745e944ff5fa66d52e205d9cab4c6e467cb7d
                                                                                                  • Opcode Fuzzy Hash: 56c9aff475d7bce723691ae362840527aebcd404f7c6a88971fe8540b04727c8
                                                                                                  • Instruction Fuzzy Hash: E9D0677AB110089FDB049F98EC44DDDB7B6FB9C221B548116E915A3260C6319921DB90
                                                                                                  Function 00CA5EA8 Relevance: .0, Instructions: 16COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818543149.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_ca0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 42cb3071a643a3b2a4a352ab4833381caa681a2a5b06fe9c70723e642fa5f6dd
                                                                                                  • Instruction ID: 3c811f7f605f6fe01d6c3650d9bdf7cd199bf2cd142cd2f063b01e785d0e65c2
                                                                                                  • Opcode Fuzzy Hash: 42cb3071a643a3b2a4a352ab4833381caa681a2a5b06fe9c70723e642fa5f6dd
                                                                                                  • Instruction Fuzzy Hash: CCD02B34A0C3C91BC716F330E89D44C3F715A80518F2082D9E4064D06BDA79040B8F62
                                                                                                  Function 00CA5EB8 Relevance: .0, Instructions: 12COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.3818543149.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_ca0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0ff0d45a44deceae621479c859780f3ebf2c22ff217cc96652ddcda28861b639
                                                                                                  • Instruction ID: a9abe9072e09fd11428da6cd1b832439d9d8e792e8ad82f7c0ee9dc784ddb7e5
                                                                                                  • Opcode Fuzzy Hash: 0ff0d45a44deceae621479c859780f3ebf2c22ff217cc96652ddcda28861b639
                                                                                                  • Instruction Fuzzy Hash: 4BC0123554034D47D555F771E989A5937AEA6C0614F608510B10A0D12A9F7C194556B2