Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Setup_latest.exe

Overview

General Information

Sample name:Setup_latest.exe
Analysis ID:1465756
MD5:eb48500860ece87bc7a169118c929fb3
SHA1:bb20b2598d5ac31d36717f316fc733c4f8df9a9c
SHA256:b96862087581adb9ecfb9615a46eedb29d13c606e708b7b532ce6ed3217925a4
Tags:exe
Infos:

Detection

RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Snort IDS alert for network traffic
Yara detected RedLine Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Setup_latest.exe (PID: 7296 cmdline: "C:\Users\user\Desktop\Setup_latest.exe" MD5: EB48500860ECE87BC7A169118C929FB3)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Malware Configuration

Threatname: RedLine

{"C2 url": ["147.45.44.12:13830"], "Bot Id": "red", "Authorization Header": "fcf66721530ae501731d4ae91b57c146"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security
    dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000002.2033920345.00000000022C0000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
        00000000.00000002.2033920345.00000000022C0000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Donutloader_f40e3759unknownunknown
        • 0x4d018:$x86: 04 75 EE 89 31 F0 FF 46 04 33 C0 EB
        00000000.00000002.2040538628.0000000004FD0000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
          00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
              Click to see the 3 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              0.2.Setup_latest.exe.4fd0000.2.raw.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                0.2.Setup_latest.exe.4fd0000.2.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                  0.2.Setup_latest.exe.22c24eb.1.raw.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                    0.2.Setup_latest.exe.22c24eb.1.raw.unpackWindows_Trojan_Donutloader_f40e3759unknownunknown
                    • 0x4ab2d:$x86: 04 75 EE 89 31 F0 FF 46 04 33 C0 EB
                    0.2.Setup_latest.exe.22c24eb.1.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                      Click to see the 1 entries

                      Sigma Signatures

                      No Sigma rule has matched

                      Snort Signatures

                      Timestamp:07/02/24-01:13:32.121337
                      SID:2043231
                      Source Port:49731
                      Destination Port:13830
                      Protocol:TCP
                      Classtype:A Network Trojan was detected
                      Timestamp:07/02/24-01:13:16.968678
                      SID:2046056
                      Source Port:13830
                      Destination Port:49731
                      Protocol:TCP
                      Classtype:A Network Trojan was detected
                      Timestamp:07/02/24-01:13:10.961103
                      SID:2046045
                      Source Port:49731
                      Destination Port:13830
                      Protocol:TCP
                      Classtype:A Network Trojan was detected
                      Timestamp:07/02/24-01:13:11.153223
                      SID:2043234
                      Source Port:13830
                      Destination Port:49731
                      Protocol:TCP
                      Classtype:A Network Trojan was detected

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Found malware configuration
                      Source: 0.2.Setup_latest.exe.4fd0000.2.raw.unpackMalware Configuration Extractor: RedLine {"C2 url": ["147.45.44.12:13830"], "Bot Id": "red", "Authorization Header": "fcf66721530ae501731d4ae91b57c146"}
                      AI detected suspicious sample
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                      Source: Setup_latest.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                      Source: C:\Users\user\Desktop\Setup_latest.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Setup_latest.exe.logJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_00402868 FindFirstFileW,0_2_00402868
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_004059CC DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_004059CC
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_004065FD FindFirstFileW,FindClose,0_2_004065FD
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 4x nop then jmp 05CAE208h0_2_05CADD10
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 4x nop then jmp 05CAA877h0_2_05CAA118
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 4x nop then jmp 05CAAEB4h0_2_05CAABE1
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 4x nop then jmp 05CA8574h0_2_05CA82B6
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 4x nop then inc dword ptr [ebp-20h]0_2_05CA2478
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 4x nop then jmp 072E7BEAh0_2_072E77BA
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 4x nop then jmp 072E806Ah0_2_072E77BA
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h0_2_072E4E38
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 4x nop then jmp 072E13A3h0_2_072E1170
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 4x nop then jmp 072E6315h0_2_072E5F39
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 4x nop then jmp 072E27BDh0_2_072E279C
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 4x nop then jmp 072E4577h0_2_072E455F

                      Networking

                      barindex
                      Snort IDS alert for network traffic
                      Source: TrafficSnort IDS: 2046045 ET TROJAN [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) 192.168.2.4:49731 -> 147.45.44.12:13830
                      Source: TrafficSnort IDS: 2043231 ET TROJAN Redline Stealer TCP CnC Activity 192.168.2.4:49731 -> 147.45.44.12:13830
                      Source: TrafficSnort IDS: 2043234 ET MALWARE Redline Stealer TCP CnC - Id1Response 147.45.44.12:13830 -> 192.168.2.4:49731
                      Source: TrafficSnort IDS: 2046056 ET TROJAN Redline Stealer/MetaStealer Family Activity (Response) 147.45.44.12:13830 -> 192.168.2.4:49731
                      C2 URLs / IPs found in malware configuration
                      Source: Malware configuration extractorURLs: 147.45.44.12:13830
                      Source: global trafficTCP traffic: 192.168.2.4:49731 -> 147.45.44.12:13830
                      Source: Joe Sandbox ViewASN Name: FREE-NET-ASFREEnetEU FREE-NET-ASFREEnetEU
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.12
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.12
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.12
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.12
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.12
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.12
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.12
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.12
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.12
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.12
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.12
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.12
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.12
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.12
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.12
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.12
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.12
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.12
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.12
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.12
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.12
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.12
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.12
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.12
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.12
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.12
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.12
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.12
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.12
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.12
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.12
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.12
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.12
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.12
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.12
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.12
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.12
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.12
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.12
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.12
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.12
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.12
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.12
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.12
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.12
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.12
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.12
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.12
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.12
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.12
                      Source: Setup_latest.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                      Source: Setup_latest.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                      Source: Setup_latest.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                      Source: Setup_latest.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                      Source: Setup_latest.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                      Source: Setup_latest.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                      Source: Setup_latest.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                      Source: Setup_latest.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                      Source: Setup_latest.exeString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
                      Source: Setup_latest.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
                      Source: Setup_latest.exeString found in binary or memory: http://ocsp.digicert.com0
                      Source: Setup_latest.exeString found in binary or memory: http://ocsp.digicert.com0A
                      Source: Setup_latest.exeString found in binary or memory: http://ocsp.digicert.com0C
                      Source: Setup_latest.exeString found in binary or memory: http://ocsp.digicert.com0X
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rmX
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/D
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10Response
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10ResponseD
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11Response
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11ResponseD
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12Response
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002A88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12ResponseD
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13Response
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13ResponseD
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14Response
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14ResponseD
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15Response
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002A88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15ResponseD
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16Response
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002A88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16ResponseD
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17Response
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002A88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17ResponseD
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18Response
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002A88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18ResponseD
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Response
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002A88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19ResponseD
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1Response
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1ResponseD
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20Response
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20ResponseD
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21Response
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21ResponseD
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Response
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002C90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22ResponseD
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000002.2036247855.0000000002C88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002A88000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23Response
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002C90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23ResponseD
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24Response
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2Response
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2ResponseD
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3Response
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4Response
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4ResponseD
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5Response
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5ResponseD
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6Response
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002A88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6ResponseD
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7Response
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7ResponseD
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8Response
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002A88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8ResponseD
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000002.2036247855.0000000002C90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9Response
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002C90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9ResponseD
                      Source: Setup_latest.exeString found in binary or memory: http://www.digicert.com/CPS0
                      Source: Setup_latest.exe, 00000000.00000003.1963201850.0000000003B28000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003BB3000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003A99000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003A28000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003AB5000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003A0C000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1967789134.0000000003A62000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003BCF000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003B42000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1967789134.0000000003A46000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003C28000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003C75000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003CA9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                      Source: Setup_latest.exe, Setup_latest.exe, 00000000.00000002.2033920345.00000000022C0000.00000040.00001000.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000002.2040538628.0000000004FD0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://api.ip.sb/ip
                      Source: Setup_latest.exeString found in binary or memory: https://bitwarden.com
                      Source: Setup_latest.exe, 00000000.00000003.1963201850.0000000003B28000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003BB3000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003A99000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003A28000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003AB5000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003A0C000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1967789134.0000000003A62000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003BCF000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003B42000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1967789134.0000000003A46000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003C28000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003C75000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003CA9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                      Source: Setup_latest.exe, 00000000.00000003.1963201850.0000000003B28000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003BB3000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003A99000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003A28000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003AB5000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003A0C000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1967789134.0000000003A62000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003BCF000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003B42000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1967789134.0000000003A46000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003C28000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003C75000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003CA9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                      Source: Setup_latest.exe, 00000000.00000003.1963201850.0000000003B28000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003BB3000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003A99000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003A28000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003AB5000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003A0C000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1967789134.0000000003A62000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003BCF000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003B42000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1967789134.0000000003A46000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003C28000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003C75000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003CA9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                      Source: Setup_latest.exe, 00000000.00000003.1963201850.0000000003B28000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003BB3000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003A99000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003A28000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003AB5000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003A0C000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1967789134.0000000003A62000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003BCF000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003B42000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1967789134.0000000003A46000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003C28000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003C75000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003CA9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                      Source: Setup_latest.exe, 00000000.00000003.1963201850.0000000003A28000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003AB5000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1967789134.0000000003A62000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003BCF000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003B42000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003C28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                      Source: Setup_latest.exe, 00000000.00000003.1963201850.0000000003B28000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003BB3000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003A99000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003A0C000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1967789134.0000000003A46000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003C75000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003CA9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtabS
                      Source: Setup_latest.exe, 00000000.00000003.1963201850.0000000003B28000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003BB3000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003A99000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003A28000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003AB5000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003A0C000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1967789134.0000000003A62000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003BCF000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003B42000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1967789134.0000000003A46000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003C28000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003C75000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003CA9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                      Source: Setup_latest.exe, 00000000.00000003.1963201850.0000000003B28000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003BB3000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003A99000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003A28000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003AB5000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003A0C000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1967789134.0000000003A62000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003BCF000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003B42000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1967789134.0000000003A46000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003C28000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003C75000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003CA9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                      Source: Setup_latest.exe, 00000000.00000003.1963201850.0000000003B28000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003BB3000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003A99000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003A28000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003AB5000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003A0C000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1967789134.0000000003A62000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003BCF000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003B42000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1967789134.0000000003A46000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003C28000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003C75000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003CA9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_00405461 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405461

                      System Summary

                      barindex
                      Malicious sample detected (through community Yara rule)
                      Source: 0.2.Setup_latest.exe.22c24eb.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
                      Source: 0.2.Setup_latest.exe.22c24eb.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
                      Source: 00000000.00000002.2033920345.00000000022C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_004042310_2_00404231
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_0040338F0_2_0040338F
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_004042660_2_00404266
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_0040427D0_2_0040427D
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_004072EC0_2_004072EC
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_004042980_2_00404298
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_0040394A0_2_0040394A
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_00406B150_2_00406B15
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_00404BEC0_2_00404BEC
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_00404BA70_2_00404BA7
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_022C042F0_2_022C042F
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_0230E82E0_2_0230E82E
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_022C00000_2_022C0000
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_022C80020_2_022C8002
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_027AD9CC0_2_027AD9CC
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_05738E880_2_05738E88
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_05736AA80_2_05736AA8
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_057311BC0_2_057311BC
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_057321510_2_05732151
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_057300400_2_05730040
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_057300070_2_05730007
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_05738E780_2_05738E78
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_05ABC7C80_2_05ABC7C8
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_05AB00400_2_05AB0040
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_05AB43E00_2_05AB43E0
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_05ADB6A80_2_05ADB6A8
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_05AD96C80_2_05AD96C8
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_05AD76600_2_05AD7660
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_05ADB15F0_2_05ADB15F
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_05ADB9990_2_05ADB999
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_05AD69280_2_05AD6928
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_05AE55A00_2_05AE55A0
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_05AE00060_2_05AE0006
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_05AE00400_2_05AE0040
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_05B191EC0_2_05B191EC
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_05B151200_2_05B15120
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_05B149A20_2_05B149A2
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_05B191EC0_2_05B191EC
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_05B191EC0_2_05B191EC
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_05B1E3100_2_05B1E310
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_05B4E6980_2_05B4E698
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_05B441C00_2_05B441C0
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_05CA05B00_2_05CA05B0
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_05CADD100_2_05CADD10
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_05CA5C100_2_05CA5C10
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_05CA97480_2_05CA9748
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_05CAA1180_2_05CAA118
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_05CAD0600_2_05CAD060
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_05CAB0080_2_05CAB008
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_05CA88000_2_05CA8800
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_05CA53400_2_05CA5340
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_05CABAA90_2_05CABAA9
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_05CA82B60_2_05CA82B6
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_05CA05A00_2_05CA05A0
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_05CA4FF80_2_05CA4FF8
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_05CA87F10_2_05CA87F1
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_05CAD0500_2_05CAD050
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_06A2F4A80_2_06A2F4A8
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_06A2D5680_2_06A2D568
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_06A200400_2_06A20040
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_06A29F480_2_06A29F48
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_06A29C280_2_06A29C28
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_06A20D880_2_06A20D88
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_06A25A820_2_06A25A82
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_06A2F4990_2_06A2F499
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_070566AA0_2_070566AA
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_070583780_2_07058378
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_070572280_2_07057228
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_070560480_2_07056048
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_07057C300_2_07057C30
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_07056B200_2_07056B20
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_070539980_2_07053998
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_070558710_2_07055871
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_070572220_2_07057222
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_0705F1080_2_0705F108
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_070521C90_2_070521C9
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_0705F0F80_2_0705F0F8
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_07054FE70_2_07054FE7
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_07054C380_2_07054C38
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_07052AE00_2_07052AE0
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_070539880_2_07053988
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_072E77BA0_2_072E77BA
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_072E47CF0_2_072E47CF
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_072E36380_2_072E3638
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_072E4E380_2_072E4E38
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_072E3C780_2_072E3C78
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_072E1AB10_2_072E1AB1
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_072E82F00_2_072E82F0
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_072EA8680_2_072EA868
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_072E28500_2_072E2850
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_072E5F390_2_072E5F39
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_072E36290_2_072E3629
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_072E65310_2_072E6531
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_072E55500_2_072E5550
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_072E1AE20_2_072E1AE2
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_072E28420_2_072E2842
                      Source: Setup_latest.exeStatic PE information: invalid certificate
                      Source: Setup_latest.exeBinary or memory string: OriginalFilename vs Setup_latest.exe
                      Source: Setup_latest.exe, 00000000.00000003.1750803930.00000000007CD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMsMpLics.dllj% vs Setup_latest.exe
                      Source: Setup_latest.exe, 00000000.00000003.1750803930.00000000007CD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamempclient.dllj% vs Setup_latest.exe
                      Source: Setup_latest.exe, 00000000.00000002.2033920345.00000000022C0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameQuitches.exe8 vs Setup_latest.exe
                      Source: Setup_latest.exe, 00000000.00000002.2040538628.0000000005011000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameQuitches.exe8 vs Setup_latest.exe
                      Source: Setup_latest.exe, 00000000.00000003.1750832092.00000000007CE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMsMpLics.dllj% vs Setup_latest.exe
                      Source: Setup_latest.exe, 00000000.00000003.1750832092.00000000007CE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamempclient.dllj% vs Setup_latest.exe
                      Source: Setup_latest.exe, 00000000.00000002.2039438166.0000000003996000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameQuitches.exe8 vs Setup_latest.exe
                      Source: Setup_latest.exe, 00000000.00000003.1750779070.00000000007B8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMsMpLics.dllj% vs Setup_latest.exe
                      Source: Setup_latest.exe, 00000000.00000003.1750779070.00000000007B8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamempclient.dllj% vs Setup_latest.exe
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs Setup_latest.exe
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefirefox.exe0 vs Setup_latest.exe
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $^q,\\StringFileInfo\\000004B0\\OriginalFilename vs Setup_latest.exe
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamechrome.exe< vs Setup_latest.exe
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $^q,\\StringFileInfo\\040904B0\\OriginalFilename vs Setup_latest.exe
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameIEXPLORE.EXE.MUID vs Setup_latest.exe
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameIEXPLORE.EXED vs Setup_latest.exe
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $^q,\\StringFileInfo\\080904B0\\OriginalFilename vs Setup_latest.exe
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsedge.exe> vs Setup_latest.exe
                      Source: Setup_latest.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                      Source: 0.2.Setup_latest.exe.22c24eb.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
                      Source: 0.2.Setup_latest.exe.22c24eb.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
                      Source: 00000000.00000002.2033920345.00000000022C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
                      Source: Setup_latest.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/1@0/1
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_022C0B3F CreateToolhelp32Snapshot,Thread32First,Wow64SuspendThread,FindCloseChangeNotification,Thread32Next,0_2_022C0B3F
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_00402104 CoCreateInstance,0_2_00402104
                      Source: C:\Users\user\Desktop\Setup_latest.exeFile created: C:\Users\user\AppData\Local\SystemCacheJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeMutant created: NULL
                      Source: Setup_latest.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: C:\Users\user\Desktop\Setup_latest.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                      Source: C:\Users\user\Desktop\Setup_latest.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                      Source: C:\Users\user\Desktop\Setup_latest.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Setup_latest.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                      Source: C:\Users\user\Desktop\Setup_latest.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeSection loaded: dwmapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeSection loaded: oleacc.dllJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeSection loaded: shfolder.dllJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeSection loaded: dwrite.dllJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeSection loaded: msvcp140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeSection loaded: dpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeSection loaded: rstrtmgr.dllJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeSection loaded: windowscodecs.dllJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                      Source: Setup_latest.exeStatic file information: File size 1456480 > 1048576
                      Source: Setup_latest.exeStatic PE information: real checksum: 0xc1804 should be: 0x16dc93
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_022C8002 push es; retf 0_2_022C7FFD
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_022C266B pushfd ; iretd 0_2_022C266C
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_027AD9AC push esp; iretd 0_2_027AEE29
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_0573DA72 push eax; ret 0_2_0573DA81
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_05AB24B0 push esp; ret 0_2_05AB25B1
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_05B18313 push esp; ret 0_2_05B18325
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_065B3A5B push eax; ret 0_2_065B3A5C
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_065B4954 pushfd ; retf 0_2_065B4955
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_065B42D9 pushad ; ret 0_2_065B42DD
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_065B3AAF pushad ; ret 0_2_065B3AB0
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_06A299FB push FFFFFF8Bh; iretd 0_2_06A29A02
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_06A29914 push FFFFFF8Bh; iretd 0_2_06A2991E
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_06A2995F push FFFFFF8Bh; iretd 0_2_06A29963
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_070557E7 push esp; ret 0_2_070557F5
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_070571E7 pushad ; ret 0_2_070571F5
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_07056F3A pushad ; retf 0_2_07056F41
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_07056F68 pushfd ; retf 0_2_07056F69
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_072EB1E8 push 40072DCBh; retf 0_2_072EB1ED
                      Source: C:\Users\user\Desktop\Setup_latest.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Setup_latest.exe.logJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion

                      barindex
                      Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                      Source: C:\Users\user\Desktop\Setup_latest.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                      Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                      Source: C:\Users\user\Desktop\Setup_latest.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                      Source: C:\Users\user\Desktop\Setup_latest.exeMemory allocated: 27A0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeMemory allocated: 2950000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeMemory allocated: 4950000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeWindow / User API: threadDelayed 7675Jump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeWindow / User API: threadDelayed 2157Jump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exe TID: 7696Thread sleep time: -31359464925306218s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_00402868 FindFirstFileW,0_2_00402868
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_004059CC DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_004059CC
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_004065FD FindFirstFileW,FindClose,0_2_004065FD
                      Source: C:\Users\user\Desktop\Setup_latest.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: Setup_latest.exe, 00000000.00000002.2044124452.0000000005930000.00000004.00000020.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1961189052.000000000594F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_05CA7398 LdrInitializeThunk,0_2_05CA7398
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_022C042F mov edx, dword ptr fs:[00000030h]0_2_022C042F
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_022C09EF mov eax, dword ptr fs:[00000030h]0_2_022C09EF
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_022C103E mov eax, dword ptr fs:[00000030h]0_2_022C103E
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_022C103F mov eax, dword ptr fs:[00000030h]0_2_022C103F
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_022C0D9F mov eax, dword ptr fs:[00000030h]0_2_022C0D9F
                      Source: C:\Users\user\Desktop\Setup_latest.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeMemory allocated: page read and write | page guardJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeCode function: 0_2_0040338F EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,0_2_0040338F
                      Source: C:\Users\user\Desktop\Setup_latest.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                      Source: Setup_latest.exe, 00000000.00000002.2033315328.0000000000762000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                      Source: C:\Users\user\Desktop\Setup_latest.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                      Source: C:\Users\user\Desktop\Setup_latest.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                      Source: C:\Users\user\Desktop\Setup_latest.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                      Source: C:\Users\user\Desktop\Setup_latest.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                      Source: C:\Users\user\Desktop\Setup_latest.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                      Source: C:\Users\user\Desktop\Setup_latest.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

                      Stealing of Sensitive Information

                      barindex
                      Yara detected RedLine Stealer
                      Source: Yara matchFile source: dump.pcap, type: PCAP
                      Source: Yara matchFile source: 0.2.Setup_latest.exe.4fd0000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Setup_latest.exe.4fd0000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Setup_latest.exe.22c24eb.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Setup_latest.exe.22c24eb.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.2033920345.00000000022C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2040538628.0000000004FD0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Setup_latest.exe PID: 7296, type: MEMORYSTR
                      Found many strings related to Crypto-Wallets (likely being stolen)
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002A88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Electrum\walletsLR^qP
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002A88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $^q1C:\Users\user\AppData\Roaming\Electrum\wallets\*
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002A88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $^q-cjelfplplebdjjenllpjcblmjkfcffne|JaxxxLiberty
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002A88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.walletLR^q
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002A88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Ethereum\walletsLR^qt
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002A88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.walletLR^q
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002A88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $^q%appdata%`,^qdC:\Users\user\AppData\Roaming`,^qdC:\Users\user\AppData\Roaming\Binance
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002A88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Ethereum\walletsLR^qt
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002A88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $^q&%localappdata%\Coinomi\Coinomi\walletsLR^q
                      Source: Setup_latest.exe, 00000000.00000002.2036247855.0000000002A88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $^q5C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*
                      Tries to harvest and steal browser information (history, passwords, etc)
                      Source: C:\Users\user\Desktop\Setup_latest.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                      Tries to steal Crypto Currency Wallets
                      Source: C:\Users\user\Desktop\Setup_latest.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Jump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\Cache\Jump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\db\Jump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Jump to behavior
                      Source: C:\Users\user\Desktop\Setup_latest.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\Jump to behavior
                      Source: Yara matchFile source: 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2036247855.0000000002A88000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Setup_latest.exe PID: 7296, type: MEMORYSTR

                      Remote Access Functionality

                      barindex
                      Yara detected RedLine Stealer
                      Source: Yara matchFile source: dump.pcap, type: PCAP
                      Source: Yara matchFile source: 0.2.Setup_latest.exe.4fd0000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Setup_latest.exe.4fd0000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Setup_latest.exe.22c24eb.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Setup_latest.exe.22c24eb.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.2033920345.00000000022C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2040538628.0000000004FD0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Setup_latest.exe PID: 7296, type: MEMORYSTR

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire InfrastructureValid Accounts221
                      Windows Management Instrumentation                      		1
                      DLL Side-Loading                      		1
                      DLL Side-Loading                      		1
                      Masquerading                      		1
                      OS Credential Dumping                      		231
                      Security Software Discovery                      		Remote Services1
                      Archive Collected Data                      		1
                      Encrypted Channel                      		Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
                      Disable or Modify Tools                      		LSASS Memory241
                      Virtualization/Sandbox Evasion                      		Remote Desktop Protocol3
                      Data from Local System                      		1
                      Non-Standard Port                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)241
                      Virtualization/Sandbox Evasion                      		Security Account Manager2
                      Process Discovery                      		SMB/Windows Admin Shares1
                      Clipboard Data                      		1
                      Application Layer Protocol                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
                      Obfuscated Files or Information                      		NTDS1
                      Application Window Discovery                      		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                      Software Packing                      		LSA Secrets1
                      File and Directory Discovery                      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                      DLL Side-Loading                      		Cached Domain Credentials114
                      System Information Discovery                      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      No Antivirus matches

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      http://tempuri.org/0%URL Reputationsafe
                      http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence0%URL Reputationsafe
                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                      https://api.ip.sb/ip0%URL Reputationsafe
                      http://nsis.sf.net/NSIS_ErrorError0%URL Reputationsafe
                      https://www.ecosia.org/newtab/0%URL Reputationsafe
                      http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested0%URL Reputationsafe
                      http://schemas.xmlsoap.org/ws/2004/08/addressing0%URL Reputationsafe
                      http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue0%URL Reputationsafe
                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns0%URL Reputationsafe
                      http://schemas.xmlsoap.org/soap/envelope/0%URL Reputationsafe
                      http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text0%Avira URL Cloudsafe
                      https://duckduckgo.com/chrome_newtab0%Avira URL Cloudsafe
                      http://tempuri.org/Entity/Id23ResponseD0%Avira URL Cloudsafe
                      http://schemas.xmlsoap.org/ws/2005/02/sc/sct0%Avira URL Cloudsafe
                      http://tempuri.org/Entity/Id2Response0%Avira URL Cloudsafe
                      http://tempuri.org/Entity/Id14ResponseD0%Avira URL Cloudsafe
                      http://tempuri.org/Entity/Id12Response0%Avira URL Cloudsafe
                      https://duckduckgo.com/ac/?q=0%Avira URL Cloudsafe
                      http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary0%Avira URL Cloudsafe
                      http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk0%Avira URL Cloudsafe
                      http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha10%Avira URL Cloudsafe
                      http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap0%Avira URL Cloudsafe
                      http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare0%Avira URL Cloudsafe
                      http://tempuri.org/Entity/Id80%Avira URL Cloudsafe
                      http://tempuri.org/Entity/Id90%Avira URL Cloudsafe
                      http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID0%Avira URL Cloudsafe
                      http://tempuri.org/Entity/Id40%Avira URL Cloudsafe
                      http://tempuri.org/Entity/Id21Response0%Avira URL Cloudsafe
                      http://tempuri.org/Entity/Id50%Avira URL Cloudsafe
                      http://tempuri.org/Entity/Id6ResponseD0%Avira URL Cloudsafe
                      http://tempuri.org/Entity/Id70%Avira URL Cloudsafe
                      http://tempuri.org/Entity/Id60%Avira URL Cloudsafe
                      http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret0%Avira URL Cloudsafe
                      http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license0%Avira URL Cloudsafe
                      http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted0%Avira URL Cloudsafe
                      http://tempuri.org/Entity/Id19Response0%Avira URL Cloudsafe
                      http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue0%Avira URL Cloudsafe
                      http://schemas.xmlsoap.org/ws/2004/10/wsat/fault0%Avira URL Cloudsafe
                      http://tempuri.org/Entity/Id13ResponseD0%Avira URL Cloudsafe
                      http://schemas.xmlsoap.org/ws/2004/10/wsat0%Avira URL Cloudsafe
                      http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey0%Avira URL Cloudsafe
                      http://tempuri.org/Entity/Id15Response0%Avira URL Cloudsafe
                      http://tempuri.org/Entity/Id5ResponseD0%Avira URL Cloudsafe
                      http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey0%Avira URL Cloudsafe
                      http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register0%Avira URL Cloudsafe
                      http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew0%Avira URL Cloudsafe
                      http://tempuri.org/Entity/Id6Response0%Avira URL Cloudsafe
                      http://schemas.xmlsoap.org/ws/2004/04/sc0%Avira URL Cloudsafe
                      http://tempuri.org/Entity/Id1ResponseD0%Avira URL Cloudsafe
                      http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC0%Avira URL Cloudsafe
                      http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel0%Avira URL Cloudsafe
                      http://tempuri.org/Entity/Id9Response0%Avira URL Cloudsafe
                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%Avira URL Cloudsafe
                      http://tempuri.org/Entity/Id220%Avira URL Cloudsafe
                      http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA10%Avira URL Cloudsafe
                      http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA10%Avira URL Cloudsafe
                      http://tempuri.org/Entity/Id200%Avira URL Cloudsafe
                      http://tempuri.org/Entity/Id210%Avira URL Cloudsafe
                      http://tempuri.org/Entity/Id230%Avira URL Cloudsafe
                      http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue0%Avira URL Cloudsafe
                      http://tempuri.org/Entity/Id24Response0%Avira URL Cloudsafe
                      http://tempuri.org/Entity/Id1Response0%Avira URL Cloudsafe
                      http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego0%Avira URL Cloudsafe
                      http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly0%Avira URL Cloudsafe
                      http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary0%Avira URL Cloudsafe
                      http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay0%Avira URL Cloudsafe
                      http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC0%Avira URL Cloudsafe
                      http://tempuri.org/Entity/Id240%Avira URL Cloudsafe
                      http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey0%Avira URL Cloudsafe
                      http://tempuri.org/Entity/Id21ResponseD0%Avira URL Cloudsafe
                      http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion0%Avira URL Cloudsafe
                      http://schemas.xmlsoap.org/ws/2004/04/trust0%Avira URL Cloudsafe
                      http://tempuri.org/Entity/Id100%Avira URL Cloudsafe
                      http://tempuri.org/Entity/Id16Response0%Avira URL Cloudsafe
                      http://tempuri.org/Entity/Id110%Avira URL Cloudsafe
                      http://tempuri.org/Entity/Id120%Avira URL Cloudsafe
                      http://tempuri.org/Entity/Id10ResponseD0%Avira URL Cloudsafe
                      http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel0%Avira URL Cloudsafe
                      http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse0%Avira URL Cloudsafe
                      http://tempuri.org/Entity/Id130%Avira URL Cloudsafe
                      http://tempuri.org/Entity/Id140%Avira URL Cloudsafe
                      http://tempuri.org/Entity/Id150%Avira URL Cloudsafe
                      http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce0%Avira URL Cloudsafe
                      http://tempuri.org/Entity/Id160%Avira URL Cloudsafe
                      http://tempuri.org/Entity/Id170%Avira URL Cloudsafe
                      http://tempuri.org/Entity/Id180%Avira URL Cloudsafe
                      http://tempuri.org/Entity/Id5Response0%Avira URL Cloudsafe
                      http://tempuri.org/Entity/Id190%Avira URL Cloudsafe
                      http://tempuri.org/Entity/Id15ResponseD0%Avira URL Cloudsafe
                      http://schemas.xmlsoap.org/ws/2005/02/trust/Renew0%Avira URL Cloudsafe
                      http://tempuri.org/Entity/Id10Response0%Avira URL Cloudsafe
                      http://tempuri.org/Entity/Id11ResponseD0%Avira URL Cloudsafe
                      http://tempuri.org/Entity/Id8Response0%Avira URL Cloudsafe
                      http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.00%Avira URL Cloudsafe
                      http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey0%Avira URL Cloudsafe
                      http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT0%Avira URL Cloudsafe
                      http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID0%Avira URL Cloudsafe
                      http://schemas.xmlsoap.org/ws/2006/02/addressingidentity0%Avira URL Cloudsafe
                      http://tempuri.org/Entity/Id17ResponseD0%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      No contacted domains info

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#TextSetup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://schemas.xmlsoap.org/ws/2005/02/sc/sctSetup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://duckduckgo.com/chrome_newtabSetup_latest.exe, 00000000.00000003.1963201850.0000000003A28000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003AB5000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1967789134.0000000003A62000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003BCF000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003B42000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003C28000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://schemas.xmlsoap.org/ws/2004/04/security/sc/dkSetup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://duckduckgo.com/ac/?q=Setup_latest.exe, 00000000.00000003.1963201850.0000000003B28000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003BB3000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003A99000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003A28000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003AB5000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003A0C000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1967789134.0000000003A62000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003BCF000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003B42000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1967789134.0000000003A46000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003C28000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003C75000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003CA9000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://tempuri.org/Entity/Id14ResponseDSetup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://tempuri.org/Entity/Id23ResponseDSetup_latest.exe, 00000000.00000002.2036247855.0000000002C90000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinarySetup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://tempuri.org/Entity/Id12ResponseSetup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://tempuri.org/Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://tempuri.org/Entity/Id2ResponseSetup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://tempuri.org/Entity/Id21ResponseSetup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_WrapSetup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://tempuri.org/Entity/Id9Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLIDSetup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://tempuri.org/Entity/Id8Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://tempuri.org/Entity/Id6ResponseDSetup_latest.exe, 00000000.00000002.2036247855.0000000002A88000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://tempuri.org/Entity/Id5Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://schemas.xmlsoap.org/ws/2004/10/wsat/PrepareSetup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://tempuri.org/Entity/Id4Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://tempuri.org/Entity/Id7Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://tempuri.org/Entity/Id6Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecretSetup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://tempuri.org/Entity/Id19ResponseSetup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#licenseSetup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/IssueSetup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://schemas.xmlsoap.org/ws/2004/10/wsat/AbortedSetup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequenceSetup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://tempuri.org/Entity/Id13ResponseDSetup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://schemas.xmlsoap.org/ws/2004/10/wsat/faultSetup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://schemas.xmlsoap.org/ws/2004/10/wsatSetup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySetup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://tempuri.org/Entity/Id15ResponseSetup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://tempuri.org/Entity/Id5ResponseDSetup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameSetup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/RenewSetup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterSetup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://tempuri.org/Entity/Id6ResponseSetup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKeySetup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://api.ip.sb/ipSetup_latest.exe, Setup_latest.exe, 00000000.00000002.2033920345.00000000022C0000.00000040.00001000.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000002.2040538628.0000000004FD0000.00000004.08000000.00040000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://schemas.xmlsoap.org/ws/2004/04/scSetup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://tempuri.org/Entity/Id1ResponseDSetup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PCSetup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/CancelSetup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://tempuri.org/Entity/Id9ResponseSetup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000002.2036247855.0000000002C90000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=Setup_latest.exe, 00000000.00000003.1963201850.0000000003B28000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003BB3000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003A99000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003A28000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003AB5000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003A0C000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1967789134.0000000003A62000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003BCF000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003B42000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1967789134.0000000003A46000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003C28000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003C75000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003CA9000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://tempuri.org/Entity/Id20Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://tempuri.org/Entity/Id21Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://tempuri.org/Entity/Id22Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://tempuri.org/Entity/Id23Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000002.2036247855.0000000002C88000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://nsis.sf.net/NSIS_ErrorErrorSetup_latest.exefalse
                      • URL Reputation: safe
                      		unknown
                      http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://tempuri.org/Entity/Id24Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/IssueSetup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://tempuri.org/Entity/Id24ResponseSetup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://www.ecosia.org/newtab/Setup_latest.exe, 00000000.00000003.1963201850.0000000003B28000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003BB3000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003A99000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003A28000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003AB5000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003A0C000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1967789134.0000000003A62000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003BCF000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003B42000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1967789134.0000000003A46000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003C28000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003C75000.00000004.00000800.00020000.00000000.sdmp, Setup_latest.exe, 00000000.00000003.1963201850.0000000003CA9000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://tempuri.org/Entity/Id1ResponseSetup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequestedSetup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnlySetup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://schemas.xmlsoap.org/ws/2004/10/wsat/ReplaySetup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnegoSetup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64BinarySetup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PCSetup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKeySetup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://tempuri.org/Entity/Id21ResponseDSetup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://schemas.xmlsoap.org/ws/2004/08/addressingSetup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://schemas.xmlsoap.org/ws/2005/02/trust/RST/IssueSetup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://schemas.xmlsoap.org/ws/2004/10/wsat/CompletionSetup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://schemas.xmlsoap.org/ws/2004/04/trustSetup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://tempuri.org/Entity/Id10Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://tempuri.org/Entity/Id11Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://tempuri.org/Entity/Id10ResponseDSetup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://tempuri.org/Entity/Id12Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://tempuri.org/Entity/Id16ResponseSetup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponseSetup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/CancelSetup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://tempuri.org/Entity/Id13Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://tempuri.org/Entity/Id14Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://tempuri.org/Entity/Id15Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://tempuri.org/Entity/Id16Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://schemas.xmlsoap.org/ws/2005/02/trust/NonceSetup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://tempuri.org/Entity/Id17Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://tempuri.org/Entity/Id18Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://tempuri.org/Entity/Id5ResponseSetup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://tempuri.org/Entity/Id19Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dnsSetup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://tempuri.org/Entity/Id15ResponseDSetup_latest.exe, 00000000.00000002.2036247855.0000000002A88000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://tempuri.org/Entity/Id10ResponseSetup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://schemas.xmlsoap.org/ws/2005/02/trust/RenewSetup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://tempuri.org/Entity/Id11ResponseDSetup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://tempuri.org/Entity/Id8ResponseSetup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKeySetup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0Setup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionIDSetup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCTSetup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://schemas.xmlsoap.org/ws/2006/02/addressingidentitySetup_latest.exe, 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://tempuri.org/Entity/Id17ResponseDSetup_latest.exe, 00000000.00000002.2036247855.0000000002A88000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://schemas.xmlsoap.org/soap/envelope/Setup_latest.exe, 00000000.00000002.2036247855.0000000002951000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown

                      World Map of Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public IPs

                      IPDomainCountryFlagASNASN NameMalicious
                      147.45.44.12
                      		unknownRussian Federation
                      		2895FREE-NET-ASFREEnetEUtrue

                      General Information

                      Joe Sandbox version:40.0.0 Tourmaline
                      Analysis ID:1465756
                      Start date and time:2024-07-02 01:12:05 +02:00
                      Joe Sandbox product:CloudBasic
                      Overall analysis duration:0h 4m 38s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:default.jbs
                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                      Number of analysed new started processes analysed:4
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Sample name:Setup_latest.exe
                      Detection:MAL
                      Classification:mal100.troj.spyw.evad.winEXE@1/1@0/1
                      EGA Information:
                      • Successful, ratio: 100%
                      HCA Information:
                      • Successful, ratio: 99%
                      • Number of executed functions: 367
                      • Number of non-executed functions: 0
                      Cookbook Comments:
                      • Found application associated with file extension: .exe
                      • Stop behavior analysis, all processes terminated

                      Warnings

                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
                      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                      • Not all processes where analyzed, report is missing behavior information
                      • Report size exceeded maximum capacity and may have missing disassembly code.
                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                      • Report size getting too big, too many NtOpenKeyEx calls found.
                      • Report size getting too big, too many NtQueryValueKey calls found.
                      • Report size getting too big, too many NtReadVirtualMemory calls found.
                      • VT rate limit hit for: Setup_latest.exe

                      Simulations

                      Behavior and APIs

                      TimeTypeDescription
                      19:13:24API Interceptor56x Sleep call for process: Setup_latest.exe modified

                      Joe Sandbox View / Context

                      IPs

                      No context

                      Domains

                      No context

                      ASNs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      FREE-NET-ASFREEnetEUjlO7971vUz.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                      • 147.45.78.162
                      d5raNaLQ8Q.exeGet hashmaliciousXmrigBrowse
                      • 147.45.47.81
                      a23d1f07dfef6b5fda6381ecf6866746d624dbc1e510073d83f431124bf7d556_payload.exeGet hashmaliciousRedLineBrowse
                      • 147.45.45.3
                      QsVQRmzBAf.exeGet hashmaliciousRedLineBrowse
                      • 147.45.45.3
                      SecuriteInfo.com.Trojan.MSIL.Crypt.17692.14091.exeGet hashmaliciousPureLog StealerBrowse
                      • 193.233.203.218
                      SecuriteInfo.com.Trojan.DownLoader46.58639.512.14557.exeGet hashmaliciousPureLog StealerBrowse
                      • 147.45.199.23
                      project.exeGet hashmaliciousRedLineBrowse
                      • 147.45.47.37
                      qHYHgANDmm.exeGet hashmaliciousRedLine, XmrigBrowse
                      • 147.45.47.81
                      tAa6xNsucX.exeGet hashmaliciousAmadey, Mars Stealer, Stealc, VidarBrowse
                      • 147.45.47.155
                      wqmnYoVbHr.exeGet hashmaliciousAmadey, Mars Stealer, Stealc, VidarBrowse
                      • 147.45.47.155

                      JA3 Fingerprints

                      No context

                      Dropped Files

                      No context

                      Created / dropped Files

                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Setup_latest.exe.log

                      Download File
                      Process:C:\Users\user\Desktop\Setup_latest.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):3094
                      Entropy (8bit):5.33145931749415
                      Encrypted:false
                      SSDEEP:96:Pq5qHwCYqh3oPtI6eqzxP0aymTqdqlq7qqjqc85VD:Pq5qHwCYqh3qtI6eqzxP0atTqdqlq7qV
                      MD5:2A56468A7C0F324A42EA599BF0511FAF
                      SHA1:404B343A86EDEDF5B908D7359EB8AA957D1D4333
                      SHA-256:6398E0BD46082BBC30008BC72A2BA092E0A1269052153D343AA40F935C59957C
                      SHA-512:19B79181C40AA51C7ECEFCD4C9ED42D5BA19EA493AE99654D3A763EA9B21B1ABE5B5739AAC425E461609E1165BCEA749CFB997DE0D35303B4CF2A29BDEF30B17
                      Malicious:false
                      Reputation:high, very likely benign file
                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                      Static File Info

                      General

                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                      Entropy (8bit):7.8881933280393
                      TrID:
                      • Win32 Executable (generic) a (10002005/4) 99.96%
                      • Generic Win/DOS Executable (2004/3) 0.02%
                      • DOS Executable Generic (2002/1) 0.02%
                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                      File name:Setup_latest.exe
                      File size:1'456'480 bytes
                      MD5:eb48500860ece87bc7a169118c929fb3
                      SHA1:bb20b2598d5ac31d36717f316fc733c4f8df9a9c
                      SHA256:b96862087581adb9ecfb9615a46eedb29d13c606e708b7b532ce6ed3217925a4
                      SHA512:d595378bdc733b17697a5aa075e78082e863189255594f6c805380e745ea0bd66631bd3d58289f5c4b051c5073b61fe1ad70953ef84d305397b6ecf296789c9c
                      SSDEEP:24576:ZxgPnpq2yAY1szLSvJwv4ahekPxMB7Du173pG1szLSvJwv4a:EnpNyA9qvCvHOBK73pfqvCv
                      TLSH:CA651202BF05CD55C6363FF011A149AAE76A390128B56AF727FCA39AD7F25E36F48041
                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L......\.................h.......@.

                      File Icon

                      Icon Hash:0f0171e1f1313113

                      Static PE Info

                      General

                      Entrypoint:0x40338f
                      Entrypoint Section:.text
                      Digitally signed:true
                      Imagebase:0x400000
                      Subsystem:windows gui
                      Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                      DLL Characteristics:NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Time Stamp:0x5C157F86 [Sat Dec 15 22:26:14 2018 UTC]
                      TLS Callbacks:
                      CLR (.Net) Version:
                      OS Version Major:4
                      OS Version Minor:0
                      File Version Major:4
                      File Version Minor:0
                      Subsystem Version Major:4
                      Subsystem Version Minor:0
                      Import Hash:b34f154ec913d2d2c435cbd644e91687

                      Authenticode Signature

                      Signature Valid:false
                      Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                      Signature Validation Error:The digital signature of the object did not verify
                      Error Number:-2146869232
                      Not Before, Not After
                      • 02/02/2022 00:00:00 03/04/2025 00:59:59
                      Subject Chain
                      • CN=8bit Solutions LLC, O=8bit Solutions LLC, L=Jacksonville, S=Florida, C=US, SERIALNUMBER=L16000106119, OID.1.3.6.1.4.1.311.60.2.1.2=Florida, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.2.5.4.15=Private Organization
                      Version:3
                      Thumbprint MD5:ABD40EF42FACAAE2500E04A7C3A05644
                      Thumbprint SHA-1:E52631F3A497896894CABCB6E1B18E734BE09342
                      Thumbprint SHA-256:B4E4E6202977829E9ADF73DB66C49386E5EBBCFA19499A58C7A45D38613D871C
                      Serial:0D4ED820E34466C1DB3375E3AD1937FF

                      Entrypoint Preview

                      Instruction
                      sub esp, 000002D4h
                      push ebx
                      push esi
                      push edi
                      push 00000020h
                      pop edi
                      xor ebx, ebx
                      push 00008001h
                      mov dword ptr [esp+14h], ebx
                      mov dword ptr [esp+10h], 0040A2E0h
                      mov dword ptr [esp+1Ch], ebx
                      call dword ptr [004080A8h]
                      call dword ptr [004080A4h]
                      and eax, BFFFFFFFh
                      cmp ax, 00000006h
                      mov dword ptr [0047AEECh], eax
                      je 00007F01ECC97F43h
                      push ebx
                      call 00007F01ECC9B1F5h
                      cmp eax, ebx
                      je 00007F01ECC97F39h
                      push 00000C00h
                      call eax
                      mov esi, 004082B0h
                      push esi
                      call 00007F01ECC9B16Fh
                      push esi
                      call dword ptr [00408150h]
                      lea esi, dword ptr [esi+eax+01h]
                      cmp byte ptr [esi], 00000000h
                      jne 00007F01ECC97F1Ch
                      push 0000000Ah
                      call 00007F01ECC9B1C8h
                      push 00000008h
                      call 00007F01ECC9B1C1h
                      push 00000006h
                      mov dword ptr [0047AEE4h], eax
                      call 00007F01ECC9B1B5h
                      cmp eax, ebx
                      je 00007F01ECC97F41h
                      push 0000001Eh
                      call eax
                      test eax, eax
                      je 00007F01ECC97F39h
                      or byte ptr [0047AEEFh], 00000040h
                      push ebp
                      call dword ptr [00408044h]
                      push ebx
                      call dword ptr [004082A0h]
                      mov dword ptr [0047AFB8h], eax
                      push ebx
                      lea eax, dword ptr [esp+34h]
                      push 000002B4h
                      push eax
                      push ebx
                      push 00440208h
                      dec esi
                      test edx, esp
                      jp 00007F01ECC97F38h
                      add edx, B52911D5h

                      Rich Headers

                      Programming Language:
                      • [EXP] VC++ 6.0 SP5 build 8804

                      Data Directories

                      NameVirtual AddressVirtual Size Is in Section
                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_IMPORT0x86100xa0.rdata
                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x2030000x62a00.rsrc
                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                      IMAGE_DIRECTORY_ENTRY_SECURITY0x1609e80x2f78.ndata
                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                      Sections

                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                      .text0x10000x66270x680042c282798b682dbb71f146365969581fFalse0.7078200120192307data6.74128180519004IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      .rdata0x80000x14a20x1600eecac1fed9cc6b447d50940d178404d8False0.4405184659090909data5.025178929113415IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                      .data0xa0000x70ff80x600db8f31a08a2242d80c29e1f9500c6527False0.5182291666666666data4.037117731448378IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                      .ndata0x7b0000x1880000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                      .rsrc0x2030000x62a000x62a00b7938301837c395a0984ab0fbf753d83False0.6075803033903675data7.390420907064132IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                      Resources

                      NameRVASizeTypeLanguageCountryZLIB Complexity
                      RT_ICON0x2034e00x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 30236 x 30236 px/m0.0722080918017272
                      RT_DIALOG0x213d080x202dataEnglishUnited States0.4085603112840467
                      RT_DIALOG0x213f0c0xf8dataEnglishUnited States0.6290322580645161
                      RT_DIALOG0x2140040xeedataEnglishUnited States0.6260504201680672
                      RT_DIALOG0x2140f40x1fadataEnglishUnited States0.40118577075098816
                      RT_DIALOG0x2142f00xf0dataEnglishUnited States0.6666666666666666
                      RT_DIALOG0x2143e00xe6dataEnglishUnited States0.6565217391304348
                      RT_DIALOG0x2144c80x1eedataEnglishUnited States0.38866396761133604
                      RT_DIALOG0x2146b80xe4dataEnglishUnited States0.6447368421052632
                      RT_DIALOG0x21479c0xdadataEnglishUnited States0.6422018348623854
                      RT_DIALOG0x2148780x1eedataEnglishUnited States0.3866396761133603
                      RT_DIALOG0x214a680xe4dataEnglishUnited States0.6359649122807017
                      RT_DIALOG0x214b4c0xdadataEnglishUnited States0.6376146788990825
                      RT_DIALOG0x214c280x1f2dataEnglishUnited States0.39759036144578314
                      RT_DIALOG0x214e1c0xe8dataEnglishUnited States0.6508620689655172
                      RT_DIALOG0x214f040xdedataEnglishUnited States0.6486486486486487
                      RT_DIALOG0x214fe40x202dataEnglishUnited States0.42217898832684825
                      RT_DIALOG0x2151e80xf8dataEnglishUnited States0.6653225806451613
                      RT_DIALOG0x2152e00xeedataEnglishUnited States0.6512605042016807
                      RT_GROUP_ICON0x2153d00x14data1.15
                      RT_VERSION0x2153e40x2ccdataEnglishUnited States0.4762569832402235
                      RT_MANIFEST0x2156b00x423XML 1.0 document, ASCII text, with very long lines (1059), with no line terminatorsEnglishUnited States0.5127478753541076

                      Imports

                      DLLImport
                      KERNEL32.dllSetEnvironmentVariableW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, SetCurrentDirectoryW, GetFileAttributesW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, ExitProcess, GetShortPathNameW, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, CreateFileW, GetTempFileNameW, WriteFile, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, lstrcmpiW, MoveFileW, GetFullPathNameW, SetFileTime, SearchPathW, CompareFileTime, lstrcmpW, CloseHandle, ExpandEnvironmentStringsW, GlobalFree, GlobalLock, GlobalUnlock, GlobalAlloc, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, lstrlenA, MulDiv, MultiByteToWideChar, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW
                      USER32.dllGetSystemMenu, SetClassLongW, EnableMenuItem, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, GetDC, SetTimer, SetWindowTextW, LoadImageW, SetForegroundWindow, ShowWindow, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, EndPaint, CreateDialogParamW, SendMessageTimeoutW, wsprintfW, PostQuitMessage
                      GDI32.dllSelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                      SHELL32.dllSHGetSpecialFolderLocation, ShellExecuteExW, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW
                      ADVAPI32.dllAdjustTokenPrivileges, RegCreateKeyExW, RegOpenKeyExW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, RegEnumValueW, RegDeleteKeyW, RegDeleteValueW, RegCloseKey, RegSetValueExW, RegQueryValueExW, RegEnumKeyW
                      COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                      ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                      Possible Origin

                      Language of compilation systemCountry where language is spokenMap
                      EnglishUnited States

                      Network Behavior

                      Snort IDS Alerts

                      TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                      07/02/24-01:13:32.121337TCP2043231ET TROJAN Redline Stealer TCP CnC Activity4973113830192.168.2.4147.45.44.12
                      07/02/24-01:13:16.968678TCP2046056ET TROJAN Redline Stealer/MetaStealer Family Activity (Response)1383049731147.45.44.12192.168.2.4
                      07/02/24-01:13:10.961103TCP2046045ET TROJAN [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)4973113830192.168.2.4147.45.44.12
                      07/02/24-01:13:11.153223TCP2043234ET MALWARE Redline Stealer TCP CnC - Id1Response1383049731147.45.44.12192.168.2.4

                      Network Port Distribution

                      TCP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Jul 2, 2024 01:13:09.900825024 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:09.905810118 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:09.906049013 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:10.049242020 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:10.054055929 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:10.554018021 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:10.603468895 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:10.961102962 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:10.965934992 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:11.153223038 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:11.197226048 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:16.775422096 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:16.780246973 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:16.968677998 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:16.968764067 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:16.968801022 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:16.968816996 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:16.968934059 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:16.968969107 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:16.968982935 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:17.009712934 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:17.568909883 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:17.573818922 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:17.761737108 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:17.771096945 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:17.775998116 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:17.963054895 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:17.975668907 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:17.980557919 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:18.167685032 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:18.212840080 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:22.199709892 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:22.204679966 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:22.391949892 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:22.447226048 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.051071882 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.056531906 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.056546926 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.056566000 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.341563940 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.384735107 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.577830076 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.582741976 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.582778931 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.582820892 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.582820892 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.582830906 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.582875013 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.582922935 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.582950115 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.582983017 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.582995892 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.583014011 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.583040953 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.583064079 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.583087921 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.583091021 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.583115101 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.583137035 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.583142042 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.583163977 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.583188057 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.587377071 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.587404013 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.587431908 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.587435007 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.587444067 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.587461948 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.587481976 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.587497950 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.587569952 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.587615967 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.587620974 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.587668896 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.587965012 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.587995052 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.588023901 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.588042974 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.588057041 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.588088989 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.588113070 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.588138103 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.588138103 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.588169098 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.588193893 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.588212013 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.588330984 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.588362932 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.588392019 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.588417053 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.592164993 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.592225075 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.592302084 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.592356920 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.592590094 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.592649937 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.592679024 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.592778921 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.592782021 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.592806101 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.592832088 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.592832088 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.592854977 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.592880011 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.592936993 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.592988014 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.592997074 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.593029022 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.593050003 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.593077898 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.593193054 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.593223095 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.593286037 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.593394995 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.593394995 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.593437910 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.593445063 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.593486071 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.593621016 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.593647003 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.593671083 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.593672991 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.593693018 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.593712091 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.593719959 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.593746901 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.593772888 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.593775988 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.593792915 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.593800068 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.593822002 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.593832970 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.593852997 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.593858957 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.593879938 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.593884945 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.593904972 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.593925953 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.593934059 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.593960047 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.593985081 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.593986034 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.594011068 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.594013929 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.594044924 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.594046116 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.594069004 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.594070911 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.594084978 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.594118118 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.596776009 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.596827984 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.596873045 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.596899986 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.596918106 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.596930027 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.596947908 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.596972942 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.597451925 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.597480059 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.597507954 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.597511053 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.597533941 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.597559929 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.597588062 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.597614050 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.597640038 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.597665071 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.597712040 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.597738028 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.597764015 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.597805023 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.597852945 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.597878933 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.597904921 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.597930908 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.597980976 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.598007917 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.598057032 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.598083973 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.598131895 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.598159075 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.598207951 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.598237991 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.598263979 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.598289967 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.598315954 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.598341942 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.598367929 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.598392963 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.598439932 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.598467112 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.598493099 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.598519087 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.598543882 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.598570108 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.598601103 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.598660946 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.598850012 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.598880053 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.598929882 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.598957062 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.598987103 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.599014044 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.599059105 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.599085093 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.599132061 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.599158049 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.599204063 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.599230051 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.599258900 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.599284887 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.599332094 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.599360943 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.599386930 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.599412918 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.599438906 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.601515055 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.601542950 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.601588964 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.601615906 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.601661921 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.601687908 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.601735115 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.601763010 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.601788998 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.601814985 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.601840973 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.601866007 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.601912975 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.601939917 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.601965904 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.601995945 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.602020979 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.602047920 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.602179050 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.602205992 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.602247000 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.602272034 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.602319002 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.602344990 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.602370977 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.602396965 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.603333950 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.603355885 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.603424072 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.603508949 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.603522062 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.603533030 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.603544950 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.603565931 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.603578091 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.603596926 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.603609085 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.603630066 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.603641987 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.603682995 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.603693962 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.603694916 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.603739977 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.603744030 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.603753090 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.604147911 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.604207993 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.604245901 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.604321957 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.604332924 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.604362965 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.604374886 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.604414940 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.604427099 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.604449987 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.604461908 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.604492903 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.604509115 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.604532003 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.604542971 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.604585886 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.604598045 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.604608059 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.604619026 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.604630947 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.604651928 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.604662895 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.604674101 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.604685068 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.604713917 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.604726076 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.604736090 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.604747057 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.604772091 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.604783058 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.604804039 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.604815006 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.604835987 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.604846954 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.604903936 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.604917049 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.604928017 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.604938984 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.604979038 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.604991913 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.605004072 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.605161905 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.605220079 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.609005928 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.609028101 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.609078884 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.609090090 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.609102011 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.609114885 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.609143019 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.609157085 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.609210968 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.609222889 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.609236002 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.609268904 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.609282970 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.609324932 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.609365940 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.609386921 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.609400034 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.609433889 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.609447002 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.609508038 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.609519958 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.609540939 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.609551907 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.609565020 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.609584093 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.609596014 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.609903097 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.609915018 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.609926939 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.609937906 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.609949112 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.609960079 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.609971046 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.609982967 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.609993935 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.610014915 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.610025883 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.610037088 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.610048056 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.610058069 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.610069036 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.610079050 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.610090017 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.610100031 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.610110998 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.610121965 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.610142946 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.610153913 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.610165119 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.610174894 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.610196114 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.610208035 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.610224962 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.610236883 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.610248089 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.610258102 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.610269070 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.610284090 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.610311031 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.610322952 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.610343933 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.610356092 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.610409021 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.610414028 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.610426903 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.610436916 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.610466003 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.610471964 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.610553980 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.610565901 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.610577106 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.610588074 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.610609055 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.610620975 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.610641003 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.610651970 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.610666037 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.610677004 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.610697031 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.610707998 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.610734940 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.610747099 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.610773087 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.610785007 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.610816002 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.610827923 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.610847950 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.610866070 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.610932112 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.610944033 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.610964060 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.610975027 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.610989094 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.611000061 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.611038923 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.611051083 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.611062050 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.611082077 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.611093998 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.611104012 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.611130953 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.611141920 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.611152887 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.611164093 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.611212969 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.611223936 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.611234903 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.611244917 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.615314007 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.615329981 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.615356922 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.615371943 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.615396976 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.615411997 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.615427971 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.615444899 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.615479946 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.615498066 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.615513086 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.615530968 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.615544081 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.615629911 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.615644932 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.615660906 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.615679026 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.615742922 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.615758896 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.615799904 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.615813971 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.615896940 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.615911007 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.615926981 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.615971088 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.615987062 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.616013050 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.616027117 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.616072893 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.616087914 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.616113901 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.616128922 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.616164923 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.616178989 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.616195917 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.616278887 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.616303921 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.616318941 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.616344929 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.616359949 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.616416931 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.616430998 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.616449118 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.616475105 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.616504908 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.616532087 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.616548061 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.616564035 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.616590023 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.616605043 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.616631985 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.616647005 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.616676092 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.616691113 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.616707087 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.620282888 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.620349884 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.620364904 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.620409966 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.620424986 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.620441914 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.620541096 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.620558023 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.620601892 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.620616913 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.620634079 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.620649099 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.620675087 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.620785952 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.620800972 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.620979071 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.621045113 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.621059895 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.621097088 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.621112108 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.621155024 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.621170044 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.621196985 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.621212006 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.621449947 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.621494055 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.621509075 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.621534109 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.621550083 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.621565104 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.621645927 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.621659994 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.621737957 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.621752977 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.621778965 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.621793985 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.621891975 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.621906996 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.621922016 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.621936083 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.621949911 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.621963978 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.621993065 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.622008085 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.622023106 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.622036934 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.622051001 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.622066021 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.622092009 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.622106075 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.622119904 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.622134924 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.622153997 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.623471022 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.623528004 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.628309011 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.628374100 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.628400087 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.628447056 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.628473997 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.628535986 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.628554106 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.628581047 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.628592014 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.628607035 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.671257019 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:27.671473026 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:27.715626955 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:28.593745947 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:28.596880913 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:28.601843119 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:28.789371014 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:28.831480980 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:28.837241888 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:29.025187969 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:29.051610947 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:29.056498051 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:29.056512117 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:29.056524038 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:29.056560040 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:29.056641102 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:29.056653023 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:29.341239929 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:29.384790897 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:29.560024023 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:29.564815044 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:29.752644062 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:29.763961077 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:29.768835068 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:29.956002951 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:29.996274948 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:30.001143932 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:30.191736937 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:30.218966961 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:30.223786116 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:30.411457062 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:30.422621965 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:30.427436113 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:30.614414930 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:30.617388010 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:30.622206926 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:30.812413931 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:30.813731909 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:30.818614960 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:31.008949041 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:31.048496008 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:31.053281069 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:31.240817070 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:31.291032076 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:31.320974112 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:31.325853109 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:31.325886965 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:31.325936079 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:31.325963020 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:31.325989008 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:31.326033115 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:31.326081038 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:31.326107979 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:31.326148987 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:31.330650091 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:31.330677032 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:31.330724001 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:31.330751896 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:31.330777884 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:31.330804110 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:31.330830097 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:31.927941084 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:31.928543091 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:31.933401108 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:32.120568991 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:32.121336937 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:32.126234055 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:32.317715883 CEST1383049731147.45.44.12192.168.2.4
                      Jul 2, 2024 01:13:32.369133949 CEST4973113830192.168.2.4147.45.44.12
                      Jul 2, 2024 01:13:32.553339005 CEST4973113830192.168.2.4147.45.44.12

                      Statistics

                      CPU Usage

                      Click to jump to process

                      Memory Usage

                      Click to jump to process

                      High Level Behavior Distribution

                      Click to dive into process behavior distribution

                      System Behavior

                      General

                      Target ID:0
                      Start time:19:12:51
                      Start date:01/07/2024
                      Path:C:\Users\user\Desktop\Setup_latest.exe
                      Wow64 process (32bit):true
                      Commandline:"C:\Users\user\Desktop\Setup_latest.exe"
                      Imagebase:0x400000
                      File size:1'456'480 bytes
                      MD5 hash:EB48500860ECE87BC7A169118C929FB3
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Yara matches:
                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.2033920345.00000000022C0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 00000000.00000002.2033920345.00000000022C0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.2040538628.0000000004FD0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.2036247855.00000000029E4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2036247855.0000000002A88000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      Reputation:low
                      Has exited:true

                      Disassembly

                      Reset < >

                        Execution Graph

                        Execution Coverage:14.4%
                        Dynamic/Decrypted Code Coverage:92.9%
                        Signature Coverage:9.7%
                        Total number of Nodes:268
                        Total number of Limit Nodes:25
                        execution_graph 125940 27a4668 125941 27a4684 125940->125941 125942 27a4696 125941->125942 125946 27a47a0 125941->125946 125951 27a3e10 125942->125951 125944 27a46b5 125947 27a47c5 125946->125947 125958 27a48b0 125947->125958 125962 27a48a1 125947->125962 125952 27a3e1b 125951->125952 125970 27a5c54 125952->125970 125954 27a6ff0 125957 27a6ff8 125954->125957 125974 5736a98 125954->125974 125979 5736aa8 125954->125979 125957->125944 125960 27a48d7 125958->125960 125959 27a49b4 125959->125959 125960->125959 125966 27a4248 125960->125966 125963 27a48b0 125962->125963 125964 27a49b4 125963->125964 125965 27a4248 CreateActCtxA 125963->125965 125965->125964 125967 27a5940 CreateActCtxA 125966->125967 125969 27a5a03 125967->125969 125971 27a5c5f 125970->125971 125984 27a5c64 125971->125984 125973 27a709d 125973->125954 125975 5736a9c 125974->125975 125976 5736fbd 125975->125976 126032 5ca0d18 125975->126032 126036 5ca0d28 125975->126036 125980 5736aa9 125979->125980 125981 5736fbd 125980->125981 125982 5ca0d18 6 API calls 125980->125982 125983 5ca0d28 6 API calls 125980->125983 125982->125980 125983->125980 125985 27a5c6f 125984->125985 125988 27a5c94 125985->125988 125987 27a717a 125987->125973 125989 27a5c9f 125988->125989 125992 27a5cc4 125989->125992 125991 27a726d 125991->125987 125994 27a5ccf 125992->125994 125993 27a8691 125993->125991 125994->125993 125996 27acb68 125994->125996 125997 27acb99 125996->125997 125998 27acbbd 125997->125998 126001 27acd19 125997->126001 126005 27acd28 125997->126005 125998->125993 126002 27acd28 126001->126002 126003 27acd6f 126002->126003 126009 27ac8d0 126002->126009 126003->125998 126006 27acd35 126005->126006 126007 27acd6f 126006->126007 126008 27ac8d0 CreateWindowExW 126006->126008 126007->125998 126008->126007 126010 27ac8db 126009->126010 126011 27ad680 126010->126011 126013 27ac9fc 126010->126013 126014 27aca07 126013->126014 126015 27a5cc4 CreateWindowExW 126014->126015 126016 27ad6ef 126015->126016 126020 27af480 126016->126020 126026 27af468 126016->126026 126017 27ad729 126017->126011 126022 27af4b1 126020->126022 126023 27af5b1 126020->126023 126021 27af4bd 126021->126017 126022->126021 126024 57309c2 CreateWindowExW 126022->126024 126025 57309d0 CreateWindowExW 126022->126025 126023->126017 126024->126023 126025->126023 126028 27af4b1 126026->126028 126029 27af5b1 126026->126029 126027 27af4bd 126027->126017 126028->126027 126030 57309c2 CreateWindowExW 126028->126030 126031 57309d0 CreateWindowExW 126028->126031 126029->126017 126030->126029 126031->126029 126033 5ca0d42 126032->126033 126040 5ca0d78 126033->126040 126034 5ca0d5e 126034->125975 126037 5ca0d42 126036->126037 126039 5ca0d78 6 API calls 126037->126039 126038 5ca0d5e 126038->125975 126039->126038 126041 5ca0db5 126040->126041 126042 5ca11c0 126041->126042 126048 5ca6f50 126041->126048 126052 5ca6f40 126041->126052 126056 5ca7b68 126042->126056 126061 5ca7b58 126042->126061 126043 5ca124e 126043->126034 126049 5ca6f77 126048->126049 126066 5ca71c9 126049->126066 126050 5ca6fc0 126050->126041 126053 5ca6f45 126052->126053 126055 5ca71c9 3 API calls 126053->126055 126054 5ca6fc0 126054->126041 126055->126054 126057 5ca7b8f 126056->126057 126058 5ca7c37 126057->126058 126081 5caaa48 126057->126081 126087 5caaa38 126057->126087 126058->126043 126062 5ca7b68 126061->126062 126063 5ca7c37 126062->126063 126064 5caaa48 3 API calls 126062->126064 126065 5caaa38 3 API calls 126062->126065 126063->126043 126064->126062 126065->126062 126067 5ca71e4 126066->126067 126073 5ca7388 126067->126073 126077 5ca7398 126067->126077 126068 5ca72ae KiUserExceptionDispatcher 126070 5ca7327 126068->126070 126070->126050 126074 5ca73bf 126073->126074 126075 5ca73f7 LdrInitializeThunk 126074->126075 126076 5ca73ef 126074->126076 126075->126076 126076->126068 126078 5ca73bf 126077->126078 126079 5ca73f7 LdrInitializeThunk 126078->126079 126080 5ca73ef 126078->126080 126079->126080 126080->126068 126082 5caaa6f 126081->126082 126083 5caaaf5 126082->126083 126093 5cabaa9 126082->126093 126097 5cacf99 126082->126097 126101 5caceba 126082->126101 126083->126057 126088 5caaa6f 126087->126088 126089 5caaaf5 126088->126089 126090 5caceba LdrInitializeThunk 126088->126090 126091 5cabaa9 LdrInitializeThunk 126088->126091 126092 5cacf99 LdrInitializeThunk 126088->126092 126089->126057 126090->126089 126091->126089 126092->126089 126095 5cabae5 126093->126095 126094 5cacf83 126095->126094 126096 5cac436 LdrInitializeThunk 126095->126096 126096->126095 126098 5cacf83 126097->126098 126099 5cabc18 126097->126099 126099->126098 126100 5cac436 LdrInitializeThunk 126099->126100 126100->126099 126104 5cabc18 126101->126104 126102 5cacf83 126102->126102 126103 5cac436 LdrInitializeThunk 126103->126104 126104->126102 126104->126103 126259 27ad088 DuplicateHandle 126260 27ad11e 126259->126260 126139 275d01c 126140 275d034 126139->126140 126141 275d08e 126140->126141 126146 5732008 126140->126146 126150 5731ff7 126140->126150 126154 5731194 126140->126154 126163 5732d68 126140->126163 126147 573202e 126146->126147 126148 5731194 CallWindowProcW 126147->126148 126149 573204f 126148->126149 126149->126141 126151 5732008 126150->126151 126152 5731194 CallWindowProcW 126151->126152 126153 573204f 126152->126153 126153->126141 126155 573119f 126154->126155 126156 5732dd9 126155->126156 126158 5732dc9 126155->126158 126188 57312bc 126156->126188 126172 5732ef0 126158->126172 126177 5732f00 126158->126177 126182 5732fcc 126158->126182 126159 5732dd7 126164 5732d78 126163->126164 126165 5732dd9 126164->126165 126167 5732dc9 126164->126167 126166 57312bc CallWindowProcW 126165->126166 126168 5732dd7 126166->126168 126169 5732f00 CallWindowProcW 126167->126169 126170 5732ef0 CallWindowProcW 126167->126170 126171 5732fcc CallWindowProcW 126167->126171 126169->126168 126170->126168 126171->126168 126174 5732f00 126172->126174 126173 5732fa0 126173->126159 126192 5732fa8 126174->126192 126197 5732fb8 126174->126197 126179 5732f14 126177->126179 126178 5732fa0 126178->126159 126180 5732fb8 CallWindowProcW 126179->126180 126181 5732fa8 CallWindowProcW 126179->126181 126180->126178 126181->126178 126183 5732f8a 126182->126183 126184 5732fda 126182->126184 126186 5732fb8 CallWindowProcW 126183->126186 126187 5732fa8 CallWindowProcW 126183->126187 126185 5732fa0 126185->126159 126186->126185 126187->126185 126189 57312c7 126188->126189 126190 57344ba CallWindowProcW 126189->126190 126191 5734469 126189->126191 126190->126191 126191->126159 126193 5732fb2 126192->126193 126194 5732fa1 126192->126194 126195 5732fc9 126193->126195 126200 57343fb 126193->126200 126194->126173 126195->126173 126198 5732fc9 126197->126198 126199 57343fb CallWindowProcW 126197->126199 126198->126173 126199->126198 126201 57312bc CallWindowProcW 126200->126201 126202 573440a 126201->126202 126202->126195 126105 27ace40 126106 27ace86 GetCurrentProcess 126105->126106 126108 27aced8 GetCurrentThread 126106->126108 126109 27aced1 126106->126109 126110 27acf0e 126108->126110 126111 27acf15 GetCurrentProcess 126108->126111 126109->126108 126110->126111 126112 27acf4b 126111->126112 126113 27acf73 GetCurrentThreadId 126112->126113 126114 27acfa4 126113->126114 126261 6a23bd8 126262 6a23c20 LoadLibraryW 126261->126262 126263 6a23c1a 126261->126263 126264 6a23c4d 126262->126264 126263->126262 126203 22c1241 126204 22c1249 126203->126204 126204->126204 126207 230ce23 126204->126207 126208 230cf32 126207->126208 126209 230ce48 126207->126209 126219 230e0fe 126208->126219 126243 230f6a5 126209->126243 126212 230ce60 126213 230f6a5 LoadLibraryA 126212->126213 126218 22c1263 126212->126218 126214 230cea2 126213->126214 126215 230f6a5 LoadLibraryA 126214->126215 126216 230cebe 126215->126216 126217 230f6a5 LoadLibraryA 126216->126217 126217->126218 126220 230f6a5 LoadLibraryA 126219->126220 126221 230e121 126220->126221 126222 230f6a5 LoadLibraryA 126221->126222 126223 230e139 126222->126223 126224 230f6a5 LoadLibraryA 126223->126224 126225 230e157 126224->126225 126226 230e16c VirtualAlloc 126225->126226 126227 230e180 126225->126227 126226->126227 126228 230e19a 126226->126228 126227->126218 126228->126227 126229 230f6a5 LoadLibraryA 126228->126229 126230 230e218 126229->126230 126230->126227 126233 230e26e 126230->126233 126247 230f4ac 126230->126247 126231 230f6a5 LoadLibraryA 126231->126233 126233->126227 126233->126231 126234 230e2d0 126233->126234 126234->126227 126242 230e332 126234->126242 126255 230d28e LoadLibraryA 126234->126255 126236 230e43e 126257 230e82e LoadLibraryA 126236->126257 126237 230e31b 126237->126227 126256 230d389 LoadLibraryA 126237->126256 126239 230e3f3 126239->126227 126251 230deef 126239->126251 126242->126227 126242->126236 126242->126239 126244 230f6bc 126243->126244 126245 230f6e3 126244->126245 126258 230d7aa LoadLibraryA 126244->126258 126245->126212 126248 230f4c1 126247->126248 126249 230f537 LoadLibraryA 126248->126249 126250 230f541 126248->126250 126249->126250 126250->126230 126253 230df22 126251->126253 126252 230dfcd 126252->126227 126253->126252 126254 230e068 SafeArrayCreate 126253->126254 126254->126252 126255->126237 126256->126242 126257->126227 126258->126244 125933 72e9a20 125934 72e9bab 125933->125934 125936 72e9a46 125933->125936 125936->125934 125937 72e9128 125936->125937 125938 72e9ca0 PostMessageW 125937->125938 125939 72e9d0c 125938->125939 125939->125936 126115 40338f SetErrorMode GetVersion 126116 4033ce 126115->126116 126117 4033d4 126115->126117 126118 406694 5 API calls 126116->126118 126130 406624 GetSystemDirectoryW 126117->126130 126118->126117 126120 4033ea lstrlenA 126120->126117 126121 4033fa 126120->126121 126133 406694 GetModuleHandleA 126121->126133 126124 406694 5 API calls 126125 403408 126124->126125 126126 406694 5 API calls 126125->126126 126127 403414 #17 OleInitialize 126126->126127 126129 403450 126127->126129 126131 406646 wsprintfW LoadLibraryExW 126130->126131 126131->126120 126134 4066b0 126133->126134 126135 4066ba GetProcAddress 126133->126135 126136 406624 3 API calls 126134->126136 126138 403401 126135->126138 126137 4066b6 126136->126137 126137->126135 126137->126138 126138->126124

                        Executed Functions

                        Function 0040338F Relevance: 19.7, APIs: 5, Strings: 6, Instructions: 442comstringCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 493 40338f-4033cc SetErrorMode GetVersion 494 4033ce-4033d6 call 406694 493->494 495 4033df 493->495 494->495 501 4033d8 494->501 497 4033e4-4033f8 call 406624 lstrlenA 495->497 502 4033fa-403416 call 406694 * 3 497->502 501->495 509 403427-40344e #17 OleInitialize 502->509 510 403418-40341e 502->510 511 403450 509->511 512 403456-403461 509->512 510->509 518 403420 510->518 511->512 513 403463 512->513 514 403469 512->514 513->514 516 40346b 514->516 517 40346c-40346e 514->517 516->517 519 403470 517->519 520 403473-403491 517->520 518->509 519->520 521 403493 520->521 522 403496-4034b2 520->522 521->522 523 4034b4 522->523 524 4034b6-4034c2 522->524 523->524 525 4034c4 524->525 526 4034c6-4034dc 524->526 525->526 527 4034e1-4034ee 526->527 528 4034f0 527->528 529 4034f3-403513 call 402c40 527->529 528->529 532 403515 529->532 533 403517-403526 529->533 532->533 533->527 534 403528-403536 call 404da3 533->534 537 403538 call 406842 534->537 538 40353d 534->538 537->538 540 403542-40356c 538->540 540->540 541 40356e-403576 540->541 542 403578 541->542 543 403579-40358b 541->543 542->543 544 403590-403598 543->544 545 40358d 543->545 546 40359d-4035c0 call 402e99 544->546 545->544 549 4035c2 546->549 550 4035c8 546->550 549->550 551 4035d0-4035e6 call 4050ba 550->551 552 4035ca 550->552 551->546 555 4035e8-4035f0 551->555 552->551 556 4035f2 555->556 557 4035f5-403940 call 4058a0 call 402569 call 404da3 call 4053b8 call 402569 call 4029d2 call 401fc8 call 40238a call 406842 call 401b81 call 406842 call 4056e4 call 40607f call 402780 call 404da3 call 401920 call 404da3 * 2 call 4056e4 call 406842 call 403375 call 40607f call 401da6 call 404da3 call 4050ba call 404da3 * 3 call 40607f call 40160d call 401da6 call 4025a7 call 4050ba call 406842 * 2 call 40607f call 403375 * 2 call 404da3 call 4017ca call 406842 call 401da6 call 404da3 call 40589f 555->557 556->557 645 403945 call 4050ba 557->645
                        APIs
                        • SetErrorMode.KERNEL32 ref: 004033B2
                        • GetVersion.KERNEL32 ref: 004033B8
                        • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 004033EB
                        • #17.COMCTL32(?,00000006,00000008,0000000A), ref: 00403428
                        • OleInitialize.OLE32(00000000), ref: 0040342F
                          • Part of subcall function 00406694: GetModuleHandleA.KERNEL32(?,00000020,?,00403401,0000000A), ref: 004066A6
                          • Part of subcall function 00406694: GetProcAddress.KERNEL32(00000000,?), ref: 004066C1
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2032683672.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2032617947.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2032741895.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2032798926.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2032899560.0000000000603000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2032899560.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2032899560.0000000000613000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Setup_latest.jbxd
                        Similarity
                        • API ID: AddressErrorHandleInitializeModeModuleProcVersionlstrlen
                        • String ID: $ integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain$M$N$Sd6V$UXTHEME
                        • API String ID: 3995434990-2729078887
                        • Opcode ID: 7d48cfa83e56f2f59fb4632e4f40759cfd394e8bc91e43f95550a0696a1c9db3
                        • Instruction ID: 2d7076553353440141d86f3e084e9405cbaf164b4b48524801abf427ba0d4ac1
                        • Opcode Fuzzy Hash: 7d48cfa83e56f2f59fb4632e4f40759cfd394e8bc91e43f95550a0696a1c9db3
                        • Instruction Fuzzy Hash: 0CC18D779457250AE655BFBA8D8622E24469BD0308B82863FED52FB1D6DE7C890301CE
                        Function 00404298 Relevance: 16.8, APIs: 7, Strings: 2, Instructions: 1028librarymemoryloaderCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 647 404298-4042a8 648 4042b0-404cf6 call 4053b8 call 404da3 call 4053b8 call 404da3 call 402c40 call 406b33 call 402e99 call 4050ba call 404da3 * 4 call 4050ba call 402569 call 40160d GetProcAddress call 402e99 call 401da6 call 401920 call 40218a call 402c40 call 404da3 call 401fc8 call 402c40 call 40218a call 4014c2 call 40589f call 404da3 call 406ba2 call 402e99 call 404da3 * 4 call 40238a call 403415 call 4060ce call 4050fe call 404da3 * 3 call 4014c2 call 40607f call 406842 call 4053b8 call 404da3 call 4014c2 call 40607f call 4029d2 call 401920 call 401fc8 call 4056e4 call 40218a call 404da3 call 403375 call 404da3 call 403375 call 402e99 call 406842 call 403375 call 404da3 * 2 call 4050ba call 404da3 call 40607f call 4059df call 402e99 VirtualAlloc call 40518a call 40160d * 2 call 4014c2 call 402411 call 4014c2 call 404da3 * 2 call 406ce6 call 404da3 call 4059df call 404da3 * 2 call 4050ba call 402c40 call 401da6 call 4053b8 call 404da3 call 40589f call 40238a call 404da3 call 406a00 call 402311 call 401920 * 2 call 4060ce call 402e99 call 4056e4 call 404da3 call 402780 call 4056e4 call 404da3 call 402311 647->648 649 4042ab call 4014c2 647->649 896 404cf8 call 22c042f 648->896 897 404cf8 call 22c0000 648->897 649->648 848 404cfa-404d84 call 404da3 call 40518a call 406c6b call 401f42 call 403375 ImageList_AddMasked 861 404d93-404d9a DeleteObject 848->861 862 404d86-404d8e 848->862 863 404d9c-404da4 861->863 862->861 864 404da6-404da9 863->864 865 404dcd-404dd1 863->865 866 404dab 864->866 867 404dae-404dc8 call 4062dc 864->867 865->863 868 404dd3-404ddf 865->868 866->867 867->865 870 404de2 call 404231 868->870 872 404de7-404ded 870->872 873 404df0 call 404231 872->873 875 404df5-404dff 873->875 876 404e05-404e0b 875->876 877 404eca-404edd GetWindowLongW SetWindowLongW 875->877 879 404e0e-404e15 876->879 878 404ee3-404ef4 ShowWindow 877->878 886 404ef7 call 404266 878->886 881 404eab-404ebe 879->881 882 404e1b-404e43 879->882 881->879 885 404ec4-404ec8 881->885 883 404e45-404e7b 882->883 884 404e7d-404e7f 882->884 883->881 888 404e81-404e90 884->888 889 404e92-404ea8 884->889 885->877 885->878 887 404efc-40528a call 404298 886->887 895 40528f-405293 887->895 888->881 889->881 896->848 897->848
                        APIs
                        • GetProcAddress.KERNEL32(00000000), ref: 004043E3
                        • VirtualAlloc.KERNEL32(-0000000141E576F6,0004FC0F,?,-00000003BBBF0A32,?,?,?,B4F0866D), ref: 004049E2
                        • ImageList_AddMasked.COMCTL32(00000000,-0000000320D8429A,00FF00FF,?,-00000003BBBF0A32,?,?,?,B4F0866D), ref: 00404D5D
                        • DeleteObject.GDI32(-0000000320D8429A), ref: 00404D94
                        • GetWindowLongW.USER32(?,000000F0), ref: 00404ECF
                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404EDD
                        • ShowWindow.USER32(?,00000005,?,00000016,?,?,00000015,?,?,-00000003BBBF0A32,?,?,?,-00000003BBBF0A32), ref: 00404EEE
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2032683672.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2032617947.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2032741895.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2032798926.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2032899560.0000000000603000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2032899560.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2032899560.0000000000613000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Setup_latest.jbxd
                        Similarity
                        • API ID: Window$Long$AddressAllocDeleteImageList_MaskedObjectProcShowVirtual
                        • String ID: !V$M
                        • API String ID: 3136152431-3008532289
                        • Opcode ID: d95d53fac55141ea6985f472e4e597c57512506280255d481993b10e476a4330
                        • Instruction ID: fc7fb8754702201a4ec3b82467907ed3c9f6cbd8beb6df88352b873bb9389a5b
                        • Opcode Fuzzy Hash: d95d53fac55141ea6985f472e4e597c57512506280255d481993b10e476a4330
                        • Instruction Fuzzy Hash: AB525F779107250BE759EABB8C861AE1443EBC0308B96963EED12FB5DACF3C494750C9
                        Function 00404266 Relevance: 16.8, APIs: 7, Strings: 2, Instructions: 1027librarymemoryloaderCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 898 404266-404cf6 call 4059df call 404da3 call 4014c2 call 4053b8 call 404da3 call 4053b8 call 404da3 call 402c40 call 406b33 call 402e99 call 4050ba call 404da3 * 4 call 4050ba call 402569 call 40160d GetProcAddress call 402e99 call 401da6 call 401920 call 40218a call 402c40 call 404da3 call 401fc8 call 402c40 call 40218a call 4014c2 call 40589f call 404da3 call 406ba2 call 402e99 call 404da3 * 4 call 40238a call 403415 call 4060ce call 4050fe call 404da3 * 3 call 4014c2 call 40607f call 406842 call 4053b8 call 404da3 call 4014c2 call 40607f call 4029d2 call 401920 call 401fc8 call 4056e4 call 40218a call 404da3 call 403375 call 404da3 call 403375 call 402e99 call 406842 call 403375 call 404da3 * 2 call 4050ba call 404da3 call 40607f call 4059df call 402e99 VirtualAlloc call 40518a call 40160d * 2 call 4014c2 call 402411 call 4014c2 call 404da3 * 2 call 406ce6 call 404da3 call 4059df call 404da3 * 2 call 4050ba call 402c40 call 401da6 call 4053b8 call 404da3 call 40589f call 40238a call 404da3 call 406a00 call 402311 call 401920 * 2 call 4060ce call 402e99 call 4056e4 call 404da3 call 402780 call 4056e4 call 404da3 call 402311 1151 404cf8 call 22c042f 898->1151 1152 404cf8 call 22c0000 898->1152 1103 404cfa-404d84 call 404da3 call 40518a call 406c6b call 401f42 call 403375 ImageList_AddMasked 1116 404d93-404d9a DeleteObject 1103->1116 1117 404d86-404d8e 1103->1117 1118 404d9c-404da4 1116->1118 1117->1116 1119 404da6-404da9 1118->1119 1120 404dcd-404dd1 1118->1120 1121 404dab 1119->1121 1122 404dae-404dc8 call 4062dc 1119->1122 1120->1118 1123 404dd3-404dff call 404231 * 2 1120->1123 1121->1122 1122->1120 1131 404e05-404e0b 1123->1131 1132 404eca-404edd GetWindowLongW SetWindowLongW 1123->1132 1134 404e0e-404e15 1131->1134 1133 404ee3-405293 ShowWindow call 404266 call 404298 1132->1133 1136 404eab-404ebe 1134->1136 1137 404e1b-404e43 1134->1137 1136->1134 1140 404ec4-404ec8 1136->1140 1138 404e45-404e7b 1137->1138 1139 404e7d-404e7f 1137->1139 1138->1136 1143 404e81-404e90 1139->1143 1144 404e92-404ea8 1139->1144 1140->1132 1140->1133 1143->1136 1144->1136 1151->1103 1152->1103
                        APIs
                        • GetProcAddress.KERNEL32(00000000), ref: 004043E3
                        • VirtualAlloc.KERNEL32(-0000000141E576F6,0004FC0F,?,-00000003BBBF0A32,?,?,?,B4F0866D), ref: 004049E2
                        • ImageList_AddMasked.COMCTL32(00000000,-0000000320D8429A,00FF00FF,?,-00000003BBBF0A32,?,?,?,B4F0866D), ref: 00404D5D
                        • DeleteObject.GDI32(-0000000320D8429A), ref: 00404D94
                        • GetWindowLongW.USER32(?,000000F0), ref: 00404ECF
                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404EDD
                        • ShowWindow.USER32(?,00000005,?,00000016,?,?,00000015,?,?,-00000003BBBF0A32,?,?,?,-00000003BBBF0A32), ref: 00404EEE
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2032683672.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2032617947.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2032741895.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2032798926.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2032899560.0000000000603000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2032899560.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2032899560.0000000000613000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Setup_latest.jbxd
                        Similarity
                        • API ID: Window$Long$AddressAllocDeleteImageList_MaskedObjectProcShowVirtual
                        • String ID: !V$M
                        • API String ID: 3136152431-3008532289
                        • Opcode ID: ff5f242f770eb5199fe31f9a61a1b681173253840dec0d5b96549558d4bf92ef
                        • Instruction ID: e838949d9ca39fdb4e5c94fb3ac7b1235b393344990c5aebb117aa07148ff1ed
                        • Opcode Fuzzy Hash: ff5f242f770eb5199fe31f9a61a1b681173253840dec0d5b96549558d4bf92ef
                        • Instruction Fuzzy Hash: 79425E77A107250BE759FABB8C961AE5443EBC0308796963EED12FB5CACE3C494700C9
                        Function 0040427D Relevance: 16.8, APIs: 7, Strings: 2, Instructions: 1018librarymemoryloaderCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1153 40427d-404282 1155 404287-404cf6 call 404da3 call 4014c2 call 4053b8 call 404da3 call 4053b8 call 404da3 call 402c40 call 406b33 call 402e99 call 4050ba call 404da3 * 4 call 4050ba call 402569 call 40160d GetProcAddress call 402e99 call 401da6 call 401920 call 40218a call 402c40 call 404da3 call 401fc8 call 402c40 call 40218a call 4014c2 call 40589f call 404da3 call 406ba2 call 402e99 call 404da3 * 4 call 40238a call 403415 call 4060ce call 4050fe call 404da3 * 3 call 4014c2 call 40607f call 406842 call 4053b8 call 404da3 call 4014c2 call 40607f call 4029d2 call 401920 call 401fc8 call 4056e4 call 40218a call 404da3 call 403375 call 404da3 call 403375 call 402e99 call 406842 call 403375 call 404da3 * 2 call 4050ba call 404da3 call 40607f call 4059df call 402e99 VirtualAlloc call 40518a call 40160d * 2 call 4014c2 call 402411 call 4014c2 call 404da3 * 2 call 406ce6 call 404da3 call 4059df call 404da3 * 2 call 4050ba call 402c40 call 401da6 call 4053b8 call 404da3 call 40589f call 40238a call 404da3 call 406a00 call 402311 call 401920 * 2 call 4060ce call 402e99 call 4056e4 call 404da3 call 402780 call 4056e4 call 404da3 call 402311 1153->1155 1156 404282 call 4059df 1153->1156 1407 404cf8 call 22c042f 1155->1407 1408 404cf8 call 22c0000 1155->1408 1156->1155 1359 404cfa-404d84 call 404da3 call 40518a call 406c6b call 401f42 call 403375 ImageList_AddMasked 1372 404d93-404d9a DeleteObject 1359->1372 1373 404d86-404d8e 1359->1373 1374 404d9c-404da4 1372->1374 1373->1372 1375 404da6-404da9 1374->1375 1376 404dcd-404dd1 1374->1376 1377 404dab 1375->1377 1378 404dae-404dc8 call 4062dc 1375->1378 1376->1374 1379 404dd3-404dff call 404231 * 2 1376->1379 1377->1378 1378->1376 1387 404e05-404e0b 1379->1387 1388 404eca-404edd GetWindowLongW SetWindowLongW 1379->1388 1390 404e0e-404e15 1387->1390 1389 404ee3-405293 ShowWindow call 404266 call 404298 1388->1389 1392 404eab-404ebe 1390->1392 1393 404e1b-404e43 1390->1393 1392->1390 1396 404ec4-404ec8 1392->1396 1394 404e45-404e7b 1393->1394 1395 404e7d-404e7f 1393->1395 1394->1392 1399 404e81-404e90 1395->1399 1400 404e92-404ea8 1395->1400 1396->1388 1396->1389 1399->1392 1400->1392 1407->1359 1408->1359
                        APIs
                        • GetProcAddress.KERNEL32(00000000), ref: 004043E3
                        • VirtualAlloc.KERNEL32(-0000000141E576F6,0004FC0F,?,-00000003BBBF0A32,?,?,?,B4F0866D), ref: 004049E2
                        • ImageList_AddMasked.COMCTL32(00000000,-0000000320D8429A,00FF00FF,?,-00000003BBBF0A32,?,?,?,B4F0866D), ref: 00404D5D
                        • DeleteObject.GDI32(-0000000320D8429A), ref: 00404D94
                        • GetWindowLongW.USER32(?,000000F0), ref: 00404ECF
                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404EDD
                        • ShowWindow.USER32(?,00000005,?,00000016,?,?,00000015,?,?,-00000003BBBF0A32,?,?,?,-00000003BBBF0A32), ref: 00404EEE
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2032683672.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2032617947.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2032741895.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2032798926.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2032899560.0000000000603000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2032899560.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2032899560.0000000000613000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Setup_latest.jbxd
                        Similarity
                        • API ID: Window$Long$AddressAllocDeleteImageList_MaskedObjectProcShowVirtual
                        • String ID: !V$M
                        • API String ID: 3136152431-3008532289
                        • Opcode ID: ff8014f2f002a5e9a8c28ad4502cacccbe47596149c614fde7b258d556518f82
                        • Instruction ID: 625d2f02dcfa639da2eb8a453eec9a3b0a4f9cfebbc30f27bbe5d372ef74ea8b
                        • Opcode Fuzzy Hash: ff8014f2f002a5e9a8c28ad4502cacccbe47596149c614fde7b258d556518f82
                        • Instruction Fuzzy Hash: B4425E77A107250BE759FABB8C861AE1443EBC0308786963EED12FB5CACE3C494740C9
                        Function 06A29C28 Relevance: 16.5, Strings: 13, Instructions: 250COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1409 6a29c28-6a29c7a call 6a20538 1414 6a29c86-6a29c8a 1409->1414 1415 6a29c7c-6a29c84 1409->1415 1416 6a29c8f-6a29c94 1414->1416 1415->1416 1417 6a29c96-6a29c9b 1416->1417 1418 6a29c9d-6a29ca6 1416->1418 1419 6a29ca9-6a29cab 1417->1419 1418->1419 1420 6a29cb1-6a29cb6 1419->1420 1421 6a29e58-6a29e82 1419->1421 1422 6a29d9a-6a29db3 1420->1422 1447 6a29e89-6a29ec9 1421->1447 1425 6a29db5-6a29dc5 1422->1425 1426 6a29dfc-6a29e00 1422->1426 1428 6a29dd1-6a29dd5 1425->1428 1429 6a29dc7-6a29dcf 1425->1429 1430 6a29ed0-6a29efa 1426->1430 1431 6a29e06-6a29e16 1426->1431 1432 6a29dda-6a29ddf 1428->1432 1429->1432 1448 6a29f01-6a29f45 1430->1448 1434 6a29e22-6a29e26 1431->1434 1435 6a29e18-6a29e20 1431->1435 1437 6a29de1-6a29de6 1432->1437 1438 6a29de8-6a29df1 1432->1438 1436 6a29e2b-6a29e30 1434->1436 1435->1436 1440 6a29e32-6a29e37 1436->1440 1441 6a29e39-6a29e42 1436->1441 1442 6a29df4-6a29df6 1437->1442 1438->1442 1445 6a29e45-6a29e47 1440->1445 1441->1445 1442->1426 1446 6a29cbb-6a29cc2 1442->1446 1445->1448 1449 6a29e4d-6a29e57 1445->1449 1450 6a29cc7-6a29cfe 1446->1450 1451 6a29cc4 1446->1451 1447->1430 1463 6a29d00-6a29d08 1450->1463 1464 6a29d0a-6a29d0e 1450->1464 1451->1450 1465 6a29d13-6a29d18 1463->1465 1464->1465 1468 6a29d1a-6a29d1c 1465->1468 1469 6a29d1e 1465->1469 1471 6a29d21-6a29d23 1468->1471 1469->1471 1471->1426 1473 6a29d29-6a29d40 1471->1473 1474 6a29d42-6a29d4e 1473->1474 1475 6a29d50-6a29d6d 1473->1475 1476 6a29d71-6a29d7d 1474->1476 1475->1476 1477 6a29d86-6a29d8f 1476->1477 1478 6a29d7f-6a29d84 1476->1478 1479 6a29d92-6a29d94 1477->1479 1478->1479 1479->1422 1479->1447
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2047711389.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_6a20000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID: 4'^q$4c^q$4c^q$4c^q$4|cq$Hbq$Hbq$Hbq$Hbq$$^q$$^q$$^q$$^q
                        • API String ID: 0-1803399471
                        • Opcode ID: ab3b9dc8abf3fc851ab844c51c528593ac2f4869df501d09fc03aab5485c19ea
                        • Instruction ID: 83e4fef53afe1fae256daefd70a75d39c9617edb5b9f6684b101cb2a7d8862fe
                        • Opcode Fuzzy Hash: ab3b9dc8abf3fc851ab844c51c528593ac2f4869df501d09fc03aab5485c19ea
                        • Instruction Fuzzy Hash: 2291A131B442228FCB99AB79C4542BEBBF2BF89700F188579D406EF281DB34D945DB90
                        Function 05CABAA9 Relevance: 15.1, APIs: 1, Strings: 7, Instructions: 1098COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1480 5cabaa9-5cabae3 1481 5cabaea-5cabb86 1480->1481 1482 5cabae5 1480->1482 1485 5cabbd8-5cabc13 1481->1485 1486 5cabb88-5cabbd2 1481->1486 1482->1481 1491 5cacf64-5cacf7d 1485->1491 1486->1485 1494 5cabc18-5cabd6e 1491->1494 1495 5cacf83-5cacfa9 1491->1495 1738 5cabd74 call 5cad050 1494->1738 1739 5cabd74 call 5cad060 1494->1739 1498 5cacfab-5cacfb7 1495->1498 1499 5cacfb8 1495->1499 1498->1499 1502 5cacfb9 1499->1502 1502->1502 1511 5cabd7a-5cabda8 1513 5cacf1c-5cacf36 1511->1513 1515 5cacf3c-5cacf60 1513->1515 1516 5cabdad-5cabef1 call 5ca61fc call 5ca620c 1513->1516 1515->1491 1534 5cabef3-5cabf1f 1516->1534 1535 5cabf24-5cabf6b 1516->1535 1538 5cabfb3-5cac16b 1534->1538 1541 5cabf6d-5cabf8f 1535->1541 1542 5cabf91-5cabfa0 1535->1542 1563 5cac1bd-5cac1c8 1538->1563 1564 5cac16d-5cac1b7 1538->1564 1546 5cabfa6-5cabfb2 1541->1546 1542->1546 1546->1538 1736 5cac1ce call 5cadb98 1563->1736 1737 5cac1ce call 5cadb89 1563->1737 1564->1563 1566 5cac1d4-5cac238 1571 5cac28a-5cac295 1566->1571 1572 5cac23a-5cac284 1566->1572 1721 5cac29b call 5cadb98 1571->1721 1722 5cac29b call 5cadb89 1571->1722 1572->1571 1574 5cac2a1-5cac304 1579 5cac356-5cac361 1574->1579 1580 5cac306-5cac350 1574->1580 1734 5cac367 call 5cadb98 1579->1734 1735 5cac367 call 5cadb89 1579->1735 1580->1579 1582 5cac36d-5cac3a6 1585 5cac81f-5cac8a6 1582->1585 1586 5cac3ac-5cac40f 1582->1586 1597 5cac8a8-5cac8fe 1585->1597 1598 5cac904-5cac90f 1585->1598 1594 5cac411 1586->1594 1595 5cac416-5cac42a 1586->1595 1594->1595 1731 5cac430 call 7057222 1595->1731 1732 5cac430 call 7057228 1595->1732 1733 5cac430 call 705756b 1595->1733 1597->1598 1729 5cac915 call 5cadb98 1598->1729 1730 5cac915 call 5cadb89 1598->1730 1601 5cac436-5cac468 LdrInitializeThunk call 5cab7b4 1606 5cac46d-5cac595 call 5caa118 call 5cab498 call 5ca940c call 5ca941c 1601->1606 1602 5cac91b-5cac9a8 1616 5cac9aa-5caca00 1602->1616 1617 5caca06-5caca11 1602->1617 1640 5cac59b-5cac5ed 1606->1640 1641 5cac802-5cac81e 1606->1641 1616->1617 1727 5caca17 call 5cadb98 1617->1727 1728 5caca17 call 5cadb89 1617->1728 1619 5caca1d-5caca95 1631 5cacaf3-5cacafe 1619->1631 1632 5caca97-5cacaed 1619->1632 1725 5cacb04 call 5cadb98 1631->1725 1726 5cacb04 call 5cadb89 1631->1726 1632->1631 1635 5cacb0a-5cacb76 1650 5cacbc8-5cacbd3 1635->1650 1651 5cacb78-5cacbc2 1635->1651 1648 5cac63f-5cac6ba 1640->1648 1649 5cac5ef-5cac639 1640->1649 1641->1585 1664 5cac70c-5cac786 1648->1664 1665 5cac6bc-5cac706 1648->1665 1649->1648 1723 5cacbd9 call 5cadb98 1650->1723 1724 5cacbd9 call 5cadb89 1650->1724 1651->1650 1652 5cacbdf-5cacc24 1666 5cacd5a-5cacedb 1652->1666 1667 5cacc2a-5cacd59 1652->1667 1680 5cac7d8-5cac801 1664->1680 1681 5cac788-5cac7d2 1664->1681 1665->1664 1717 5cacee3-5cacf03 1666->1717 1667->1666 1680->1641 1681->1680 1718 5cacf1b 1717->1718 1719 5cacf05-5cacf1a 1717->1719 1718->1513 1719->1718 1721->1574 1722->1574 1723->1652 1724->1652 1725->1635 1726->1635 1727->1619 1728->1619 1729->1602 1730->1602 1731->1601 1732->1601 1733->1601 1734->1582 1735->1582 1736->1566 1737->1566 1738->1511 1739->1511
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2046045709.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ca0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID: #9$#Ol^$3Ol^$COl^$SOl^$sE$K
                        • API String ID: 0-1979144119
                        • Opcode ID: 1f855ef9c5f7c7c889b9d2331d95f7623e5364f4e8a236e75c5556573af78178
                        • Instruction ID: a53e608c03088786badf7c1196bda3f561704393a219150129a84d373a772631
                        • Opcode Fuzzy Hash: 1f855ef9c5f7c7c889b9d2331d95f7623e5364f4e8a236e75c5556573af78178
                        • Instruction Fuzzy Hash: 49C28F74E012298FDB64DF28D998BADBBB2FB49304F1085E9E409A7354DB316E85CF50
                        Function 06A25A82 Relevance: 15.1, Strings: 11, Instructions: 1338COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2047711389.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_6a20000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID: (_^q$(_^q$,bq$4c^q$4c^q$Hbq$Nv]q$$^q$$^q$c^q$c^q
                        • API String ID: 0-3459267885
                        • Opcode ID: a43259ab44dac33777ff2d39cf0c94595f5aa448886a1d736b588448e108a833
                        • Instruction ID: 5bfa4d75e979ae52dcf3c1aff3cc6c02c0f286fcb0ea8bb331e3d598f2d31762
                        • Opcode Fuzzy Hash: a43259ab44dac33777ff2d39cf0c94595f5aa448886a1d736b588448e108a833
                        • Instruction Fuzzy Hash: 3E825170F811298FCBA9EB7D455027D6AE37BCC700B6458AED006DB394EE35DC868B91
                        Function 00404BA7 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 254COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 2154 404ba7-404bb8 2155 404bc3-404cf6 call 401920 * 2 call 4060ce call 402e99 call 4056e4 call 404da3 call 402780 call 4056e4 call 404da3 call 402311 2154->2155 2156 404bbe call 402311 2154->2156 2225 404cf8 call 22c042f 2155->2225 2226 404cf8 call 22c0000 2155->2226 2156->2155 2177 404cfa-404d84 call 404da3 call 40518a call 406c6b call 401f42 call 403375 ImageList_AddMasked 2190 404d93-404d9a DeleteObject 2177->2190 2191 404d86-404d8e 2177->2191 2192 404d9c-404da4 2190->2192 2191->2190 2193 404da6-404da9 2192->2193 2194 404dcd-404dd1 2192->2194 2195 404dab 2193->2195 2196 404dae-404dc8 call 4062dc 2193->2196 2194->2192 2197 404dd3-404dff call 404231 * 2 2194->2197 2195->2196 2196->2194 2205 404e05-404e0b 2197->2205 2206 404eca-404edd GetWindowLongW SetWindowLongW 2197->2206 2208 404e0e-404e15 2205->2208 2207 404ee3-405293 ShowWindow call 404266 call 404298 2206->2207 2210 404eab-404ebe 2208->2210 2211 404e1b-404e43 2208->2211 2210->2208 2214 404ec4-404ec8 2210->2214 2212 404e45-404e7b 2211->2212 2213 404e7d-404e7f 2211->2213 2212->2210 2217 404e81-404e90 2213->2217 2218 404e92-404ea8 2213->2218 2214->2206 2214->2207 2217->2210 2218->2210 2225->2177 2226->2177
                        APIs
                        • ImageList_AddMasked.COMCTL32(00000000,-0000000320D8429A,00FF00FF,?,-00000003BBBF0A32,?,?,?,B4F0866D), ref: 00404D5D
                        • DeleteObject.GDI32(-0000000320D8429A), ref: 00404D94
                        • GetWindowLongW.USER32(?,000000F0), ref: 00404ECF
                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404EDD
                        • ShowWindow.USER32(?,00000005,?,00000016,?,?,00000015,?,?,-00000003BBBF0A32,?,?,?,-00000003BBBF0A32), ref: 00404EEE
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2032683672.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2032617947.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2032741895.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2032798926.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2032899560.0000000000603000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2032899560.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2032899560.0000000000613000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Setup_latest.jbxd
                        Similarity
                        • API ID: Window$Long$DeleteImageList_MaskedObjectShow
                        • String ID: M
                        • API String ID: 4117607468-3664761504
                        • Opcode ID: 5d0e5656b16e84a085cb43efe19cc86c55f09f125d5a82e074454088ea7d7358
                        • Instruction ID: 14879a6d9b375e7c04fe657e9e17e1f62e1467e2afca08e9bc744c8cfdea36b0
                        • Opcode Fuzzy Hash: 5d0e5656b16e84a085cb43efe19cc86c55f09f125d5a82e074454088ea7d7358
                        • Instruction Fuzzy Hash: CD8108B6900219AFDB15EFB6CC85AAE7A72FF80304F11413AF901B71D5CB394D52DA98
                        Function 00404BEC Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 237COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 2227 404bec-404bff 2228 404c0a-404cf6 call 402e99 call 4056e4 call 404da3 call 402780 call 4056e4 call 404da3 call 402311 2227->2228 2229 404c05 call 4060ce 2227->2229 2292 404cf8 call 22c042f 2228->2292 2293 404cf8 call 22c0000 2228->2293 2229->2228 2244 404cfa-404d84 call 404da3 call 40518a call 406c6b call 401f42 call 403375 ImageList_AddMasked 2257 404d93-404d9a DeleteObject 2244->2257 2258 404d86-404d8e 2244->2258 2259 404d9c-404da4 2257->2259 2258->2257 2260 404da6-404da9 2259->2260 2261 404dcd-404dd1 2259->2261 2262 404dab 2260->2262 2263 404dae-404dc8 call 4062dc 2260->2263 2261->2259 2264 404dd3-404dff call 404231 * 2 2261->2264 2262->2263 2263->2261 2272 404e05-404e0b 2264->2272 2273 404eca-404edd GetWindowLongW SetWindowLongW 2264->2273 2275 404e0e-404e15 2272->2275 2274 404ee3-405293 ShowWindow call 404266 call 404298 2273->2274 2277 404eab-404ebe 2275->2277 2278 404e1b-404e43 2275->2278 2277->2275 2281 404ec4-404ec8 2277->2281 2279 404e45-404e7b 2278->2279 2280 404e7d-404e7f 2278->2280 2279->2277 2284 404e81-404e90 2280->2284 2285 404e92-404ea8 2280->2285 2281->2273 2281->2274 2284->2277 2285->2277 2292->2244 2293->2244
                        APIs
                        • ImageList_AddMasked.COMCTL32(00000000,-0000000320D8429A,00FF00FF,?,-00000003BBBF0A32,?,?,?,B4F0866D), ref: 00404D5D
                        • DeleteObject.GDI32(-0000000320D8429A), ref: 00404D94
                        • GetWindowLongW.USER32(?,000000F0), ref: 00404ECF
                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404EDD
                        • ShowWindow.USER32(?,00000005,?,00000016,?,?,00000015,?,?,-00000003BBBF0A32,?,?,?,-00000003BBBF0A32), ref: 00404EEE
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2032683672.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2032617947.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2032741895.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2032798926.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2032899560.0000000000603000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2032899560.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2032899560.0000000000613000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Setup_latest.jbxd
                        Similarity
                        • API ID: Window$Long$DeleteImageList_MaskedObjectShow
                        • String ID: M
                        • API String ID: 4117607468-3664761504
                        • Opcode ID: c5d892a8eb8390ade1165472926d1943eb77b7d240fabadb215821f2a10480af
                        • Instruction ID: 11e37c85d74ddffd07e261167b0604d3e403a00a80151a8b933415202747970e
                        • Opcode Fuzzy Hash: c5d892a8eb8390ade1165472926d1943eb77b7d240fabadb215821f2a10480af
                        • Instruction Fuzzy Hash: C271F7B1900219AFDB15EFA5DC85AAE7A72FF80304F11413AF601BB1D5CB394D52DB98
                        Function 00404231 Relevance: 9.7, APIs: 4, Strings: 1, Instructions: 945librarymemoryloaderCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 2301 404231-40427c call 404da3 call 4014c2 call 402f5d 2308 404287-404cf6 call 404da3 call 4014c2 call 4053b8 call 404da3 call 4053b8 call 404da3 call 402c40 call 406b33 call 402e99 call 4050ba call 404da3 * 4 call 4050ba call 402569 call 40160d GetProcAddress call 402e99 call 401da6 call 401920 call 40218a call 402c40 call 404da3 call 401fc8 call 402c40 call 40218a call 4014c2 call 40589f call 404da3 call 406ba2 call 402e99 call 404da3 * 4 call 40238a call 403415 call 4060ce call 4050fe call 404da3 * 3 call 4014c2 call 40607f call 406842 call 4053b8 call 404da3 call 4014c2 call 40607f call 4029d2 call 401920 call 401fc8 call 4056e4 call 40218a call 404da3 call 403375 call 404da3 call 403375 call 402e99 call 406842 call 403375 call 404da3 * 2 call 4050ba call 404da3 call 40607f call 4059df call 402e99 VirtualAlloc call 40518a call 40160d * 2 call 4014c2 call 402411 call 4014c2 call 404da3 * 2 call 406ce6 call 404da3 call 4059df call 404da3 * 2 call 4050ba call 402c40 call 401da6 call 4053b8 call 404da3 call 40589f call 40238a call 404da3 call 406a00 call 402311 call 401920 * 2 call 4060ce call 402e99 call 4056e4 call 404da3 call 402780 call 4056e4 call 404da3 call 402311 2301->2308 2309 404282 call 4059df 2301->2309 2560 404cf8 call 22c042f 2308->2560 2561 404cf8 call 22c0000 2308->2561 2309->2308 2512 404cfa-404d84 call 404da3 call 40518a call 406c6b call 401f42 call 403375 ImageList_AddMasked 2525 404d93-404d9a DeleteObject 2512->2525 2526 404d86-404d8e 2512->2526 2527 404d9c-404da4 2525->2527 2526->2525 2528 404da6-404da9 2527->2528 2529 404dcd-404dd1 2527->2529 2530 404dab 2528->2530 2531 404dae-404dc8 call 4062dc 2528->2531 2529->2527 2532 404dd3-404dff call 404231 * 2 2529->2532 2530->2531 2531->2529 2540 404e05-404e0b 2532->2540 2541 404eca-404edd GetWindowLongW SetWindowLongW 2532->2541 2543 404e0e-404e15 2540->2543 2542 404ee3-405293 ShowWindow call 404266 call 404298 2541->2542 2545 404eab-404ebe 2543->2545 2546 404e1b-404e43 2543->2546 2545->2543 2549 404ec4-404ec8 2545->2549 2547 404e45-404e7b 2546->2547 2548 404e7d-404e7f 2546->2548 2547->2545 2552 404e81-404e90 2548->2552 2553 404e92-404ea8 2548->2553 2549->2541 2549->2542 2552->2545 2553->2545 2560->2512 2561->2512
                        APIs
                        • GetProcAddress.KERNEL32(00000000), ref: 004043E3
                        • VirtualAlloc.KERNEL32(-0000000141E576F6,0004FC0F,?,-00000003BBBF0A32,?,?,?,B4F0866D), ref: 004049E2
                        • ImageList_AddMasked.COMCTL32(00000000,-0000000320D8429A,00FF00FF,?,-00000003BBBF0A32,?,?,?,B4F0866D), ref: 00404D5D
                        • DeleteObject.GDI32(-0000000320D8429A), ref: 00404D94
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2032683672.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2032617947.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2032741895.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2032798926.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2032899560.0000000000603000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2032899560.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2032899560.0000000000613000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Setup_latest.jbxd
                        Similarity
                        • API ID: AddressAllocDeleteImageList_MaskedObjectProcVirtual
                        • String ID: !V
                        • API String ID: 1465237270-4266994466
                        • Opcode ID: da582785723cd6db532941bb9f53d8ac3c03429cab2e3c8434cac72126ead9cf
                        • Instruction ID: 9e76ea7efa8256f57a8d62b3ca0a2a9c058c842c891d293bcfe9f6f3373330fd
                        • Opcode Fuzzy Hash: da582785723cd6db532941bb9f53d8ac3c03429cab2e3c8434cac72126ead9cf
                        • Instruction Fuzzy Hash: AB324A67A547350AE659F9BB4C9A17E0003EBC0218397E63EAD17EB5CBCE3C494710CA
                        Function 05B4E698 Relevance: 8.3, Strings: 6, Instructions: 769COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 2562 5b4e698-5b4e6a4 2563 5b4e716-5b4e71f 2562->2563 2564 5b4e6a6-5b4e6aa 2562->2564 2565 5b4e721-5b4e726 2563->2565 2566 5b4e728-5b4e75d 2563->2566 2567 5b4e764-5b4e76d 2564->2567 2568 5b4e6b0-5b4e6b6 2564->2568 2565->2566 2566->2567 2569 5b4e776-5b4e7e0 2567->2569 2570 5b4e76f-5b4e774 2567->2570 2571 5b4e6bd 2568->2571 2572 5b4e6b8-5b4e6bb 2568->2572 2592 5b4e810-5b4e815 2569->2592 2593 5b4e7e2 2569->2593 2570->2569 2573 5b4e6c0-5b4e6c4 2571->2573 2572->2573 2578 5b4e6c6-5b4e6d4 2573->2578 2579 5b4e6da-5b4e6df 2573->2579 2578->2579 2581 5b4e6e1-5b4e6e7 2579->2581 2582 5b4e6ef-5b4e6f7 2579->2582 2581->2582 2761 5b4e6f9 call 5b4e7b8 2582->2761 2762 5b4e6f9 call 5b4e698 2582->2762 2763 5b4e6f9 call 5b4e68a 2582->2763 2585 5b4e6ff-5b4e703 2587 5b4e705-5b4e709 2585->2587 2588 5b4e70f-5b4e713 2585->2588 2587->2588 2594 5b4e7e5-5b4e7f8 2593->2594 2595 5b4e818-5b4e84e 2594->2595 2596 5b4e7fa-5b4e802 2594->2596 2599 5b4e854-5b4e858 2595->2599 2600 5b4ebbc-5b4ebc5 2595->2600 2773 5b4e804 call 5ca75d8 2596->2773 2774 5b4e804 call 5ca75e8 2596->2774 2775 5b4e804 call 5ca76b8 2596->2775 2776 5b4e804 call 5ca76ad 2596->2776 2598 5b4e80a-5b4e80e 2598->2592 2598->2594 2603 5b4ebf0-5b4ec2c 2599->2603 2604 5b4e85e-5b4e870 2599->2604 2601 5b4ebc7-5b4ebcc 2600->2601 2602 5b4ebce-5b4ebe9 2600->2602 2601->2602 2602->2603 2631 5b4ec2e-5b4ec5a 2603->2631 2632 5b4ebba 2603->2632 2609 5b4e876-5b4e8bf 2604->2609 2610 5b4e95d-5b4e966 2604->2610 2636 5b4e8c1-5b4e8cb 2609->2636 2637 5b4e8d3-5b4e8dd 2609->2637 2611 5b4e968-5b4e972 2610->2611 2612 5b4e97a-5b4e984 2610->2612 2611->2612 2616 5b4e986-5b4e9a4 2612->2616 2617 5b4e9ac-5b4e9bd 2612->2617 2616->2617 2623 5b4e9cd-5b4e9e8 2617->2623 2624 5b4e9bf-5b4e9c5 2617->2624 2764 5b4e9ea call 5b4ee46 2623->2764 2765 5b4e9ea call 5b4f097 2623->2765 2766 5b4e9ea call 5b4e7b8 2623->2766 2767 5b4e9ea call 5b4e698 2623->2767 2768 5b4e9ea call 5b4ec38 2623->2768 2769 5b4e9ea call 5b4f168 2623->2769 2770 5b4e9ea call 5b4e68a 2623->2770 2624->2623 2633 5b4ec64-5b4ec67 2631->2633 2634 5b4ec5c-5b4ec62 2631->2634 2632->2600 2638 5b4ec6a-5b4ec71 2633->2638 2634->2638 2635 5b4e9f0-5b4ebb9 2636->2637 2639 5b4e905-5b4e916 2637->2639 2640 5b4e8df-5b4e8fd 2637->2640 2642 5b4ec73-5b4ec7a 2638->2642 2643 5b4ec7d-5b4ec96 2638->2643 2648 5b4e926-5b4e958 2639->2648 2649 5b4e918-5b4e91e 2639->2649 2640->2639 2651 5b4ecb4-5b4ecc0 2643->2651 2652 5b4ec98-5b4ecb1 2643->2652 2648->2635 2649->2648 2653 5b4ecc6-5b4ed03 call 5b42660 2651->2653 2654 5b4f08d-5b4f091 2651->2654 2652->2651 2687 5b4ef60-5b4ef67 2653->2687 2688 5b4ed09-5b4ed14 2653->2688 2657 5b4f093-5b4f095 2654->2657 2658 5b4f0f8-5b4f0ff 2654->2658 2662 5b4f0f0-5b4f0f6 2657->2662 2660 5b4f101-5b4f124 2658->2660 2661 5b4f153-5b4f15a 2658->2661 2680 5b4f126-5b4f130 2660->2680 2681 5b4f132 2660->2681 2662->2658 2665 5b4f0a0-5b4f0a6 2662->2665 2670 5b4f0ac-5b4f0bb 2665->2670 2671 5b4f15d-5b4f19b 2665->2671 2676 5b4f0bd-5b4f0e7 2670->2676 2677 5b4f0ef 2670->2677 2678 5b4f19d-5b4f1a9 2671->2678 2679 5b4f1ab-5b4f1b4 2671->2679 2676->2677 2677->2662 2683 5b4f1b7-5b4f1bb 2678->2683 2679->2683 2685 5b4f13c-5b4f14c 2680->2685 2681->2685 2689 5b4f1e2-5b4f1ee 2683->2689 2690 5b4f1bd-5b4f1df 2683->2690 2685->2661 2691 5b4ef6d-5b4efd3 2687->2691 2692 5b4f07b-5b4f087 2687->2692 2701 5b4ed16-5b4ed1d 2688->2701 2702 5b4ed62-5b4ed92 2688->2702 2699 5b4f1f0-5b4f1f9 2689->2699 2700 5b4f1fc-5b4f217 call 5b4c640 2689->2700 2740 5b4efd5-5b4efdc 2691->2740 2741 5b4f04b-5b4f078 2691->2741 2692->2653 2692->2654 2716 5b4f221 2700->2716 2717 5b4f219-5b4f21f 2700->2717 2704 5b4ed1f-5b4ed43 2701->2704 2705 5b4ed4b-5b4ed5e 2701->2705 2714 5b4ee1d-5b4ee36 2702->2714 2715 5b4ed98-5b4ee1b call 5b42660 * 3 2702->2715 2704->2705 2705->2702 2722 5b4ee38-5b4ee43 2714->2722 2715->2722 2721 5b4f223-5b4f236 2716->2721 2717->2721 2771 5b4f239 call 5b4f290 2721->2771 2772 5b4f239 call 5b4f298 2721->2772 2722->2687 2726 5b4f23c-5b4f263 call 5b4d1e0 2734 5b4f265 2726->2734 2735 5b4f26e 2726->2735 2734->2735 2740->2741 2743 5b4efde-5b4f049 call 5b42660 * 3 2740->2743 2741->2692 2743->2741 2761->2585 2762->2585 2763->2585 2764->2635 2765->2635 2766->2635 2767->2635 2768->2635 2769->2635 2770->2635 2771->2726 2772->2726 2773->2598 2774->2598 2775->2598 2776->2598
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID: (bq$(bq$(bq$0oAp$DqAp$LjAp
                        • API String ID: 0-3988487894
                        • Opcode ID: b6c8928d49eb885472de6915a328e32e6d83a0896ea6e1f506bf56a35472fab8
                        • Instruction ID: 9f9edfcc4520c3489d21b98356fa82046ce9e20a52147ac8ac6500bb8f54d8ea
                        • Opcode Fuzzy Hash: b6c8928d49eb885472de6915a328e32e6d83a0896ea6e1f506bf56a35472fab8
                        • Instruction Fuzzy Hash: 0D620735A002149FCB14DF68C598AADBBF6FF88310F1585A9E806AB365DB31EC46DF50
                        Function 022C0B3F Relevance: 7.6, APIs: 5, Instructions: 100threadprocessCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 2884 22c0b3f-22c0b86 CreateToolhelp32Snapshot 2887 22c0c5c-22c0c5f 2884->2887 2888 22c0b8c-22c0bad Thread32First 2884->2888 2889 22c0c48-22c0c57 2888->2889 2890 22c0bb3-22c0bb9 2888->2890 2889->2887 2891 22c0c28-22c0c42 Thread32Next 2890->2891 2892 22c0bbb-22c0bc1 2890->2892 2891->2889 2891->2890 2892->2891 2893 22c0bc3-22c0be2 2892->2893 2893->2891 2895 22c0be4-22c0be8 2893->2895 2896 22c0bea-22c0bfe Wow64SuspendThread 2895->2896 2897 22c0c00-22c0c0f 2895->2897 2898 22c0c14-22c0c26 FindCloseChangeNotification 2896->2898 2897->2898 2898->2891
                        APIs
                        • CreateToolhelp32Snapshot.KERNEL32(00000004,00000000,?,?,?,?,?,022C0685,?,00000001,?,81EC8B55,000000FF), ref: 022C0B7D
                        • Thread32First.KERNEL32(00000000,0000001C), ref: 022C0BA9
                        • Wow64SuspendThread.KERNEL32(00000000), ref: 022C0BFC
                        • FindCloseChangeNotification.KERNEL32(00000000), ref: 022C0C26
                        • Thread32Next.KERNEL32(00000000,0000001C), ref: 022C0C3E
                        Memory Dump Source
                        • Source File: 00000000.00000002.2033920345.00000000022C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022C0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_22c0000_Setup_latest.jbxd
                        Yara matches
                        Similarity
                        • API ID: Thread32$ChangeCloseCreateFindFirstNextNotificationSnapshotSuspendThreadToolhelp32Wow64
                        • String ID:
                        • API String ID: 3036766480-0
                        • Opcode ID: ed4f7e93d5c748d87e273fbd072de27cfcb41b6612c19f34ce8dd7f2a24eca5e
                        • Instruction ID: dc0555978fe907673737b3619ff1224f95b851575c5e226d22e1d27094f13a41
                        • Opcode Fuzzy Hash: ed4f7e93d5c748d87e273fbd072de27cfcb41b6612c19f34ce8dd7f2a24eca5e
                        • Instruction Fuzzy Hash: B541F975A00109EFDB18DF98C890BADB7B6EF88300F20816CE6159B794DB74AE45CB94
                        Function 06A20040 Relevance: 6.6, Strings: 5, Instructions: 394COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2047711389.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_6a20000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID: Hbq$Hbq$Hbq$Hbq$Hbq
                        • API String ID: 0-1677660839
                        • Opcode ID: 82f13cca02e767ccbf7dd4d8f0c0837795e6c72320e73863ef82fa04c4033016
                        • Instruction ID: aae79ac434117022f53c6b00d28fa88678b71913da66479050bcca6e6f69fb7d
                        • Opcode Fuzzy Hash: 82f13cca02e767ccbf7dd4d8f0c0837795e6c72320e73863ef82fa04c4033016
                        • Instruction Fuzzy Hash: 66F18E31E44266CFCB69DF78C4502BDFBB2BF85300F24866AD546AB241DB749A85CB90
                        Function 072E77BA Relevance: 5.5, Strings: 4, Instructions: 498COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2048851521.00000000072E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_72e0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID: $^q$$^q$$^q$$^q
                        • API String ID: 0-2125118731
                        • Opcode ID: 5324fb631e1b57cdb9511c7529fd4d513a038d5f359a834fe86f931a1a96b7d7
                        • Instruction ID: 72e0f66edbf7d64209366c658268cd9a19ca0d18eefc4d62530bad052ada0ef2
                        • Opcode Fuzzy Hash: 5324fb631e1b57cdb9511c7529fd4d513a038d5f359a834fe86f931a1a96b7d7
                        • Instruction Fuzzy Hash: 3532A4B0E10229CFDB64DF64C994BDEBBB6BB49300F5095E9D00AAB250DB319E85DF50
                        Function 072E4E38 Relevance: 5.3, Strings: 4, Instructions: 277COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2048851521.00000000072E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_72e0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID: $^q$$^q$$^q$$^q
                        • API String ID: 0-2125118731
                        • Opcode ID: 21ffab18d0bfdbff8317df0abcac3c4d9ecb9a3a87f1ca9c50e97d139a925d68
                        • Instruction ID: 27e6b066edf8bd933d0c2f5477cc0c186362c6e6e2d4ab0494b79521e7426d19
                        • Opcode Fuzzy Hash: 21ffab18d0bfdbff8317df0abcac3c4d9ecb9a3a87f1ca9c50e97d139a925d68
                        • Instruction Fuzzy Hash: F1C118B0E11219CFDB28DFA5C994B9DBBB6BF89304F6081A9D009BB354DB345985CF41
                        Function 06A29F48 Relevance: 4.3, Strings: 3, Instructions: 514COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2047711389.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_6a20000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID: 4|cq$$^q$$^q
                        • API String ID: 0-2405269640
                        • Opcode ID: c9e0445b547fc0b71cdd6cc14eb2955c61d91a574895909d24c7a4a62bbc5572
                        • Instruction ID: 08e20da1a859f2e90b860ddef3a2b054580c5d644f7906f20771bed86f00a8d8
                        • Opcode Fuzzy Hash: c9e0445b547fc0b71cdd6cc14eb2955c61d91a574895909d24c7a4a62bbc5572
                        • Instruction Fuzzy Hash: A5029F30B402298FDB55EF7AC8546AEBBB6BF88300F148469E509DB395DF349D46CB90
                        Function 022C042F Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 399threadCOMMON
                        Download Yara Rule
                        APIs
                        • CreateThread.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,?,00000001,?,81EC8B55,000000FF), ref: 022C06D2
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2033920345.00000000022C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022C0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_22c0000_Setup_latest.jbxd
                        Yara matches
                        Similarity
                        • API ID: CreateThread
                        • String ID: IOs'
                        • API String ID: 2422867632-495361288
                        • Opcode ID: 1b5241ec462d58ea49d4c68f47838d8ee1a76d0d1aca4f8ca88bfd28e774e468
                        • Instruction ID: ce1b178eedea5d0a2c24ba8465ee2d117e61ba4e1440faba3a6fd2f87818f1dc
                        • Opcode Fuzzy Hash: 1b5241ec462d58ea49d4c68f47838d8ee1a76d0d1aca4f8ca88bfd28e774e468
                        • Instruction Fuzzy Hash: 6812D0B0E10219DBDB18DF98C990BADBBB2FF88304F2482A9D505AB385D7356A41CF54
                        Function 022C09EF Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 103threadCOMMON
                        Download Yara Rule
                        APIs
                        • CreateThread.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 022C0ABB
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2033920345.00000000022C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022C0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_22c0000_Setup_latest.jbxd
                        Yara matches
                        Similarity
                        • API ID: CreateThread
                        • String ID: ,
                        • API String ID: 2422867632-3772416878
                        • Opcode ID: fc60953fbf7661c618888493d7684cefa6d88d8934743e077e5b29c3addb46ae
                        • Instruction ID: 6d488437297b47eb362a8f8544811055bee1006e3a3450e4d1fd4955d9896f51
                        • Opcode Fuzzy Hash: fc60953fbf7661c618888493d7684cefa6d88d8934743e077e5b29c3addb46ae
                        • Instruction Fuzzy Hash: EB41C474A00209EFDB04CF98C994BAEB7B1FF88314F208298D515AB385D775AE81CF94
                        Function 05CADD10 Relevance: 2.9, Strings: 2, Instructions: 364COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2046045709.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ca0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID: .$1
                        • API String ID: 0-1839485796
                        • Opcode ID: 15265fa72c3d973f150245f40aabe67876202a0d8c21eddd1f0b4607a7f6bc22
                        • Instruction ID: 577aa0c3c99818db6f5c0b21329f3386bfe0c1ecf404d55656bee2262af471e5
                        • Opcode Fuzzy Hash: 15265fa72c3d973f150245f40aabe67876202a0d8c21eddd1f0b4607a7f6bc22
                        • Instruction Fuzzy Hash: B0F1F174E01229CFDB28CF65C884BEDBBB2BF89305F1095A9D50AA7250DB715E85CF50
                        Function 05CA82B6 Relevance: 2.7, Strings: 2, Instructions: 223COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2046045709.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ca0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID: LR^q$PH^q
                        • API String ID: 0-4173805542
                        • Opcode ID: 4af9fb9a78f28794c65329ca9a0775bd8de6dae22631af47092844d28ff590b4
                        • Instruction ID: 540dd479bdb5604fa46eddfdca83ba1e6946ca43527d91d6058cbe404f12660f
                        • Opcode Fuzzy Hash: 4af9fb9a78f28794c65329ca9a0775bd8de6dae22631af47092844d28ff590b4
                        • Instruction Fuzzy Hash: 6BA1C775E04319CFDB24DFA5C894BAEBBB2BF89304F1085A9D40AAB354DB305A85CF51
                        Function 05CAB008 Relevance: 2.7, Strings: 2, Instructions: 203COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2046045709.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ca0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID: $^q$$^q
                        • API String ID: 0-355816377
                        • Opcode ID: 4400205b74bd28ae6f873242d8deff6e93c743311c7ba7e59c222fd82e58a1e1
                        • Instruction ID: ba49ecda51f2c613535bc8ef5f3777be72c3ca25f4580b47db02ab4fa3c79342
                        • Opcode Fuzzy Hash: 4400205b74bd28ae6f873242d8deff6e93c743311c7ba7e59c222fd82e58a1e1
                        • Instruction Fuzzy Hash: 1591D174E01218CFDB18DFA9D994A9DBBB2FF89305F208569E409AB354DB359D86CF00
                        Function 06A2F4A8 Relevance: 2.7, Strings: 2, Instructions: 201COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2047711389.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_6a20000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID: 1$v
                        • API String ID: 0-2456183578
                        • Opcode ID: 46efeea0fcb3639ca1f24e5dcc4259f552b62065b6c01c14adc4fc24965a48b7
                        • Instruction ID: 54d0ae49d0c639a8e2a57306fd8403111d676d0f9526f8c3b16fa021dedc2d52
                        • Opcode Fuzzy Hash: 46efeea0fcb3639ca1f24e5dcc4259f552b62065b6c01c14adc4fc24965a48b7
                        • Instruction Fuzzy Hash: A091A374E01218CFDB58DFA9D994AADBBF2FF89300F1080AAD409AB355DB355981CF50
                        Function 06A2F499 Relevance: 2.7, Strings: 2, Instructions: 196COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2047711389.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_6a20000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID: 1$v
                        • API String ID: 0-2456183578
                        • Opcode ID: 9f64021b4454e1f06a643fcfc0c7966045823ae2575b8a1bb2ece517937e2bdf
                        • Instruction ID: af316dce59ee823e851b7406bf3aa2d4596645bf0b16e1fbbf8d39c822c672ad
                        • Opcode Fuzzy Hash: 9f64021b4454e1f06a643fcfc0c7966045823ae2575b8a1bb2ece517937e2bdf
                        • Instruction Fuzzy Hash: 4291B474E01228CFDB58DFA9D984A9DBBF2FF89300F1081AAD409AB355DB315982CF51
                        Function 072E1AB1 Relevance: 2.0, Strings: 1, Instructions: 771COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2048851521.00000000072E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_72e0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID: @B/
                        • API String ID: 0-3863299084
                        • Opcode ID: cc25141be3d7cd2a38be4cd098698a2f1d600bd721c7fcdfb1f79886f576f47b
                        • Instruction ID: e1e399f3028797aec864a553ec79ad0e6db19c63e3b07f7f0e2a97c6c297b988
                        • Opcode Fuzzy Hash: cc25141be3d7cd2a38be4cd098698a2f1d600bd721c7fcdfb1f79886f576f47b
                        • Instruction Fuzzy Hash: A4829BB4E11229CFDB64DF69C988BDDBBB6BB49300F5081EAD409A7251DB319E81CF50
                        Function 072E3C78 Relevance: 1.8, Strings: 1, Instructions: 525COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2048851521.00000000072E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_72e0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID: CE
                        • API String ID: 0-970145093
                        • Opcode ID: b0361d006e65281af93ea3ed1687040ffc6dbb0b407fe1bb8d0d45b1abcb26ff
                        • Instruction ID: c9f86c1bc9a86f2a7ea8ff47d2c8a2eaa0421f3777caaec52cffba7d5fa88026
                        • Opcode Fuzzy Hash: b0361d006e65281af93ea3ed1687040ffc6dbb0b407fe1bb8d0d45b1abcb26ff
                        • Instruction Fuzzy Hash: DB429EB4E012298FDB64DF64C994BEEBBB6BB49300F5085E9D40AAB250DB315E85DF40
                        Function 05CA7398 Relevance: 1.6, APIs: 1, Instructions: 60libraryCOMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.2046045709.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ca0000_Setup_latest.jbxd
                        Similarity
                        • API ID: InitializeThunk
                        • String ID:
                        • API String ID: 2994545307-0
                        • Opcode ID: c2b664a80b515bbe9b03c99104b456c97bd89a093b76a646f8f5b7c72b6ad2a1
                        • Instruction ID: a1fa8a8ebdacf3a987fa59a070d2d003983fa8a1809eaff616f4b5077ed17269
                        • Opcode Fuzzy Hash: c2b664a80b515bbe9b03c99104b456c97bd89a093b76a646f8f5b7c72b6ad2a1
                        • Instruction Fuzzy Hash: 5E21AD75E022189FCB08DFA9E484ADDBBF2FB88324F10946AE405B7360DB305881CF54
                        Function 05738E78 Relevance: 1.5, Strings: 1, Instructions: 295COMMON
                        Download Yara Rule
                        Strings
                        • mJmYmdhb2N8VGVtcGxlV2FsbGV0, xrefs: 05739006
                        Memory Dump Source
                        • Source File: 00000000.00000002.2042401129.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5730000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID: mJmYmdhb2N8VGVtcGxlV2FsbGV0
                        • API String ID: 0-1464551529
                        • Opcode ID: db04eebe2764d113d7121bbdd1f67e6aee698e7ce16f4a55491d31b73fd25e65
                        • Instruction ID: e04fe485f9717bcc28a78bd63433668aaebf80502c41f2f2c7559984afc94e67
                        • Opcode Fuzzy Hash: db04eebe2764d113d7121bbdd1f67e6aee698e7ce16f4a55491d31b73fd25e65
                        • Instruction Fuzzy Hash: A5D1C334910218CFCB14EFB4D855AADBBB2FF8A301F5085ADE40AAB254DF319985DF41
                        Function 05738E88 Relevance: 1.5, Strings: 1, Instructions: 289COMMON
                        Download Yara Rule
                        Strings
                        • mJmYmdhb2N8VGVtcGxlV2FsbGV0, xrefs: 05739006
                        Memory Dump Source
                        • Source File: 00000000.00000002.2042401129.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5730000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID: mJmYmdhb2N8VGVtcGxlV2FsbGV0
                        • API String ID: 0-1464551529
                        • Opcode ID: 11d9b383ea1a6e67cd6a7b9e1a790734eaf8a70e8e4d2604d1b38e17f8dba017
                        • Instruction ID: cd1f123bdb7b248a4fb3f88e0a25fb0460840d5518877147e56a7747f6c73b41
                        • Opcode Fuzzy Hash: 11d9b383ea1a6e67cd6a7b9e1a790734eaf8a70e8e4d2604d1b38e17f8dba017
                        • Instruction Fuzzy Hash: 80D1C234910218CFCB18EFB4D854AADBBB2FF8A301F5085ADE41AAB254DF319985DF51
                        Function 05B191EC Relevance: 1.5, Strings: 1, Instructions: 238COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045615230.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b10000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID: (_^q
                        • API String ID: 0-538443824
                        • Opcode ID: 444bf6c33d46ed111dedad4962b5d7fec4aac172b1bdf91a7617c5d158406157
                        • Instruction ID: d28ce54f3d84c8bfe7ac4ff3d9fbefada701a4324192b607bdd0e2f32af4e2bb
                        • Opcode Fuzzy Hash: 444bf6c33d46ed111dedad4962b5d7fec4aac172b1bdf91a7617c5d158406157
                        • Instruction Fuzzy Hash: 47A13B74E10219CFDB14DF64D999BADBBB2FF88304F5085A9E406AB254EF30A985CF50
                        Function 072E1170 Relevance: 1.4, Strings: 1, Instructions: 181COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2048851521.00000000072E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_72e0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID: $^q
                        • API String ID: 0-388095546
                        • Opcode ID: f4afe9ae632f8e36a854be5f019134ae34d8adcba01ee5427171ba69295a719b
                        • Instruction ID: 86b4253744c4161267c8368382ce89c9e8501716bdc732abfd6b0253513054bc
                        • Opcode Fuzzy Hash: f4afe9ae632f8e36a854be5f019134ae34d8adcba01ee5427171ba69295a719b
                        • Instruction Fuzzy Hash: 4371D2B4E1031DCFDB18DFA5D584AADBBB6BF89300F60952AD415AB354DB319886CF40
                        Function 05AD96C8 Relevance: 1.1, Instructions: 1068COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045314433.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ad0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a3dbdee9dbbce26fd4f5e7b3a55051777afaa8a8e15867145aecfc0a3a060a3b
                        • Instruction ID: d45cb611e273a1f2b2a32d2f2a0b5ce5e2cdde3c01187e00957a11e1480d426c
                        • Opcode Fuzzy Hash: a3dbdee9dbbce26fd4f5e7b3a55051777afaa8a8e15867145aecfc0a3a060a3b
                        • Instruction Fuzzy Hash: CC927F30A002099FCF14EF65D894A6EBBF2FF88310F158569E5169B3A5DB34EC46CB90
                        Function 06A20D88 Relevance: .8, Instructions: 814COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2047711389.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_6a20000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 361a7145d5bc29a3463ba01e82facd562f0f9533ebceee85bf5173e0acf767b3
                        • Instruction ID: d4d8d5396f44843919626c33975dcc2af07bc0a933c4325479f209352d6801b9
                        • Opcode Fuzzy Hash: 361a7145d5bc29a3463ba01e82facd562f0f9533ebceee85bf5173e0acf767b3
                        • Instruction Fuzzy Hash: 0D82AD34A50626CFEBA4EB28D948B6977B2BF48708F1040EAC909DB756E7709C45CF52
                        Function 05AD7660 Relevance: .8, Instructions: 751COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045314433.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ad0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 16f6955a7c1f9ef06711dfaeb1c3f53beb9a41fe1f2e70a4e4356d28dd9831f5
                        • Instruction ID: 1fae5a967dad6110e52b0baf0b6d76ce482360e7a65411174fe6167f7c96062c
                        • Opcode Fuzzy Hash: 16f6955a7c1f9ef06711dfaeb1c3f53beb9a41fe1f2e70a4e4356d28dd9831f5
                        • Instruction Fuzzy Hash: 8A62C834A002188FDB54EF64D999B6DBBB2FF88301F1085A9E50A9B395DF349D86CF50
                        Function 072EA868 Relevance: .7, Instructions: 696COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2048851521.00000000072E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_72e0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6b2cc6702a6d9888d7263c8bc93a8afe96e5ccfa6fa5809d05bdb76f8830dce5
                        • Instruction ID: 8c1ec644fc107f69929965e3e4a7c9671be4132d1c2171314d98834d0ae832d6
                        • Opcode Fuzzy Hash: 6b2cc6702a6d9888d7263c8bc93a8afe96e5ccfa6fa5809d05bdb76f8830dce5
                        • Instruction Fuzzy Hash: BA32ABB0B112058FDB15DB79C564BAEB7FAAF89300F6484A9E106DB3A0CB35EC45CB51
                        Function 05AB0040 Relevance: .5, Instructions: 526COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045176249.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ab0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b002b5f36bfa32e2b90e45f6612b7c9ae830ba97c592d367282013d8150662ad
                        • Instruction ID: c91b5dbea0d0ee994baf0af8b4b0412e6fd55eb38f786ab63514358d1a3d6682
                        • Opcode Fuzzy Hash: b002b5f36bfa32e2b90e45f6612b7c9ae830ba97c592d367282013d8150662ad
                        • Instruction Fuzzy Hash: 02028F307402558FDB28AB799869B2E7AE7BF88340F14896CE446CB3D6DF74DC058B81
                        Function 05736AA8 Relevance: .5, Instructions: 499COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2042401129.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5730000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f267e54eab32c6d020f9af1868557dc82e04fbd22e38d304214e37260b7b0e55
                        • Instruction ID: db9d099d64b846c83d5c65c085d857fec93d77b0e0f9aeadf1985246bd4cd0b5
                        • Opcode Fuzzy Hash: f267e54eab32c6d020f9af1868557dc82e04fbd22e38d304214e37260b7b0e55
                        • Instruction Fuzzy Hash: 6C220075904228DFDB65DF64C954BE9BBB2FF49300F0090E9E50AAB2A1DB359E84DF40
                        Function 05B15120 Relevance: .5, Instructions: 457COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045615230.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b10000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b61cac881efc4a19a601d89ee76017b5b788fd9e108f6655e8e338f85c8011b1
                        • Instruction ID: 3cea27be22f07cb075194bfa2a33cba2b0be5e6db19544718e4a44349e470aab
                        • Opcode Fuzzy Hash: b61cac881efc4a19a601d89ee76017b5b788fd9e108f6655e8e338f85c8011b1
                        • Instruction Fuzzy Hash: 1F126070A00219CFDB65DF68C854B9DBBB2FF84300F148599D849AB295DB70ED86CF90
                        Function 05CAA118 Relevance: .4, Instructions: 426COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2046045709.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ca0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 03c9932b3fde657e2bd41122def7e3389fbf9c7d627cda643a916bcb77b80430
                        • Instruction ID: 97bf11f318df837d889d3f94ff0932a1059308d171a30cccd2ff7c802a41198c
                        • Opcode Fuzzy Hash: 03c9932b3fde657e2bd41122def7e3389fbf9c7d627cda643a916bcb77b80430
                        • Instruction Fuzzy Hash: AC229E71D01229CFDB65DF69C890BD9BBB2BF49304F1085EAD44AA7250EB30AE85CF40
                        Function 072E82F0 Relevance: .4, Instructions: 403COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2048851521.00000000072E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_72e0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9d9939554a93fe7f87ffc8d9e7be81748bc6964c3bebc414a3475103c5da4e7e
                        • Instruction ID: b2d74cd1a5ff9751f539afe85e1cdc9483267c61270eb50f9b0396aeeb30362c
                        • Opcode Fuzzy Hash: 9d9939554a93fe7f87ffc8d9e7be81748bc6964c3bebc414a3475103c5da4e7e
                        • Instruction Fuzzy Hash: 712259B4E012288FDB64DF68C994BDDBBB2BB49300F1085EAD549AB350DB319E85DF50
                        Function 05CA05A0 Relevance: .4, Instructions: 378COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2046045709.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ca0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3bd380ffbf867690f58d93557c0a6c01e2842763dd4cff4a83f17299a1e184ee
                        • Instruction ID: 15c128fa2c6a0033a721e7547733e9b8f100f612c172aa1a55cc80ca37578c77
                        • Opcode Fuzzy Hash: 3bd380ffbf867690f58d93557c0a6c01e2842763dd4cff4a83f17299a1e184ee
                        • Instruction Fuzzy Hash: 3EE16075E402189FDB14EBA4C891ABEBB77EF88300F908459D406BB394CE346C86DF65
                        Function 05CA05B0 Relevance: .4, Instructions: 374COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2046045709.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ca0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1912b8c9093fae28d557b1c3c6f57a82ce6c776dbadd439b028d4cae014e33bd
                        • Instruction ID: 431e531d7d713da17baf09b1c2179ad9f6f4f1eec98836ad4df43f6cfaa63a09
                        • Opcode Fuzzy Hash: 1912b8c9093fae28d557b1c3c6f57a82ce6c776dbadd439b028d4cae014e33bd
                        • Instruction Fuzzy Hash: 5CE15F75E402189FDB14EBA4C895ABEBB77EF88300F918459D406BB394CE306C86DF65
                        Function 05CA9748 Relevance: .4, Instructions: 363COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2046045709.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ca0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d68e8871baed410ec6635ce35acdf340cd7a2bfa3f253dbcf4808b95872e22cc
                        • Instruction ID: 4a272fcf5499043b7e04ee79b589e3b4d993d87316534d4d67a725119db5e9b2
                        • Opcode Fuzzy Hash: d68e8871baed410ec6635ce35acdf340cd7a2bfa3f253dbcf4808b95872e22cc
                        • Instruction Fuzzy Hash: 7E02A174A01229CFDB64DF64C994B9DBBB2BF89300F1085E9D40AA7394DB31AE85CF51
                        Function 05ADB15F Relevance: .3, Instructions: 344COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045314433.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ad0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4c3b62cb03c6f4813e607804630aa4ec6b7c64b0eef10832e8651f56f46b845c
                        • Instruction ID: 5d779e369f0b422f887554e286163116c7e4b1209e2db375f6c1cd635a77830d
                        • Opcode Fuzzy Hash: 4c3b62cb03c6f4813e607804630aa4ec6b7c64b0eef10832e8651f56f46b845c
                        • Instruction Fuzzy Hash: 78D10A34A01209DFCB14DF69D984A6EBBF2FF88310B558469E8069B365DB35ED42CF60
                        Function 05B441C0 Relevance: .3, Instructions: 340COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5e2059fc751c2d5805f5c1edf570cc472510f1e329ba3da81dffc200cf9f68f7
                        • Instruction ID: e2785c786298ea3993c0f670891a95f5b4fc90b3616a4898bd4c8b7fa9d6c1c1
                        • Opcode Fuzzy Hash: 5e2059fc751c2d5805f5c1edf570cc472510f1e329ba3da81dffc200cf9f68f7
                        • Instruction Fuzzy Hash: 28D17F75A006059FCB15CF79D988AAEBBF2FF88300B1585A9E405AB365DB30EC55CF90
                        Function 072E3638 Relevance: .3, Instructions: 332COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2048851521.00000000072E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_72e0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 99fccf1269d807b6c4c704ae6216383f25f24970871a2f5b186d761bf3a99281
                        • Instruction ID: 12eedc6c7f5d5ff3a2f52949cb459fc36e66686b272e3fadcc5be73ad2ccab6f
                        • Opcode Fuzzy Hash: 99fccf1269d807b6c4c704ae6216383f25f24970871a2f5b186d761bf3a99281
                        • Instruction Fuzzy Hash: D6F1C270A00229CFDB28DF64C890B9EBBB2BF89304F1085E9D449AB355DB315E86DF51
                        Function 05ABC7C8 Relevance: .3, Instructions: 327COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045176249.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ab0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 92bdb6201132c64aad2863fd2a7fdb9b9da2785caac2ee24c17c949f85c831d4
                        • Instruction ID: 859e42b0f6ccc834ac7da5b2059d1b228c69a90f7cdb9d0e7972263d95a2d878
                        • Opcode Fuzzy Hash: 92bdb6201132c64aad2863fd2a7fdb9b9da2785caac2ee24c17c949f85c831d4
                        • Instruction Fuzzy Hash: B0C16F30A002069FEF24EB65D994F7AB7B7FB84310F40C978C5168B656DBB0EC498B90
                        Function 072E2850 Relevance: .3, Instructions: 323COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2048851521.00000000072E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_72e0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7e859f3749fd0c94c1675b42969e2064e558c715c49f19c7975e6a0c548641cb
                        • Instruction ID: 4a20269377cc5c6608b823979931ecba961b557b349a8060f4a1bcfe5777ab97
                        • Opcode Fuzzy Hash: 7e859f3749fd0c94c1675b42969e2064e558c715c49f19c7975e6a0c548641cb
                        • Instruction Fuzzy Hash: 37E1E3B0E10229CFDB24CF65C880B9EBBB6BF89300F5091AAD44AB7250DB705E85CF50
                        Function 06A2D568 Relevance: .3, Instructions: 320COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2047711389.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_6a20000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: fb7e364872826f4e87b877c65834049d7eaad16609d2ffd45fa02a8df1ff55a6
                        • Instruction ID: 1607a8b0549e000560a0aba9d270fec22c418e5625743dd3908ebd2ded728ef2
                        • Opcode Fuzzy Hash: fb7e364872826f4e87b877c65834049d7eaad16609d2ffd45fa02a8df1ff55a6
                        • Instruction Fuzzy Hash: CDE1C574E01219CFDB54DFA9C484B9DFBB2BF48310F2482A9E409AB356DB34A985CF50
                        Function 072E47CF Relevance: .3, Instructions: 294COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2048851521.00000000072E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_72e0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e5a9197b122190140740bbd194a0d4cd97694223070a7254425ed41f75920246
                        • Instruction ID: c755691d46446f10446a5d2d33c2eed66baab1b024ce2792ed0ac9d359730f5f
                        • Opcode Fuzzy Hash: e5a9197b122190140740bbd194a0d4cd97694223070a7254425ed41f75920246
                        • Instruction Fuzzy Hash: 5AD1D2B4E11219CFDB64DFA5C884B9DBBB6BF89304F5085AAD409AB350DB315D82CF14
                        Function 05CA8800 Relevance: .3, Instructions: 287COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2046045709.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ca0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 74d509c5d8f9fb1876674c6d03468418b3267fdf36c58a86123330ef4047b1d8
                        • Instruction ID: 616c27f97c2b4a24957f1eeec8753a21e99e97ca83f3ac020d6c1b9752cbc862
                        • Opcode Fuzzy Hash: 74d509c5d8f9fb1876674c6d03468418b3267fdf36c58a86123330ef4047b1d8
                        • Instruction Fuzzy Hash: 55D1BF74E05219CFDB24CFA9C984B9DBBB2BF89304F1094A9D409AB355DB309E82CF10
                        Function 05CA5340 Relevance: .3, Instructions: 281COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2046045709.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ca0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f6ceb040b0829191e78ec93315a5123518496fff02b8bd085b89553c8cdc367b
                        • Instruction ID: 5d77199f807588295e57c45dea1ba016c250b3b7bca146737071f81c434c0292
                        • Opcode Fuzzy Hash: f6ceb040b0829191e78ec93315a5123518496fff02b8bd085b89553c8cdc367b
                        • Instruction Fuzzy Hash: 3BB12B71E0020A9FDF10CFA9D9857EDBBF2BF88318F14C529D815A7294EB749945CB81
                        Function 05CAD060 Relevance: .3, Instructions: 271COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2046045709.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ca0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3c9cfca3ef0a5c3519d15910eaccc48f45eceac6520cf76bb63e466b3031a5bc
                        • Instruction ID: e4f4361ad1fc9345ab438328ace1927a28f2e93a6fe715d1f9622e85b09dade5
                        • Opcode Fuzzy Hash: 3c9cfca3ef0a5c3519d15910eaccc48f45eceac6520cf76bb63e466b3031a5bc
                        • Instruction Fuzzy Hash: 8AC1E471D012298BDB68DF65C890BDEBBB2BF89304F1085EAD44ABB250DB705E85CF50
                        Function 05ADB6A8 Relevance: .3, Instructions: 269COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045314433.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ad0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6d563876fd21e8bed6615b9baf20cf52c2632b882186419dc576b0511abe0d5b
                        • Instruction ID: a754e433b709beaffc4a0920c78adad9f31276bd685f82c2ea4a33d347cc76ea
                        • Opcode Fuzzy Hash: 6d563876fd21e8bed6615b9baf20cf52c2632b882186419dc576b0511abe0d5b
                        • Instruction Fuzzy Hash: 06917035A00209DFDB05EF75C884EAEBBB7FF89340B158469E9069B264DB35D802DB60
                        Function 05CA5C10 Relevance: .3, Instructions: 266COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2046045709.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ca0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 505f88215825bf491956ff6439ba2645fa8dcee5280973a472f40e3f2814a7ca
                        • Instruction ID: 651fc3767911f322dc80f3ab4f5ca097793c3b169c1980f4d1699a561cf063dd
                        • Opcode Fuzzy Hash: 505f88215825bf491956ff6439ba2645fa8dcee5280973a472f40e3f2814a7ca
                        • Instruction Fuzzy Hash: 9BB15AB1E0024A8FDF10CFA9D9857ADBFF2BB88318F14C929D415E7294EB749945CB81
                        Function 057311BC Relevance: .3, Instructions: 253COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2042401129.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5730000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: abd0664d9cd164b781a58f1184edcc5b37cd44b25e762ab590f9d7d12b650021
                        • Instruction ID: 1c13d0cef746f3f7a40cc26f2bfa1ca5f13ba6d7e0ef3ec3a29c318b8afe6099
                        • Opcode Fuzzy Hash: abd0664d9cd164b781a58f1184edcc5b37cd44b25e762ab590f9d7d12b650021
                        • Instruction Fuzzy Hash: B4A18335E1031A9FCB00DFA4D8549DDFBBAFF99310F158215E41AAB2A2DB30AD45DB50
                        Function 072E3629 Relevance: .2, Instructions: 225COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2048851521.00000000072E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_72e0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3aaecd699e7b877db19342fda339847c5740df688d8b961fbce75f6704d06f76
                        • Instruction ID: 0459e32079918fd9d16ffe0640fc95a6315dc3b79978931790ef1e0a723b16da
                        • Opcode Fuzzy Hash: 3aaecd699e7b877db19342fda339847c5740df688d8b961fbce75f6704d06f76
                        • Instruction Fuzzy Hash: 14A1F770E00228DFDB24DFA5D850BAEBBB2BF85300F1081A9D40A6B355DB315E86DF51
                        Function 05732151 Relevance: .2, Instructions: 216COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2042401129.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5730000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f8e043f09b278484064d49b971494e99844f23d8b0a7e529ecca5ed831da5f77
                        • Instruction ID: 67baf778d2a8144c0955f67bf1ed2c74837913bd2a0831cdd1918b6818b0293b
                        • Opcode Fuzzy Hash: f8e043f09b278484064d49b971494e99844f23d8b0a7e529ecca5ed831da5f77
                        • Instruction Fuzzy Hash: 74918235E1031ADFCB04DFA0D8449DDFBBAFF99310B258215E41AAB2A5DB30A985DB50
                        Function 05CAABE1 Relevance: .2, Instructions: 198COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2046045709.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ca0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 76e18f9eed33f28160b4b67129025f38288d56d061b42b528dd31a6ce77ecbf6
                        • Instruction ID: fb7b6949d6cbe1067df3e1690991d4260506852dbb4361bafb9d2a0b0805c837
                        • Opcode Fuzzy Hash: 76e18f9eed33f28160b4b67129025f38288d56d061b42b528dd31a6ce77ecbf6
                        • Instruction Fuzzy Hash: A8911674E01229DFDB24DFA9C984BADBBB2FF49304F1085A9E449AB351DB305A85CF41
                        Function 072E2842 Relevance: .2, Instructions: 189COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2048851521.00000000072E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_72e0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: af1efb23a1e9a71d07bd109e747f7d9ae4dc86af9c8240df9f4947e4e4e9b547
                        • Instruction ID: a1f136fb986eab6c08f528b61b4100649e7d9fb6d4e0e38da489dab0741ec086
                        • Opcode Fuzzy Hash: af1efb23a1e9a71d07bd109e747f7d9ae4dc86af9c8240df9f4947e4e4e9b547
                        • Instruction Fuzzy Hash: 5391A4B0E012298FDB68DF65C954B9EBBB6BF89300F5081EAC00AB7250DB315A85DF51
                        Function 065B0CF0 Relevance: 20.6, Strings: 16, Instructions: 623COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 294 65b0cf0-65b0d35 299 65b0d3b-65b0d3d 294->299 300 65b0e67-65b0e7a 294->300 301 65b0d40-65b0d4f 299->301 303 65b0f70-65b0f7b 300->303 304 65b0e80-65b0e8f 300->304 307 65b0e07-65b0e0b 301->307 308 65b0d55-65b0d87 301->308 306 65b0f83-65b0f8c 303->306 314 65b0f3b-65b0f3f 304->314 315 65b0e95-65b0ebb 304->315 309 65b0e1a 307->309 310 65b0e0d-65b0e18 307->310 342 65b0d89-65b0d8e 308->342 343 65b0d90-65b0d97 308->343 313 65b0e1f-65b0e22 309->313 310->313 313->306 319 65b0e28-65b0e2c 313->319 316 65b0f4e 314->316 317 65b0f41-65b0f4c 314->317 344 65b0ebd-65b0ec2 315->344 345 65b0ec4-65b0ecb 315->345 321 65b0f50-65b0f52 316->321 317->321 322 65b0e3b 319->322 323 65b0e2e-65b0e39 319->323 326 65b0fa3-65b101d 321->326 327 65b0f54-65b0f5e 321->327 328 65b0e3d-65b0e3f 322->328 323->328 378 65b1023-65b1025 326->378 379 65b10f1-65b1104 326->379 337 65b0f61-65b0f6a 327->337 332 65b0f8f-65b0f9c 328->332 333 65b0e45-65b0e4f 328->333 332->326 346 65b0e52-65b0e5c 333->346 337->303 337->304 348 65b0dfb-65b0e05 342->348 351 65b0d99-65b0d9f 343->351 352 65b0dbc-65b0de0 343->352 349 65b0f2f-65b0f39 344->349 353 65b0ecd-65b0eee 345->353 354 65b0ef0-65b0f14 345->354 346->301 350 65b0e62 346->350 348->346 349->337 350->306 356 65b0da7-65b0dba 351->356 368 65b0df8 352->368 369 65b0de2-65b0de8 352->369 353->349 370 65b0f2c 354->370 371 65b0f16-65b0f1c 354->371 356->348 368->348 372 65b0dea 369->372 373 65b0dec-65b0dee 369->373 370->349 374 65b0f1e 371->374 375 65b0f20-65b0f22 371->375 372->368 373->368 374->370 375->370 380 65b1028-65b1037 378->380 382 65b110a-65b1119 379->382 383 65b119c-65b11a7 379->383 386 65b1039-65b1066 380->386 387 65b1091-65b1095 380->387 392 65b111b-65b1144 382->392 393 65b1167-65b116b 382->393 385 65b11af-65b11b8 383->385 408 65b106c-65b106e 386->408 388 65b1097-65b10a2 387->388 389 65b10a4 387->389 391 65b10a9-65b10ac 388->391 389->391 391->385 398 65b10b2-65b10b6 391->398 417 65b115c-65b1165 392->417 418 65b1146-65b114c 392->418 396 65b117a 393->396 397 65b116d-65b1178 393->397 400 65b117c-65b117e 396->400 397->400 401 65b10b8-65b10c3 398->401 402 65b10c5 398->402 405 65b11cf-65b11d1 400->405 406 65b1180-65b118a 400->406 407 65b10c7-65b10c9 401->407 402->407 415 65b11db-65b11f8 405->415 422 65b118d-65b1196 406->422 411 65b11bb-65b11c8 407->411 412 65b10cf-65b10d9 407->412 413 65b1070-65b1076 408->413 414 65b1086-65b108f 408->414 411->405 429 65b10dc-65b10e6 412->429 420 65b107a-65b107c 413->420 421 65b1078 413->421 414->429 432 65b11fa-65b1217 415->432 417->422 423 65b114e 418->423 424 65b1150-65b1152 418->424 420->414 421->414 422->382 422->383 423->417 424->417 429->380 431 65b10ec 429->431 431->385 435 65b1219-65b121f 432->435 436 65b122f-65b1251 432->436 437 65b1223-65b1225 435->437 438 65b1221 435->438 441 65b1254-65b1258 436->441 437->436 438->436 442 65b125a-65b125f 441->442 443 65b1261-65b1266 441->443 444 65b126c-65b126f 442->444 443->444 445 65b1460-65b1468 444->445 446 65b1275-65b128a 444->446 446->441 448 65b128c 446->448 449 65b1348-65b136d 448->449 450 65b1293-65b12b8 448->450 451 65b1400-65b1421 448->451 461 65b136f-65b1371 449->461 462 65b1373-65b1377 449->462 463 65b12ba-65b12bc 450->463 464 65b12be-65b12c2 450->464 457 65b1427-65b145b 451->457 457->441 466 65b13d5-65b13fb 461->466 467 65b1379-65b1396 462->467 468 65b1398-65b13bb 462->468 469 65b1320-65b1343 463->469 470 65b12e3-65b1306 464->470 471 65b12c4-65b12e1 464->471 466->441 467->466 487 65b13bd-65b13c3 468->487 488 65b13d3 468->488 469->441 485 65b1308-65b130e 470->485 486 65b131e 470->486 471->469 491 65b1312-65b1314 485->491 492 65b1310 485->492 486->469 489 65b13c7-65b13c9 487->489 490 65b13c5 487->490 488->466 489->488 490->488 491->486 492->486
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2046420275.00000000065B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_65b0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID: $^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                        • API String ID: 0-2449488485
                        • Opcode ID: 8133abff6c8ee7e5877ccb9e73b311016c8a6720a0d0f9b6b035d805cc816dd3
                        • Instruction ID: 7866c8b2112517d607938c6329502fe17c5361be185eaa0125988c7b11818b9e
                        • Opcode Fuzzy Hash: 8133abff6c8ee7e5877ccb9e73b311016c8a6720a0d0f9b6b035d805cc816dd3
                        • Instruction Fuzzy Hash: 7822E230B046099FDB949F69C894ABEBBF6BF89310B149459E506CB3A6DF30DC41CB91
                        Function 00406624 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 2294 406624-406644 GetSystemDirectoryW 2295 406646 2294->2295 2296 406648-40664a 2294->2296 2295->2296 2297 40665b-40665d 2296->2297 2298 40664c-406655 2296->2298 2300 40665e-406691 wsprintfW LoadLibraryExW 2297->2300 2298->2297 2299 406657-406659 2298->2299 2299->2300
                        APIs
                        • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 0040663B
                        • wsprintfW.USER32 ref: 00406676
                        • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 0040668A
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2032683672.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2032617947.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2032741895.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2032798926.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2032899560.0000000000603000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2032899560.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2032899560.0000000000613000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Setup_latest.jbxd
                        Similarity
                        • API ID: DirectoryLibraryLoadSystemwsprintf
                        • String ID: %s%S.dll$UXTHEME$\
                        • API String ID: 2200240437-1946221925
                        • Opcode ID: fcd04411c5a1f64f7e9219edfc5ac0d332aa1f587fd7b062781a7321f30925af
                        • Instruction ID: 9fa172bba6ca99a644905d2b6d7ed641771312ed853c50fe9922007c80c3d461
                        • Opcode Fuzzy Hash: fcd04411c5a1f64f7e9219edfc5ac0d332aa1f587fd7b062781a7321f30925af
                        • Instruction Fuzzy Hash: 7CF0FC70501119A6CF10BB64DD0EF9B365CA700304F10447AA54AF10D1EBB9DB64CB99
                        Function 065B14EC Relevance: 7.8, Strings: 6, Instructions: 339COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 2777 65b14ec 2778 65b14f6 2777->2778 2779 65b1500-65b1517 2778->2779 2780 65b151d-65b151f 2779->2780 2781 65b1521-65b1527 2780->2781 2782 65b1537-65b1559 2780->2782 2783 65b152b-65b152d 2781->2783 2784 65b1529 2781->2784 2787 65b15a0-65b15a7 2782->2787 2783->2782 2784->2782 2788 65b14d9-65b14e8 2787->2788 2789 65b15ad-65b16af 2787->2789 2792 65b155b-65b155f 2788->2792 2793 65b14ea 2788->2793 2794 65b156e 2792->2794 2795 65b1561-65b156c 2792->2795 2793->2777 2797 65b1573-65b1576 2794->2797 2795->2797 2797->2789 2800 65b1578-65b157c 2797->2800 2801 65b158b 2800->2801 2802 65b157e-65b1589 2800->2802 2803 65b158d-65b158f 2801->2803 2802->2803 2805 65b16b2-65b16bf 2803->2805 2806 65b1595-65b159f 2803->2806 2809 65b16c0-65b16f0 2805->2809 2806->2787 2813 65b16f2-65b170f 2809->2813 2816 65b1711-65b1717 2813->2816 2817 65b1727-65b1749 2813->2817 2818 65b171b-65b171d 2816->2818 2819 65b1719 2816->2819 2822 65b174c-65b1750 2817->2822 2818->2817 2819->2817 2823 65b1759-65b175e 2822->2823 2824 65b1752-65b1757 2822->2824 2825 65b1764-65b1767 2823->2825 2824->2825 2826 65b176d-65b1782 2825->2826 2827 65b1a27-65b1a2f 2825->2827 2826->2822 2829 65b1784 2826->2829 2830 65b178b-65b183b 2829->2830 2831 65b18f8-65b1925 2829->2831 2832 65b196f-65b1994 2829->2832 2833 65b1840-65b18f3 2829->2833 2830->2822 2852 65b192b-65b1935 2831->2852 2853 65b1a9e-65b1add 2831->2853 2847 65b199a-65b199e 2832->2847 2848 65b1996-65b1998 2832->2848 2833->2822 2855 65b19bf-65b19e2 2847->2855 2856 65b19a0-65b19bd 2847->2856 2854 65b19fc-65b1a22 2848->2854 2858 65b193b-65b196a 2852->2858 2859 65b1a68-65b1a97 2852->2859 2854->2822 2875 65b19fa 2855->2875 2876 65b19e4-65b19ea 2855->2876 2856->2854 2858->2822 2859->2853 2875->2854 2878 65b19ee-65b19f0 2876->2878 2879 65b19ec 2876->2879 2878->2875 2879->2875
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2046420275.00000000065B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_65b0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID: $^q$$^q$$^q$$^q$$^q$$^q
                        • API String ID: 0-2392861976
                        • Opcode ID: dc47ea69ee94a55f706e5d7fcb15a1f0d9456e8db4868521cefca6a4fc895a62
                        • Instruction ID: eea421351b0ef7bdc4cad7fd3b80f1d87e5db525c5a3edc588a33666e8723c53
                        • Opcode Fuzzy Hash: dc47ea69ee94a55f706e5d7fcb15a1f0d9456e8db4868521cefca6a4fc895a62
                        • Instruction Fuzzy Hash: 98C1F534B446089FDBA49B68C8A4A6E7BE6FF85700F105469E5039F3A2CF71EC45CB91
                        Function 0230F4AC Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 66libraryCOMMON
                        Download Yara Rule
                        APIs
                        • LoadLibraryA.KERNEL32(00000000,?,?), ref: 0230F53E
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2033920345.00000000022C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022C0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_22c0000_Setup_latest.jbxd
                        Yara matches
                        Similarity
                        • API ID: LibraryLoad
                        • String ID: .dll
                        • API String ID: 1029625771-2738580789
                        • Opcode ID: f6f06f52cd4a024ca790678b75224790e8b38e6a55f670a1ffdfea5ea75d1fe1
                        • Instruction ID: cb54bd0966781081b7bff575306d78cd07cc724829631fe8aa790233b224601d
                        • Opcode Fuzzy Hash: f6f06f52cd4a024ca790678b75224790e8b38e6a55f670a1ffdfea5ea75d1fe1
                        • Instruction Fuzzy Hash: 8821D2726006858FDB32CFADD894B6E7BA4BF05328F19416DDD058BE81DB20E8458BA0
                        Function 00406694 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                        Download Yara Rule
                        APIs
                        • GetModuleHandleA.KERNEL32(?,00000020,?,00403401,0000000A), ref: 004066A6
                        • GetProcAddress.KERNEL32(00000000,?), ref: 004066C1
                          • Part of subcall function 00406624: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 0040663B
                          • Part of subcall function 00406624: wsprintfW.USER32 ref: 00406676
                          • Part of subcall function 00406624: LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 0040668A
                        Memory Dump Source
                        • Source File: 00000000.00000002.2032683672.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2032617947.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2032741895.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2032798926.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2032899560.0000000000603000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2032899560.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2032899560.0000000000613000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Setup_latest.jbxd
                        Similarity
                        • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                        • String ID:
                        • API String ID: 2547128583-0
                        • Opcode ID: 2c450699f5e5c6ed5e41876474a170b73f17b01a65d70064c3ee9ca103cb2d45
                        • Instruction ID: 155b38c425e345f43688a0673e138072f65e923c2ca09dacbbabb210d44f0fbf
                        • Opcode Fuzzy Hash: 2c450699f5e5c6ed5e41876474a170b73f17b01a65d70064c3ee9ca103cb2d45
                        • Instruction Fuzzy Hash: 50E0863250461156D31197709E4487762EC9B95750307483EF946F2091DB399C36A66D
                        Function 05B42C38 Relevance: 2.8, Strings: 2, Instructions: 289COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID: (bq$(bq
                        • API String ID: 0-4224401849
                        • Opcode ID: f3b0c490d3381acc7fd73260da7802cc87b002d66974959fc89a8e203173c276
                        • Instruction ID: cdbd8afe96948752618bdac8b11a75f4c039019ce1cbd1003096ec9e51de2f4b
                        • Opcode Fuzzy Hash: f3b0c490d3381acc7fd73260da7802cc87b002d66974959fc89a8e203173c276
                        • Instruction Fuzzy Hash: ABA1BE34B042559FCB14DB78D894A2EBFF6FF89300B5485A9E406DB392DE30DD059B91
                        Function 05B1F718 Relevance: 2.8, Strings: 2, Instructions: 289COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045615230.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b10000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID: (_^q$4'^q
                        • API String ID: 0-2508332758
                        • Opcode ID: d3c3e693623db949dd3ff3922856445bc7fdbe33f3685b9f20f1ccd2851a5700
                        • Instruction ID: 33bba6175fd4fc3ba0e0784ae7371d85858f145452dc2bcf0c37a2ff4f2e7a89
                        • Opcode Fuzzy Hash: d3c3e693623db949dd3ff3922856445bc7fdbe33f3685b9f20f1ccd2851a5700
                        • Instruction Fuzzy Hash: 87B17031A102149FCB14EFB9D459AADBFF6FF88300F558469E806AB391DF34A946CB50
                        Function 05B4C290 Relevance: 2.8, Strings: 2, Instructions: 285COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID: (bq$(bq
                        • API String ID: 0-4224401849
                        • Opcode ID: 40aa27a6814412638c9c3e343013e847d9a51f0fc105bef90cb1b7cb4947eb0d
                        • Instruction ID: 31d2f140f72288232a8f5e795321e33aab315268a70d07459bab2dcb0d317fc9
                        • Opcode Fuzzy Hash: 40aa27a6814412638c9c3e343013e847d9a51f0fc105bef90cb1b7cb4947eb0d
                        • Instruction Fuzzy Hash: B1A15C34B402148FCB24EB79D498A6E7AF7EFC9300F6484A9E806DB395DE35DC059B51
                        Function 05B4F298 Relevance: 2.7, Strings: 2, Instructions: 228COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID: (bq$(bq
                        • API String ID: 0-4224401849
                        • Opcode ID: dd7991fd46a49695cd794435c4bce5bd7eb5e87df1c57e6e17c5fdcd6080d653
                        • Instruction ID: 92d78cf21c6d4c3c858145b5b613ae6a2f5621507bef51ae07589d280ef36660
                        • Opcode Fuzzy Hash: dd7991fd46a49695cd794435c4bce5bd7eb5e87df1c57e6e17c5fdcd6080d653
                        • Instruction Fuzzy Hash: F5815A34B002158FCB14DF68C498A3E7BF6FF89640B1984A9E806DB3A5DE34DC01DBA1
                        Function 05B431F0 Relevance: 2.7, Strings: 2, Instructions: 207COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID: (bq$(bq
                        • API String ID: 0-4224401849
                        • Opcode ID: 0f7f9122323951ee466f37afa51bad6aaa685c863010034505083892fecda748
                        • Instruction ID: 0ffcc964925792d03a3b0a4fc9746af61ddec2208af8f5ee038c9a357e4ea6cf
                        • Opcode Fuzzy Hash: 0f7f9122323951ee466f37afa51bad6aaa685c863010034505083892fecda748
                        • Instruction Fuzzy Hash: 4071B030B042558FCB15EB78846462EBFF2FF86300B6589AAD846DB382DF349D458B91
                        Function 05B1C4D0 Relevance: 2.7, Strings: 2, Instructions: 183COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045615230.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b10000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID: xbq$xbq
                        • API String ID: 0-4275011135
                        • Opcode ID: 1be112dff06544e39a4ba199a60d7cb7334ed7e915aa68df1311a40ba4bd2318
                        • Instruction ID: b605d91eef84bacbdfd2cb29e46b034105245e6578ffb16ec40ac2ee7c9f4681
                        • Opcode Fuzzy Hash: 1be112dff06544e39a4ba199a60d7cb7334ed7e915aa68df1311a40ba4bd2318
                        • Instruction Fuzzy Hash: 2171AA70A006058FCB15DF78C544AAABBF2FF89304B54C9ADD446AB364DB31E806CF90
                        Function 05AB5D40 Relevance: 2.6, Strings: 2, Instructions: 141COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045176249.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ab0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID: (bq$(bq
                        • API String ID: 0-4224401849
                        • Opcode ID: f6480cd6c2a3ddc06dcaeb980c71d6bf7d3c4d045c99ba5c2192a42a1fdfa9bd
                        • Instruction ID: d642a0f66bcba17c0df86631701e46a887aa89a9eb79d0496e275dbc9158e7ef
                        • Opcode Fuzzy Hash: f6480cd6c2a3ddc06dcaeb980c71d6bf7d3c4d045c99ba5c2192a42a1fdfa9bd
                        • Instruction Fuzzy Hash: B041C231B043445FD7259B789859B2E3FF6AB86201F6485BDE446CB3C2EE31CC069791
                        Function 05AD3638 Relevance: 2.6, Strings: 2, Instructions: 60COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045314433.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ad0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID: 4'^q$4'^q
                        • API String ID: 0-2697143702
                        • Opcode ID: 7fe8fe623098dd5d0593b11af33cd8f0e71195b6174b4b75f2611be550048ec9
                        • Instruction ID: f71bd3a1eab535c77aafcaabb7de09f9e6eca27fa29d8d089244b76067afc94a
                        • Opcode Fuzzy Hash: 7fe8fe623098dd5d0593b11af33cd8f0e71195b6174b4b75f2611be550048ec9
                        • Instruction Fuzzy Hash: 4C117F30B0031A9FCB14EB29D880A6EF7B2FF84200B104A29E0465B755EB71FC4D8B91
                        Function 05AD0006 Relevance: 2.0, Instructions: 2010COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045314433.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ad0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 81c37277ba0a8bb1cb60be793be8c1b2ba97405b2464539aa4894c7942719da9
                        • Instruction ID: 2b7de6f511681c034e7370e517b6e9fb177032d4cda2992db5c4a7a15498acc3
                        • Opcode Fuzzy Hash: 81c37277ba0a8bb1cb60be793be8c1b2ba97405b2464539aa4894c7942719da9
                        • Instruction Fuzzy Hash: CD232276902604DFCF65AFA1CA28A59B732FF8A345B20846BDD0267764CF7A8D41DF00
                        Function 05AD0040 Relevance: 2.0, Instructions: 1978COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045314433.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ad0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7a1dce460c2f1abd20178180b2135a472ed4a32267be2057d8433e0043735ac3
                        • Instruction ID: 36b7fdb7452b8c6a6e3f04943b02208ee2ce746a135fe718e7d02b4df65126fb
                        • Opcode Fuzzy Hash: 7a1dce460c2f1abd20178180b2135a472ed4a32267be2057d8433e0043735ac3
                        • Instruction Fuzzy Hash: BC231176902604DFCF65AFA1CA28A59B732FF8A345B20846BDD1267764CF7A8D41DF00
                        Function 0230DEEF Relevance: 1.7, APIs: 1, Instructions: 183COMMON
                        Download Yara Rule
                        APIs
                        • SafeArrayCreate.OLEAUT32(00000011,00000001,?), ref: 0230E080
                        Memory Dump Source
                        • Source File: 00000000.00000002.2033920345.00000000022C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022C0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_22c0000_Setup_latest.jbxd
                        Yara matches
                        Similarity
                        • API ID: ArrayCreateSafe
                        • String ID:
                        • API String ID: 37945469-0
                        • Opcode ID: 3a71c02433a8139c968cc3f30c4dd14e73a6b67554079fc4c70d085402dfb9e4
                        • Instruction ID: 4a1474f9b67745a6f7bd5c7b8ea293591765b30a0ece43cc4feaeaa006848d31
                        • Opcode Fuzzy Hash: 3a71c02433a8139c968cc3f30c4dd14e73a6b67554079fc4c70d085402dfb9e4
                        • Instruction Fuzzy Hash: 63614971200206AFD724DF65C894FABB7E8FF49715F048A69E949CB185EB30E905CFA1
                        Function 05ABBC60 Relevance: 1.7, Strings: 1, Instructions: 425COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045176249.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ab0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID: (bq
                        • API String ID: 0-149360118
                        • Opcode ID: e19b50792f18c319ae6b1c722656b392db69b8a090f6d623a0e38c4a407c662b
                        • Instruction ID: 467ad0d2e101b91a34cc6c500de2909f681dc1a389c4037fa0204940a66d6129
                        • Opcode Fuzzy Hash: e19b50792f18c319ae6b1c722656b392db69b8a090f6d623a0e38c4a407c662b
                        • Instruction Fuzzy Hash: 87F13A34A002099FDB14DF69D494EAEBBF6BF88310F158469E8169B352DB74EC45CFA0
                        Function 05731DF0 Relevance: 1.6, APIs: 1, Instructions: 146COMMON
                        Download Yara Rule
                        APIs
                        • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 05731F62
                        Memory Dump Source
                        • Source File: 00000000.00000002.2042401129.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5730000_Setup_latest.jbxd
                        Similarity
                        • API ID: CreateWindow
                        • String ID:
                        • API String ID: 716092398-0
                        • Opcode ID: 8664b8a560ffd4c6938b142f6445c9906cb88244a235b3a11ed90750438d6219
                        • Instruction ID: ddb1de3f988f3db2fc3a3bfcc651c3444f4e21df6889a74c1e7d27ff7e8068c2
                        • Opcode Fuzzy Hash: 8664b8a560ffd4c6938b142f6445c9906cb88244a235b3a11ed90750438d6219
                        • Instruction Fuzzy Hash: D6510FB1C00349AFCF01CFA9C984ACEBFB6BF49310F64816AE918AB221D7719855DF50
                        Function 05CA71C9 Relevance: 1.6, APIs: 1, Instructions: 122COMMON
                        Download Yara Rule
                        APIs
                        • KiUserExceptionDispatcher.NTDLL ref: 05CA7310
                        Memory Dump Source
                        • Source File: 00000000.00000002.2046045709.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ca0000_Setup_latest.jbxd
                        Similarity
                        • API ID: DispatcherExceptionUser
                        • String ID:
                        • API String ID: 6842923-0
                        • Opcode ID: cbe3c81d31bc27fe479abd325b841835a927f5fc7963a29ab7ded7abec0d8e47
                        • Instruction ID: 23090b230ea4d35ba97eaec80e5b3ebae727046ceaaae6ef5f30720039ab4a12
                        • Opcode Fuzzy Hash: cbe3c81d31bc27fe479abd325b841835a927f5fc7963a29ab7ded7abec0d8e47
                        • Instruction Fuzzy Hash: 8451F175E05208CFDB08DFA5E594AADBBF2FB89304F10942AE41AAB354EB345946CF40
                        Function 05731E50 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                        Download Yara Rule
                        APIs
                        • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 05731F62
                        Memory Dump Source
                        • Source File: 00000000.00000002.2042401129.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5730000_Setup_latest.jbxd
                        Similarity
                        • API ID: CreateWindow
                        • String ID:
                        • API String ID: 716092398-0
                        • Opcode ID: 06d5cb5761d66ca2b40bfde2962af7a1dbb9f00114b966b530b7047b9ec3095f
                        • Instruction ID: d3892372db05c55356012fecd29d72618fbcabcc6355bc0f252544830492b517
                        • Opcode Fuzzy Hash: 06d5cb5761d66ca2b40bfde2962af7a1dbb9f00114b966b530b7047b9ec3095f
                        • Instruction Fuzzy Hash: A241C0B1D00309DFDB14CFA9C984ADEBBB5BF48310F64812AE819AB210D7759845CF90
                        Function 057312BC Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                        Download Yara Rule
                        APIs
                        • CallWindowProcW.USER32(?,?,?,?,?), ref: 057344E1
                        Memory Dump Source
                        • Source File: 00000000.00000002.2042401129.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5730000_Setup_latest.jbxd
                        Similarity
                        • API ID: CallProcWindow
                        • String ID:
                        • API String ID: 2714655100-0
                        • Opcode ID: 8d646cd4cea0ca0ef5f97969264567a6b456bce9e456d0d5c04ca195eb7047ad
                        • Instruction ID: 1a682348e26cdaf3bf17eefd863b25b25f2ebf59697d65cbd03294d0c0681d19
                        • Opcode Fuzzy Hash: 8d646cd4cea0ca0ef5f97969264567a6b456bce9e456d0d5c04ca195eb7047ad
                        • Instruction Fuzzy Hash: 494129B5900309DFCB14CF99C489AAABBF6FF89324F24C459D519AB321D774A841DFA0
                        Function 05B45050 Relevance: 1.6, Strings: 1, Instructions: 326COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID: (_^q
                        • API String ID: 0-538443824
                        • Opcode ID: cbcaec7a2767ff16d18a8102e2a2c4910d23a36e1f1d47e06812edec69b4404b
                        • Instruction ID: 17d17c863e3f885060837713fceb6e05dd80b42f6b42707040d747e03aeed4e8
                        • Opcode Fuzzy Hash: cbcaec7a2767ff16d18a8102e2a2c4910d23a36e1f1d47e06812edec69b4404b
                        • Instruction Fuzzy Hash: 51C19331A146098FCB25DFB8D544A9EBBF1FF89300F14856AD446AB790EB30E945CF90
                        Function 0230E0FE Relevance: 1.6, APIs: 1, Instructions: 325memoryCOMMON
                        Download Yara Rule
                        APIs
                        • VirtualAlloc.KERNEL32(00000000,?,00003000,00000004,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0230E178
                        Memory Dump Source
                        • Source File: 00000000.00000002.2033920345.00000000022C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022C0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_22c0000_Setup_latest.jbxd
                        Yara matches
                        Similarity
                        • API ID: AllocVirtual
                        • String ID:
                        • API String ID: 4275171209-0
                        • Opcode ID: 913584bddb567b179a3f9b4e0e6654d789e61ea3d5744fe4b2293047c08ef92d
                        • Instruction ID: adb7985cf037ef56c48a88052df77bec149ea82f926192bd8f572159c57bdb70
                        • Opcode Fuzzy Hash: 913584bddb567b179a3f9b4e0e6654d789e61ea3d5744fe4b2293047c08ef92d
                        • Instruction Fuzzy Hash: 11B1D372700606ABDB35AEA0CCE0BA7B7E9FF09314F140929E999825D1DB31E551CFB1
                        Function 072E9115 Relevance: 1.6, APIs: 1, Instructions: 54windowCOMMON
                        Download Yara Rule
                        APIs
                        • PostMessageW.USER32(?,00000010,00000000,?), ref: 072E9CFD
                        Memory Dump Source
                        • Source File: 00000000.00000002.2048851521.00000000072E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_72e0000_Setup_latest.jbxd
                        Similarity
                        • API ID: MessagePost
                        • String ID:
                        • API String ID: 410705778-0
                        • Opcode ID: 7acc18150a8eae1ffd552e7652977b59d7d9b5e7b407c701d28b47b4358f0607
                        • Instruction ID: 6a06b35540653db184ba9bc26130e6552e370f68d17c461e2f12433c1acfaef1
                        • Opcode Fuzzy Hash: 7acc18150a8eae1ffd552e7652977b59d7d9b5e7b407c701d28b47b4358f0607
                        • Instruction Fuzzy Hash: 0A116AB5810349CFCB10DF99D584BDEBFF8EB59310F14845AD594A7211C374A594CFA1
                        Function 065B05F8 Relevance: 1.6, Strings: 1, Instructions: 304COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2046420275.00000000065B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_65b0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID: QlPj
                        • API String ID: 0-82071693
                        • Opcode ID: 1dcaabe2a81e1f9995964df4f676f342832de481f2f43cb93cedaa7d003d7352
                        • Instruction ID: 0f5faf8f2b3d7fb7cabb5fcfcab101903f9a947189040ad5628e7e78f7109fbb
                        • Opcode Fuzzy Hash: 1dcaabe2a81e1f9995964df4f676f342832de481f2f43cb93cedaa7d003d7352
                        • Instruction Fuzzy Hash: 4EB18030B50218DFDB449B64C899B7A7AE6BF89700F50A059E6029B3E1CFB6DC45CF91
                        Function 06A23BD7 Relevance: 1.6, APIs: 1, Instructions: 51libraryCOMMON
                        Download Yara Rule
                        APIs
                        • LoadLibraryW.KERNEL32(00000000), ref: 06A23C3E
                        Memory Dump Source
                        • Source File: 00000000.00000002.2047711389.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_6a20000_Setup_latest.jbxd
                        Similarity
                        • API ID: LibraryLoad
                        • String ID:
                        • API String ID: 1029625771-0
                        • Opcode ID: f26c29eac59c451cb789d847b3a086e845605f679f0c8bd7a96d548475541470
                        • Instruction ID: 08e98973f50acebe596a346d8d04032fd8c1086b987962e55908e3bdbd1e413e
                        • Opcode Fuzzy Hash: f26c29eac59c451cb789d847b3a086e845605f679f0c8bd7a96d548475541470
                        • Instruction Fuzzy Hash: FA1134B5D003698FCB10DF9AD944ACEFBF4AF88324F10841AD419A7210C379A545CFA1
                        Function 06A23BD8 Relevance: 1.6, APIs: 1, Instructions: 50libraryCOMMON
                        Download Yara Rule
                        APIs
                        • LoadLibraryW.KERNEL32(00000000), ref: 06A23C3E
                        Memory Dump Source
                        • Source File: 00000000.00000002.2047711389.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_6a20000_Setup_latest.jbxd
                        Similarity
                        • API ID: LibraryLoad
                        • String ID:
                        • API String ID: 1029625771-0
                        • Opcode ID: 9c49689997406de28df8c7dec7ca130b580be7a20118230ee2bbe455bcd46b30
                        • Instruction ID: 9cbfb2942495b9424e43bda03da40dbacb482f7a03157e42fbfd6160a3b3d6c8
                        • Opcode Fuzzy Hash: 9c49689997406de28df8c7dec7ca130b580be7a20118230ee2bbe455bcd46b30
                        • Instruction Fuzzy Hash: 421132B1D003698FCB10DF9AD944ACEFBF4AF88324F10842AD819A7210C379A545CFA0
                        Function 072E9128 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                        Download Yara Rule
                        APIs
                        • PostMessageW.USER32(?,00000010,00000000,?), ref: 072E9CFD
                        Memory Dump Source
                        • Source File: 00000000.00000002.2048851521.00000000072E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_72e0000_Setup_latest.jbxd
                        Similarity
                        • API ID: MessagePost
                        • String ID:
                        • API String ID: 410705778-0
                        • Opcode ID: 84a66e5cff229daec827713825a81c35134d6fadcc200b01d72e5a0cf3c2f4ef
                        • Instruction ID: 64789060b8c4a1b94b2299117144236dae0f7246c538c8b2918aa685a47eeb8e
                        • Opcode Fuzzy Hash: 84a66e5cff229daec827713825a81c35134d6fadcc200b01d72e5a0cf3c2f4ef
                        • Instruction Fuzzy Hash: 3B1106B5810359DFCB10DF9AD584BDEFBF8EB48310F10841AE955A7200C375A984CFA5
                        Function 072E9C99 Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
                        Download Yara Rule
                        APIs
                        • PostMessageW.USER32(?,00000010,00000000,?), ref: 072E9CFD
                        Memory Dump Source
                        • Source File: 00000000.00000002.2048851521.00000000072E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_72e0000_Setup_latest.jbxd
                        Similarity
                        • API ID: MessagePost
                        • String ID:
                        • API String ID: 410705778-0
                        • Opcode ID: d2b1cfd7c55b58d5f775a7b1c5df4af7459c415b9436b9e00d2676625b2ac03d
                        • Instruction ID: 48e5a673e1d4085953b0b2d0dfc7492d74fc8f6a8ad8aeac1f0ed62003cbe9f4
                        • Opcode Fuzzy Hash: d2b1cfd7c55b58d5f775a7b1c5df4af7459c415b9436b9e00d2676625b2ac03d
                        • Instruction Fuzzy Hash: B31106B5800359DFCB10DF9AD984BDEFBF8EB48320F10841AD954A7240C375A984CFA5
                        Function 05AECA98 Relevance: 1.5, Strings: 1, Instructions: 280COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID: 4'^q
                        • API String ID: 0-1614139903
                        • Opcode ID: 0a35a546943c76c5c5432d7234609e5e3b56e141e6830d2fdab1e3e3740287ac
                        • Instruction ID: f6c8e8597069a50d50102cd6be0466ecc4eacb157dc7f67280448d055da906a1
                        • Opcode Fuzzy Hash: 0a35a546943c76c5c5432d7234609e5e3b56e141e6830d2fdab1e3e3740287ac
                        • Instruction Fuzzy Hash: BEC18D306003059FCB15DF68C494A6AFBF2FF84304F148AA9D85A9B356DB71ED4ACB90
                        Function 05ABE230 Relevance: 1.5, Strings: 1, Instructions: 273COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045176249.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ab0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID: XX^q
                        • API String ID: 0-1315485225
                        • Opcode ID: 2c9bb9847213f9da04db79eab6ea2b12b1fce23263f5408b2a8e9e96918b83e4
                        • Instruction ID: dfb3100405fec31b5f52b9f47eabb05342c6aff3cc0ca2b5f5adaaf32e2062a9
                        • Opcode Fuzzy Hash: 2c9bb9847213f9da04db79eab6ea2b12b1fce23263f5408b2a8e9e96918b83e4
                        • Instruction Fuzzy Hash: 4DA1AD30B002058FDF24EB75D894ABEBBA7EF84300F148969D5168B795EF70EC498B91
                        Function 05B1D510 Relevance: 1.5, Strings: 1, Instructions: 256COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045615230.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b10000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID: (_^q
                        • API String ID: 0-538443824
                        • Opcode ID: 1e30cc6dd23ff92450567fe2e9116113a09c00763a01985e8ff4910ac0429697
                        • Instruction ID: ce381363a239f3004c0d9957eee29f18591c3ee41d200913c6672a4576ad60e1
                        • Opcode Fuzzy Hash: 1e30cc6dd23ff92450567fe2e9116113a09c00763a01985e8ff4910ac0429697
                        • Instruction Fuzzy Hash: BA917B35B042049FCB54EF78D4546AEBBF2FF89210F5485A9E806AB390EF31AD45CB90
                        Function 05ABAB08 Relevance: 1.5, Strings: 1, Instructions: 225COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045176249.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ab0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID: (bq
                        • API String ID: 0-149360118
                        • Opcode ID: 90bc32657eb0799d089c2895867e9ea6f7486f6bf110a01d9b27244e053155ac
                        • Instruction ID: 0e7f9e5d2451febbc20a99563110b05c2ab4fb14f5e4a77794b9626cc2f30116
                        • Opcode Fuzzy Hash: 90bc32657eb0799d089c2895867e9ea6f7486f6bf110a01d9b27244e053155ac
                        • Instruction Fuzzy Hash: 87818234B002059FDB14DF69D998EAEBBF6FF89301F188469E816A7351DB70AC45CB90
                        Function 065B1B08 Relevance: 1.5, Instructions: 1474COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2046420275.00000000065B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_65b0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a61d6217163b1a7f93fbe6fe9f31ce05274d82106a7b8f9e64fe07ce73fefb8f
                        • Instruction ID: 3ceb70b92e689ad4d0e221b4c6dd66aae7e4b25e8991fafa1cd4dc42bb4a1e9a
                        • Opcode Fuzzy Hash: a61d6217163b1a7f93fbe6fe9f31ce05274d82106a7b8f9e64fe07ce73fefb8f
                        • Instruction Fuzzy Hash: 32C24C30B402189FCB14DF64CC95AADBBB2FF88700F519099E605AB3A5DB71AE81DF51
                        Function 05AB5568 Relevance: 1.4, Strings: 1, Instructions: 195COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045176249.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ab0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID: (bq
                        • API String ID: 0-149360118
                        • Opcode ID: 71dc03b149b31ebcb81b2219a5593961ff9bf24ef936586a2eda22e44bf04c6e
                        • Instruction ID: e808c653908470372bcec7170b852a43313ae85052293eb7d3ee1c85eeb2035f
                        • Opcode Fuzzy Hash: 71dc03b149b31ebcb81b2219a5593961ff9bf24ef936586a2eda22e44bf04c6e
                        • Instruction Fuzzy Hash: FF81F670E00259DFEB14DFA8D498AADBBF6BF49300F148569D406AB395EBB09C45CF90
                        Function 05B420C0 Relevance: 1.4, Strings: 1, Instructions: 164COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID: (bq
                        • API String ID: 0-149360118
                        • Opcode ID: 1dec8f6e9176767d4589e925177d69875c833f7843d8a88073d9a66be456b05a
                        • Instruction ID: 5bb9855248b5d6df9f60d265eead1055152360f4fa2e42d73fbd6910f77c0007
                        • Opcode Fuzzy Hash: 1dec8f6e9176767d4589e925177d69875c833f7843d8a88073d9a66be456b05a
                        • Instruction Fuzzy Hash: 22517C34B102588BCB54AF78941927EBFF7FBD8301B20856DE54AD7380EF3499069B55
                        Function 05B1F4B8 Relevance: 1.4, Strings: 1, Instructions: 162COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045615230.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b10000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID: (_^q
                        • API String ID: 0-538443824
                        • Opcode ID: f43dc596f7958086d7f0f84b66388eda75f498e0aa1bc24e55056b75d3a17558
                        • Instruction ID: 73b8028875364fb6250b1b86c6be81daf55c08c8494466c492a67285228ae6aa
                        • Opcode Fuzzy Hash: f43dc596f7958086d7f0f84b66388eda75f498e0aa1bc24e55056b75d3a17558
                        • Instruction Fuzzy Hash: 8751D1717046118FCB24DF68D494A7A7BE6FF89300B5489A9E806CB395DF30EC05CBA0
                        Function 05B4D620 Relevance: 1.4, Strings: 1, Instructions: 144COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID: PH^q
                        • API String ID: 0-2549759414
                        • Opcode ID: 68a760841fead5e127f6b13c5246d880691ed07cfc7e33b3d10f70f9f716899a
                        • Instruction ID: cec874cd44c99fa7158e68a7909f08d31c6ca28358bb149a7f78c0e57b27afd5
                        • Opcode Fuzzy Hash: 68a760841fead5e127f6b13c5246d880691ed07cfc7e33b3d10f70f9f716899a
                        • Instruction Fuzzy Hash: B541B135A083468FD725CB79D54876ABBF6FF85210F1885AAD4498B242DB30E881DFC1
                        Function 05B47E78 Relevance: 1.4, Strings: 1, Instructions: 144COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID: (bq
                        • API String ID: 0-149360118
                        • Opcode ID: 282fdb292fe594717f68be602f51147c5cf660ecb137745a67924d8b722a7d81
                        • Instruction ID: e1632d84710a8d740f627ebce1b198aedd4a02124a8238b90486d504889ff64b
                        • Opcode Fuzzy Hash: 282fdb292fe594717f68be602f51147c5cf660ecb137745a67924d8b722a7d81
                        • Instruction Fuzzy Hash: 755196716046008FCB25DF29D44496DBBF2FFC5310B0586A9D04A8B3A5DF70ED4ACB91
                        Function 05AEB2E7 Relevance: 1.4, Strings: 1, Instructions: 143COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID: 4'^q
                        • API String ID: 0-1614139903
                        • Opcode ID: d774c1e41c6c9ec71525a4f133c470a29ef1b76b0c51bb88af54743cc4fce238
                        • Instruction ID: 06fac88fae279ff12b665af409fe21be4c1ea96b7de643336d140269d7c339d0
                        • Opcode Fuzzy Hash: d774c1e41c6c9ec71525a4f133c470a29ef1b76b0c51bb88af54743cc4fce238
                        • Instruction Fuzzy Hash: 5C51CF31A0061A9FCB14CF68C499DA9FFB2FF44210B15826AD4659B7A5DB70EC46CBD0
                        Function 05AECA88 Relevance: 1.4, Strings: 1, Instructions: 125COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID: 4'^q
                        • API String ID: 0-1614139903
                        • Opcode ID: 2b6693e6b52ee86f59981f59ce7a78b1baae3c412fa047d1653d5cae3bbdb5fe
                        • Instruction ID: 1b3177e1651b8ea768824077a9e093b0d239a2e6a779a8cba72adac6b29fc08e
                        • Opcode Fuzzy Hash: 2b6693e6b52ee86f59981f59ce7a78b1baae3c412fa047d1653d5cae3bbdb5fe
                        • Instruction Fuzzy Hash: E6516E302046419FCB25DF68D594A69FBF1FF44304B048AA9D49B8B7A6DB70ED4DCB90
                        Function 05AB9878 Relevance: 1.4, Strings: 1, Instructions: 122COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045176249.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ab0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID: (bq
                        • API String ID: 0-149360118
                        • Opcode ID: ce951c11fd755c7e6abbbe0a416f189a91f21ff9ebe2c32ecd6ea73175824d5b
                        • Instruction ID: 07334068e762e75ae66b0baa0dd4a47a3b8b955aa59e1ccfc4aa0c435cd29a66
                        • Opcode Fuzzy Hash: ce951c11fd755c7e6abbbe0a416f189a91f21ff9ebe2c32ecd6ea73175824d5b
                        • Instruction Fuzzy Hash: 8341E0316006158FDB15EB38C944AAEBBF6FF88300B108978D9169B365EF70ED498B90
                        Function 05B43D98 Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID: (bq
                        • API String ID: 0-149360118
                        • Opcode ID: c88bf820310c5aa76e1edf5fcea4c9dd607d9cd10be1b5f76a93d7d79ddbcbd1
                        • Instruction ID: 06db536af2b2943761867047855a69670fb046b0d67668f09c9b91b3aa60f114
                        • Opcode Fuzzy Hash: c88bf820310c5aa76e1edf5fcea4c9dd607d9cd10be1b5f76a93d7d79ddbcbd1
                        • Instruction Fuzzy Hash: 7741C331A482958FDB25DB78D4557AD7FF2EF49210F1888AAD442EB381DF349C45CB60
                        Function 05AE2081 Relevance: 1.3, Strings: 1, Instructions: 76COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID: (bq
                        • API String ID: 0-149360118
                        • Opcode ID: 9f266aa7542d42c212a47f54e5ce33fd3c60a3688410788c4d729dfb4fe455e3
                        • Instruction ID: 0dda6172afc8c0e03ec66a7f1c366e8bef31d087624bab08d13ecea39852d9bb
                        • Opcode Fuzzy Hash: 9f266aa7542d42c212a47f54e5ce33fd3c60a3688410788c4d729dfb4fe455e3
                        • Instruction Fuzzy Hash: F82104357082505FC7159B399855B2A7FF6AFC6340B1880AAD446CB386DA34CC02C751
                        Function 05AEEF81 Relevance: 1.3, Strings: 1, Instructions: 75COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID: 4'^q
                        • API String ID: 0-1614139903
                        • Opcode ID: 635d55d249a680d776a4ea609a0d4c21a111c076dc354722b5de6793782f4d2e
                        • Instruction ID: 972b2245369a83aeeb763e9a30a6677f87a09f350444f3d100e3ca99298b24a8
                        • Opcode Fuzzy Hash: 635d55d249a680d776a4ea609a0d4c21a111c076dc354722b5de6793782f4d2e
                        • Instruction Fuzzy Hash: 9021BF716407015FCB06DF38D95895EBFB2EF88200B048969E0468B376DB70EC5ECBA0
                        Function 05AB1360 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045176249.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ab0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID: `Q^q
                        • API String ID: 0-1948671464
                        • Opcode ID: 2f6e48e1a235e4ab37d7946100d484e3d61ceb2e6c51381193841d2adc93ce8e
                        • Instruction ID: 3df85f1280b4a6d82b2f2ced81132aaaec0641d435bafc10b8ba58d014261de0
                        • Opcode Fuzzy Hash: 2f6e48e1a235e4ab37d7946100d484e3d61ceb2e6c51381193841d2adc93ce8e
                        • Instruction Fuzzy Hash: E9210536F102149BDF60DBA0E514EFF77A9EF84650F1442A6D91ADB181EB708A14CBD1
                        Function 05AB1311 Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045176249.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ab0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID: `Q^q
                        • API String ID: 0-1948671464
                        • Opcode ID: 9475f3c883998b8769f16b12da8278cd9f001e9783df22a36656d92699730665
                        • Instruction ID: 730a09af1d847f9d114664fe9f89a91f61f43415eeafdda2db4c64d0cadb3377
                        • Opcode Fuzzy Hash: 9475f3c883998b8769f16b12da8278cd9f001e9783df22a36656d92699730665
                        • Instruction Fuzzy Hash: 6F112932E083508FE71287608924BAE3F7A9F42604F1541DBC881DF2D2F670CA09C762
                        Function 05AEEFA8 Relevance: 1.3, Strings: 1, Instructions: 61COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID: 4'^q
                        • API String ID: 0-1614139903
                        • Opcode ID: 8da67618a7049734c247f38110173084604232dfe924d334e4b54f98971386ca
                        • Instruction ID: 8fa600190948d05c29e5700748aba13d33958b74f9439a42549bd29f9212e324
                        • Opcode Fuzzy Hash: 8da67618a7049734c247f38110173084604232dfe924d334e4b54f98971386ca
                        • Instruction Fuzzy Hash: EE113D316407159FCB05EF69E98895EBBA6FFC8310B008938E5068B375DF70ED598B90
                        Function 05B185D8 Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045615230.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b10000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID: 4'^q
                        • API String ID: 0-1614139903
                        • Opcode ID: 40a1cdc7bb7a884d47388cd48969cb86c0981fc579f00822d5914fc278ab3681
                        • Instruction ID: 9257e158d82e28a749205252115ac38ebac3c1eb7bd542f651746f3e3486df19
                        • Opcode Fuzzy Hash: 40a1cdc7bb7a884d47388cd48969cb86c0981fc579f00822d5914fc278ab3681
                        • Instruction Fuzzy Hash: CA0196302406018FC715DF6CDA4098BFBA1FF803507409A29E4568BBA8DB70F94ACB90
                        Function 05AD362B Relevance: 1.3, Strings: 1, Instructions: 42COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045314433.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ad0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID: 4'^q
                        • API String ID: 0-1614139903
                        • Opcode ID: 049de2e64191780c84d70ce477c3a9d508b5910aedc4e9e9e4377e458cac3b53
                        • Instruction ID: 2c624c59643153e20cf23e8aecee6c79b132f5eb3fdb09a4841461fb65c54433
                        • Opcode Fuzzy Hash: 049de2e64191780c84d70ce477c3a9d508b5910aedc4e9e9e4377e458cac3b53
                        • Instruction Fuzzy Hash: 7D0162317002199FCB14EB65E844A5EBBB6FB84220F104A29E14657754EB71F8498BE5
                        Function 05AD2820 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045314433.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ad0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID: k9Y!0
                        • API String ID: 0-1825060378
                        • Opcode ID: 2be49cbcb20b670f756aae94d31bc4094d255e4b7408d9dcd2bbfaf6bd11d12e
                        • Instruction ID: 708a3e3e8a6d1e639f283ab81ce600151fa3dc32b06eff038a50c9d975f113c1
                        • Opcode Fuzzy Hash: 2be49cbcb20b670f756aae94d31bc4094d255e4b7408d9dcd2bbfaf6bd11d12e
                        • Instruction Fuzzy Hash: 0CD05E73650258EFD7049FADA805BCE7FA9E748131F004466E90986201DEB05D808BD9
                        Function 05AD2830 Relevance: 1.3, Strings: 1, Instructions: 16COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045314433.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ad0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID: k9Y!0
                        • API String ID: 0-1825060378
                        • Opcode ID: 638bb56b446b9c340411d11141a72d41ccda770009efbd9a0c957f768fe6a15c
                        • Instruction ID: f4b793118c18d425aa7d79963799572996b27052efe5e3990f288b71fe9bc3a6
                        • Opcode Fuzzy Hash: 638bb56b446b9c340411d11141a72d41ccda770009efbd9a0c957f768fe6a15c
                        • Instruction Fuzzy Hash: 7BD012726442186F4B15EAAD58509DEBFADDA88170F00446AD509D7241EDB15E4046D9
                        Function 065B0048 Relevance: .7, Instructions: 676COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2046420275.00000000065B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_65b0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c724e9f4403473c76d443a557d2300dfb71e45fae01ec9d3c307c1a9da809dde
                        • Instruction ID: 80ccddde89aac08c1450083e117a998d3aafd8b0ae158aa2ea07e51ad818c02e
                        • Opcode Fuzzy Hash: c724e9f4403473c76d443a557d2300dfb71e45fae01ec9d3c307c1a9da809dde
                        • Instruction Fuzzy Hash: 274269307406288FCB24AF68D550A6EBBE6FBC5704B51495CD503AB3A4DFB5EC098F86
                        Function 065B3B5F Relevance: .5, Instructions: 516COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2046420275.00000000065B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_65b0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 12383a70735ce7aaf62d19f44286bba74f565e15baea1a17cd94cfe763da8731
                        • Instruction ID: 90703074357d0aa5df04c92ab6285b6af4c6f50510f32ae79387d3ebe6d97c4d
                        • Opcode Fuzzy Hash: 12383a70735ce7aaf62d19f44286bba74f565e15baea1a17cd94cfe763da8731
                        • Instruction Fuzzy Hash: DE120434B402189FCB44CFA8C994EADBBF6FF89704F158099E506EB3A5DA71ED418B50
                        Function 05ABCDA8 Relevance: .5, Instructions: 468COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045176249.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ab0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 98a790fe305b78af2f60e50c9bab146f9c529fa530d1961c86637792b826b977
                        • Instruction ID: 175c7ef62975282f493b3d72eb20de4a70240ed697d52dc144aebd80ac27e451
                        • Opcode Fuzzy Hash: 98a790fe305b78af2f60e50c9bab146f9c529fa530d1961c86637792b826b977
                        • Instruction Fuzzy Hash: 75125E30A002098FDF15EF64D494A6EBBB6FF85300F548969D5068F65ADB74EC8ACB90
                        Function 065B0508 Relevance: .5, Instructions: 461COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2046420275.00000000065B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_65b0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1ba49c9dcf8bc1c046b6e1b4fc02d24c18ee0d0cdc177d2af702f9de878d559f
                        • Instruction ID: f959c730513dfd2e0f983b03d70897134efbc8b18ccc62182a519f01b1c61bf8
                        • Opcode Fuzzy Hash: 1ba49c9dcf8bc1c046b6e1b4fc02d24c18ee0d0cdc177d2af702f9de878d559f
                        • Instruction Fuzzy Hash: 4B027930B402188FDB549F64C895A6EBBE6FF85700F509898D5029B3E1CFB6EC098F81
                        Function 05ABCD98 Relevance: .4, Instructions: 450COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045176249.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ab0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 174fb59a3e64ceb4c695d1d9fb54a27898ae2025be663bc7ba9582c35c3847aa
                        • Instruction ID: b9ba5535f7e6be3d2ba5e336d103bdbe6ec75cc433a2bdad8f8a25b641d0c6fb
                        • Opcode Fuzzy Hash: 174fb59a3e64ceb4c695d1d9fb54a27898ae2025be663bc7ba9582c35c3847aa
                        • Instruction Fuzzy Hash: 18124D30A002058FDF14EF64D9D4A6EBBB6FF84300F548969D5164F65ADB74EC8ACB90
                        Function 05ABCD47 Relevance: .4, Instructions: 448COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045176249.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ab0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1c00bf7573b47c1ce3532c02707cc6b6ae1e9b3d474eb112c9b2f0208a59a673
                        • Instruction ID: 5cb298f7d6e5f8522bb9de06c0bdb96cdfeee6b1e0fd7bb2045eb3e5f50aff50
                        • Opcode Fuzzy Hash: 1c00bf7573b47c1ce3532c02707cc6b6ae1e9b3d474eb112c9b2f0208a59a673
                        • Instruction Fuzzy Hash: E3124E30A002058FDF15EF64D4D4A6DBBB2FF85300F548969D5168F66ADB74EC8ACB90
                        Function 065B0580 Relevance: .4, Instructions: 441COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2046420275.00000000065B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_65b0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f5932c80de06bd47149842302f6f80ced3c86fd9c221463a4cfd5f0ead3a4961
                        • Instruction ID: 13cfb861d019831c80db1e83dc0a33b20e74f4cbef38a385539692fab243ecb1
                        • Opcode Fuzzy Hash: f5932c80de06bd47149842302f6f80ced3c86fd9c221463a4cfd5f0ead3a4961
                        • Instruction Fuzzy Hash: D5F17A30B402188FDB549F64C895A6EBBE6FF89700F509858D5029B3E1CFB6EC498F81
                        Function 05B4BCB9 Relevance: .4, Instructions: 417COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: bab9974d3ddea0e1aa0e0d2d39ac141a8048d09172fe3b4ca5d83caa4e628cc6
                        • Instruction ID: c6dd1f62dc34535220a1274c7db507a8c9c29f67c2396e7c77bc8921d18053fc
                        • Opcode Fuzzy Hash: bab9974d3ddea0e1aa0e0d2d39ac141a8048d09172fe3b4ca5d83caa4e628cc6
                        • Instruction Fuzzy Hash: 07026B30A006558FDB25DF78C854BAABBB2FF88300F258599D54AAB351DB35ED85CF80
                        Function 05B40448 Relevance: .4, Instructions: 406COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 44c1472999465825fe1f3e5eec9ddbc07877b271de38dd348a404e0169f56bf9
                        • Instruction ID: 299934fb423c297284d3e555c81a50948ad585ee31c411991b643a9abec3951e
                        • Opcode Fuzzy Hash: 44c1472999465825fe1f3e5eec9ddbc07877b271de38dd348a404e0169f56bf9
                        • Instruction Fuzzy Hash: D0F11934A002099FCB15EFA8D598AAD7BF2FF88300F1545A9E906AB391DB34EC45DF51
                        Function 05B4B060 Relevance: .4, Instructions: 381COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1266929d108292f4eecead2b18cc87a1dd86e533ada3c387628a929693de3ea7
                        • Instruction ID: 67a8ba67ec712a11996f9af1819337f91fff7b4cab7a4e63b5907e24893e0f18
                        • Opcode Fuzzy Hash: 1266929d108292f4eecead2b18cc87a1dd86e533ada3c387628a929693de3ea7
                        • Instruction Fuzzy Hash: 97021B35A10719DFDB14DF78C854AA9BBB1FF49310F118699E949AB361EB30E981CF80
                        Function 065B0000 Relevance: .4, Instructions: 363COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2046420275.00000000065B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_65b0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ca63d765a9f86fe6f6229cc513dfb1ec69bc4a4face1f10397f527ed9af9c884
                        • Instruction ID: 114c9f582611389813131af588fc075a934fa1d25340847d40219534fb289b59
                        • Opcode Fuzzy Hash: ca63d765a9f86fe6f6229cc513dfb1ec69bc4a4face1f10397f527ed9af9c884
                        • Instruction Fuzzy Hash: 40D18F30B443089FDB409B64C895B6A7BF6BF89700F549099E502DB3E2DBB6DC45CB91
                        Function 05B46FE0 Relevance: .4, Instructions: 362COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 83aa1b38df050b577a6b034d7852f93f34b07ef718529b3ac7365a62353238d4
                        • Instruction ID: 30a14e955c9e35470cbf92eb5255f9b8f7d9bd8b37877128b3668d2aa2dd6b6f
                        • Opcode Fuzzy Hash: 83aa1b38df050b577a6b034d7852f93f34b07ef718529b3ac7365a62353238d4
                        • Instruction Fuzzy Hash: F2D17E30F002599FCB24DFB8D454AAD7BF2EF89200F5585A9E806EB394DF349D069B90
                        Function 05AD6098 Relevance: .4, Instructions: 362COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045314433.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ad0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ab5a6071bba7d24cc4ac217d66384803505ada5f0741adf3e04459719b22524c
                        • Instruction ID: a4f8cf70233cd9b6c900ef18222a7e3583afd10e78fdb6798ac59308adf10966
                        • Opcode Fuzzy Hash: ab5a6071bba7d24cc4ac217d66384803505ada5f0741adf3e04459719b22524c
                        • Instruction Fuzzy Hash: E9E10934A00609DFCB14DF65D999E6EBBB2FF88310F148568E8169B765DB30EC46CB90
                        Function 05AB573B Relevance: .4, Instructions: 353COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045176249.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ab0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 85cda0c2f070f9a1bb82bab0b27daba011727f912eb5229c627db33e3f4b9a68
                        • Instruction ID: 9cb1d7cbba6566b10f269ab4e6207ba574f4d6b739aebcfdf5ed93e381141d70
                        • Opcode Fuzzy Hash: 85cda0c2f070f9a1bb82bab0b27daba011727f912eb5229c627db33e3f4b9a68
                        • Instruction Fuzzy Hash: 83E1E730E00209DFDB14EBA4D498AADBBF6FF48314F558469D4169B3A5EB719C85CF80
                        Function 065B0670 Relevance: .4, Instructions: 353COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2046420275.00000000065B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_65b0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d7f684eeaf5d25481a6061cb2dfc136df7cdea90d556eeb27604f2c73be00885
                        • Instruction ID: fd7c2b58e9c9067ed9567302c40bf2a886474e0f50b12605575dfe7fa3706b38
                        • Opcode Fuzzy Hash: d7f684eeaf5d25481a6061cb2dfc136df7cdea90d556eeb27604f2c73be00885
                        • Instruction Fuzzy Hash: 47D18D30B50318DFDB409B64C895B6A7BE6BF89700F50A459E5029B3E1CFB6EC498F91
                        Function 05B46058 Relevance: .3, Instructions: 339COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ee402be4faaae6c9116f2a0a4f5c139b07ef6c72a3fa139df88d78b6345a2e03
                        • Instruction ID: 07979dabb7a847039da7088ae4a1031e85f5f41d28a358cc416edc54be309866
                        • Opcode Fuzzy Hash: ee402be4faaae6c9116f2a0a4f5c139b07ef6c72a3fa139df88d78b6345a2e03
                        • Instruction Fuzzy Hash: 1EC13834B042149FCB25DF68C498A6EBBF6FF89300B1484A9E4069B3A5DF31EC46CB50
                        Function 05ABDD60 Relevance: .3, Instructions: 339COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045176249.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ab0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 41bfcc4388a7696e38aae1a5f49825d0e3ec36d5d656b74de753d2d379542275
                        • Instruction ID: ea6cd8cde6b551161bf655d3f0f81d2c57e2793acc0e0d408c6f9b576cb97d25
                        • Opcode Fuzzy Hash: 41bfcc4388a7696e38aae1a5f49825d0e3ec36d5d656b74de753d2d379542275
                        • Instruction Fuzzy Hash: ADD16030A002059FDB14EF64D994AAEBBF6FF88310F14C968D4169B795DB70EC49CB90
                        Function 05ABE988 Relevance: .3, Instructions: 325COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045176249.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ab0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: bcc332a2ff087de82971aa714543215a7f61a05ee797e2b9c324feab348d25da
                        • Instruction ID: 231d6a87293c3dc6673af06f9ad136cfc2bc626e890326746ad1ab6c4ad253c1
                        • Opcode Fuzzy Hash: bcc332a2ff087de82971aa714543215a7f61a05ee797e2b9c324feab348d25da
                        • Instruction Fuzzy Hash: D9D1F870A002059FDF14EF64D994AADFBB6FF84300F548569D4169B3A5DB70EC8ACB90
                        Function 05B475F9 Relevance: .3, Instructions: 309COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 90289f67cfcf0f7a940d66a97ef29a3db4951b9b43aba32cea80f5c119914a79
                        • Instruction ID: 6e95cf357d9f8d52c28a7a5aa551cb77a04a43dd2b5fbaec3d80961a4c48cf16
                        • Opcode Fuzzy Hash: 90289f67cfcf0f7a940d66a97ef29a3db4951b9b43aba32cea80f5c119914a79
                        • Instruction Fuzzy Hash: F6C13A35B002059FDB14DF69D9449AEBBF2FF88240B158569E806EB355EB30EC46DF90
                        Function 065B064E Relevance: .3, Instructions: 307COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2046420275.00000000065B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_65b0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9f1d0482abda9daf7f4afb33765c0093ef47b4dca68c6757418b68012bc61f25
                        • Instruction ID: 27381bf0082d426000839b68f3b54c1b0651990041f8eaf401c1a44da0cd9a62
                        • Opcode Fuzzy Hash: 9f1d0482abda9daf7f4afb33765c0093ef47b4dca68c6757418b68012bc61f25
                        • Instruction Fuzzy Hash: 97B19130B50218DFEB449B64C895B6A7AE6FF89700F50A059E6029B3E1CFB5EC45CF91
                        Function 05B482A8 Relevance: .3, Instructions: 302COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f6b1953f50f2bd910b2553f4c53419a033ac80f631ad3d6cf62b1945afb8fc72
                        • Instruction ID: effec95cc84cc5a619d95ba848ff972c4ca6c0a6da3f3f4879f667f5107a37ef
                        • Opcode Fuzzy Hash: f6b1953f50f2bd910b2553f4c53419a033ac80f631ad3d6cf62b1945afb8fc72
                        • Instruction Fuzzy Hash: 70C17FB1A8C505EFE728EA9CE6809767BF6AB443807494195F0628F768D730FD40AFD1
                        Function 05AD7C89 Relevance: .3, Instructions: 297COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045314433.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ad0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 71e34e37b053ff4768095f7ebd44daad1f8d83b08a61a921261bcd880c1f005a
                        • Instruction ID: 6ead1425396c412faad77035838c1c6e5ec47cccbe72640b355b442facba582c
                        • Opcode Fuzzy Hash: 71e34e37b053ff4768095f7ebd44daad1f8d83b08a61a921261bcd880c1f005a
                        • Instruction Fuzzy Hash: E6D1E834A00219CFDB29DF64D855BADBBB2FB88301F1084A9E91AA7354DF319D82DF50
                        Function 05AD6D77 Relevance: .3, Instructions: 282COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045314433.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ad0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c2edc4654c577ddb04a9226796b8a6958a6a26179903156f2cddb6e796c3023a
                        • Instruction ID: b07c1d1b48443d292da2dae91e5e89dffcee6d1ce4b73c6b4b7813a6d57d1bba
                        • Opcode Fuzzy Hash: c2edc4654c577ddb04a9226796b8a6958a6a26179903156f2cddb6e796c3023a
                        • Instruction Fuzzy Hash: 8DA13C357002159FCB14EF78C899A6EBBB6FF89200F1584A9E906CB3A1DB31DD41CB61
                        Function 05B4B043 Relevance: .3, Instructions: 263COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e4aa194d4637f99ba7297f7c9566a438080b94cff97b4284b4877f6c50b06c95
                        • Instruction ID: da2294c3e6d8832f06e32664a7039eb4946d9672bfcd18784966b6035bc92aea
                        • Opcode Fuzzy Hash: e4aa194d4637f99ba7297f7c9566a438080b94cff97b4284b4877f6c50b06c95
                        • Instruction Fuzzy Hash: 18C13C3191071ACFDB11DF78C854AA9BBB1FF49300F158699E9896B261EB30E9C5CF80
                        Function 05AB0F7F Relevance: .3, Instructions: 259COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045176249.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ab0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f7be5c033d4a476e9177cf35da8347b3b0da9a6da974fbc2549192c9c7ab825b
                        • Instruction ID: 48fe0e7060193241259a5dd5130cfb31aeeae6d7402bea0460062d1f2cdf0102
                        • Opcode Fuzzy Hash: f7be5c033d4a476e9177cf35da8347b3b0da9a6da974fbc2549192c9c7ab825b
                        • Instruction Fuzzy Hash: 8391BE30B042189FDB14EBB89454AAEBFF6FF85300F5485A9D44AEB385EE349D45CB81
                        Function 05B4B03F Relevance: .3, Instructions: 256COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 98fc18a1d89059484d6b89d78426e00635f6f1291813381d7eb0df3d8957c521
                        • Instruction ID: ee9a664394049352d7bde5abe733de398933bcbd3cd72e990608de82b893bea7
                        • Opcode Fuzzy Hash: 98fc18a1d89059484d6b89d78426e00635f6f1291813381d7eb0df3d8957c521
                        • Instruction Fuzzy Hash: ADC11A3191471ACFDB21DF78C854AA9BBB1FF49300F158699E9496B261EB30E9C5CF80
                        Function 05B45520 Relevance: .2, Instructions: 233COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f2d8fc6c3d209c22f52b1dc8b2ed672efc33738f15ed5d08b749e5b3200be178
                        • Instruction ID: 7c727964785bf5c534e26b6e8d8150b6bdd489f4c335fefaf0d6ba2b77a098d7
                        • Opcode Fuzzy Hash: f2d8fc6c3d209c22f52b1dc8b2ed672efc33738f15ed5d08b749e5b3200be178
                        • Instruction Fuzzy Hash: 29A1D135A006499FCB14CF68D488E99BBF2FF89320F158595E9059B3A2DB30EC85DF50
                        Function 05AE2B29 Relevance: .2, Instructions: 232COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5f7a401a192badb195cf99f1798b65582f44f98f225fee4a303919a9538c2c55
                        • Instruction ID: 9ee8a0adcf97f93f33e35a33984f89fb4b96ca0adcd5d935327f47c684ed0855
                        • Opcode Fuzzy Hash: 5f7a401a192badb195cf99f1798b65582f44f98f225fee4a303919a9538c2c55
                        • Instruction Fuzzy Hash: 61913975B002158FCB54DF68D885AAE7BF6FF88310B1485A9E95ADB352DB30EC05CB50
                        Function 05B44630 Relevance: .2, Instructions: 230COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: debeeb6ea6430aca3770a05a9e5859d25a91e6520d057adb752a3027145ae3ce
                        • Instruction ID: 3c1fc441f2dbe753fc5c0e13cd12adf76705f627f24c3e12a890fad452942d75
                        • Opcode Fuzzy Hash: debeeb6ea6430aca3770a05a9e5859d25a91e6520d057adb752a3027145ae3ce
                        • Instruction Fuzzy Hash: 7B817F71B002199FCB14EF78C854AAF7FF6EF89300B118569E909EB351EF30A9558B91
                        Function 05AB9AC0 Relevance: .2, Instructions: 219COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045176249.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ab0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 86a84dfd613b964c20aeaa7287a4b2cbe52b1ca289eb5be3c1aca87514512e3b
                        • Instruction ID: 5be8f1d2b7341e19e8c43daf7f78b2ab7f80d821091dee337c858998a1a9e131
                        • Opcode Fuzzy Hash: 86a84dfd613b964c20aeaa7287a4b2cbe52b1ca289eb5be3c1aca87514512e3b
                        • Instruction Fuzzy Hash: 51914734A002059FCB14DFA5D898A6EBFF2FF89301B148969E95697392DB30EC45CF90
                        Function 05B4C8FA Relevance: .2, Instructions: 204COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e8c392bdf3a6d3d99c6bcf1970e630f91c437a092753f15c8ee12a93b516727a
                        • Instruction ID: 2ca4549572ec7c1fe8c1f53a42ba76da2eb34c4b85e3e437729397a9ee28c2fb
                        • Opcode Fuzzy Hash: e8c392bdf3a6d3d99c6bcf1970e630f91c437a092753f15c8ee12a93b516727a
                        • Instruction Fuzzy Hash: 757157343006159FCB15DF69D888A6EBBE6FF89A1071580AAE506CB371DB31EC51DB90
                        Function 05AB7848 Relevance: .2, Instructions: 198COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045176249.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ab0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6eac966cfa8614ea2394d76d4e36c305c901d0e3abd309c818fd5f048b58f59f
                        • Instruction ID: cc71b3621f34e45c525b45196a94071d8c9c270cf89d044f2380477ef1b75c46
                        • Opcode Fuzzy Hash: 6eac966cfa8614ea2394d76d4e36c305c901d0e3abd309c818fd5f048b58f59f
                        • Instruction Fuzzy Hash: C551D732B085108BE755D768E494EBABBFAEBC5350714847AD806CB356DAB2EC42C7D0
                        Function 05AD6078 Relevance: .2, Instructions: 194COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045314433.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ad0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 020e338a5261689731f6a633bd1b1a164714f6bed4a0a6899817c289c15c7d64
                        • Instruction ID: 6c2e366aab6194295686a7c50e151aa1c217539fd3b6f1ea2a5ca55a893b29d6
                        • Opcode Fuzzy Hash: 020e338a5261689731f6a633bd1b1a164714f6bed4a0a6899817c289c15c7d64
                        • Instruction Fuzzy Hash: 5D81FB74A00209DFCB14DF65D599EADBBB2FF48310B158569E81697361DB30EC46CF90
                        Function 05B4D388 Relevance: .2, Instructions: 193COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6929fe934c37acbc5d293cb0362e7fbe1caca2c97dfc7133401d0a6128c43c51
                        • Instruction ID: acdec667b02219586bce4bed0562c40717aeea6bc428095e5c65b0ef21a7edb2
                        • Opcode Fuzzy Hash: 6929fe934c37acbc5d293cb0362e7fbe1caca2c97dfc7133401d0a6128c43c51
                        • Instruction Fuzzy Hash: 7171B631A106099FCB15DF68D845BAEBBB6FF89300F10C569F546AB250EF70B985CB90
                        Function 05AE1680 Relevance: .2, Instructions: 191COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 96513ffa0623be90f206bbdafcd4e2b6bf5d3c9988a42b5c38e3761793abb45a
                        • Instruction ID: 049eb0b462fe6fcf2ad3d2b56a19f73bb1068fabfb5a8d242061417ed7453375
                        • Opcode Fuzzy Hash: 96513ffa0623be90f206bbdafcd4e2b6bf5d3c9988a42b5c38e3761793abb45a
                        • Instruction Fuzzy Hash: FD51A131B042558FCB15DB7D8498A6E7FF6AF8925071884BDE84ACB385EE34CC05CB91
                        Function 05B41E80 Relevance: .2, Instructions: 177COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 034af954f2ee60fa2ead239fffe5872085f377241940b65248b6f0df042efbbb
                        • Instruction ID: 89c1898d9ecfe5d2cb47d394605a01a87d7afe1ea2bce2399fdac7a5318d5c3c
                        • Opcode Fuzzy Hash: 034af954f2ee60fa2ead239fffe5872085f377241940b65248b6f0df042efbbb
                        • Instruction Fuzzy Hash: 16515C35B007049FCB25DF79D88496EBBF2BF882107148A6DE54AC7761DA30EC46DB50
                        Function 05AD7048 Relevance: .2, Instructions: 175COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045314433.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ad0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4cfaae84e88a3b093b6a80ad8cbf0dbd19d69d2fae9e523d465946ecc8a26862
                        • Instruction ID: 91ffa3e6cbb1231eb1a6d88db46d7e34f76abc6a405fe4b37c17ea5bf9b9e1aa
                        • Opcode Fuzzy Hash: 4cfaae84e88a3b093b6a80ad8cbf0dbd19d69d2fae9e523d465946ecc8a26862
                        • Instruction Fuzzy Hash: 886104757402148FC718EF78C498A2ABBF6FF89210B1545A9E50ACB3B2DB35EC46CB51
                        Function 05B46048 Relevance: .2, Instructions: 170COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9faf4f4d354b40d9b295a86fc7af0353c5205e707174bf293dde117e253434ea
                        • Instruction ID: 971494899d20126563610a3a0fe891d8ed6737d35194e1b8b309618ef3f1c375
                        • Opcode Fuzzy Hash: 9faf4f4d354b40d9b295a86fc7af0353c5205e707174bf293dde117e253434ea
                        • Instruction Fuzzy Hash: C6615D746006059FCB25DF68D588AADBBF2FF49304F1085A9E806AB364DB31ED4ACF50
                        Function 05ADE570 Relevance: .2, Instructions: 161COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045314433.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ad0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 60ec0e259f644d920faedf69d3b94e1c636dcc79b6cad805005c9fb3a0d0fd0e
                        • Instruction ID: c320a6ebe4dcc30f48646666812146bab1c314ea4716d1bed8c432356d45ca75
                        • Opcode Fuzzy Hash: 60ec0e259f644d920faedf69d3b94e1c636dcc79b6cad805005c9fb3a0d0fd0e
                        • Instruction Fuzzy Hash: EF513C34B002548FDB55EB69C498AADBFF6BF89350F1884A8E806DB391DE35DC41DB60
                        Function 05AE2958 Relevance: .2, Instructions: 159COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 849d68d8fc8f66fdbcff4f6f006c40012aef909c5fd852b943599f60466ba875
                        • Instruction ID: 4772c21f9464744c642fc23ae7fbbbc3ac7f7d33e5699cad169b4436048d08bc
                        • Opcode Fuzzy Hash: 849d68d8fc8f66fdbcff4f6f006c40012aef909c5fd852b943599f60466ba875
                        • Instruction Fuzzy Hash: CC519B357006058FCB24DB78D894A6ABBFAEF883507148478E95AD7394EF31EC02C790
                        Function 05B40439 Relevance: .2, Instructions: 159COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1912b5aaa81644a7e41dfa7a13db93db6631905f3e602c210e143dae79ea29ee
                        • Instruction ID: 1a9bd0359adeee47cd3556abd779a3f6a46bda0c93f9c2a850af8ac1dad9de3d
                        • Opcode Fuzzy Hash: 1912b5aaa81644a7e41dfa7a13db93db6631905f3e602c210e143dae79ea29ee
                        • Instruction Fuzzy Hash: D7711974A00209DFCB25DF65D588AADBBB2FF48315F0545A8E906AB361DB30EC85DF50
                        Function 05AE1F18 Relevance: .2, Instructions: 158COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f1f62192f1506cf70803c9aa883ba5aa07e7695a342d4520a2517c96b460ce0d
                        • Instruction ID: cafe17a4db39026e0de1ef1ad7f9e1f3a52fed507f511184c194eb2aca6ee3e1
                        • Opcode Fuzzy Hash: f1f62192f1506cf70803c9aa883ba5aa07e7695a342d4520a2517c96b460ce0d
                        • Instruction Fuzzy Hash: C4516A34B002149FCB14EB79D954A6EBBF6EF88310B1485AEE40AD73A1DE31DC02CB91
                        Function 05B4550F Relevance: .2, Instructions: 158COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5c33144085a7bdfebdb1ab295f80fd842c4555c2aa856f1e56623f72d6188679
                        • Instruction ID: 7d158e828ffe276267757a81544acbb68dca516c644632c9a206ff3d62312212
                        • Opcode Fuzzy Hash: 5c33144085a7bdfebdb1ab295f80fd842c4555c2aa856f1e56623f72d6188679
                        • Instruction Fuzzy Hash: 8851F475A10649DFCB25CF58D488A9DBBF2FF88320F1585A5E4059B3A1D730E885DF40
                        Function 05B420B2 Relevance: .2, Instructions: 157COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b25680805903956705dd968783c45c7f135854f642950236c0d9936016b42c12
                        • Instruction ID: 86417ed2b90656b44b631d0ffa43c574ace1917b9ea24c0dbcbb592ab6b4149b
                        • Opcode Fuzzy Hash: b25680805903956705dd968783c45c7f135854f642950236c0d9936016b42c12
                        • Instruction Fuzzy Hash: 5A519B35B102498FCB15AF78941926EBFB7FBD9300B20856AE54AC7380EF3499069B55
                        Function 05AD4F28 Relevance: .2, Instructions: 153COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045314433.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ad0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d6c6812b783699b6651d9128637ba76094535897c30139ce3b9766cbf726b48a
                        • Instruction ID: a650969611506e0601b771e7d8cf6913d4cdd6f788074aef868082f690460626
                        • Opcode Fuzzy Hash: d6c6812b783699b6651d9128637ba76094535897c30139ce3b9766cbf726b48a
                        • Instruction Fuzzy Hash: 5151F934E11219EFCB14DFA4E995EADFBB2BF88300F148429E812A7260DB359941CB60
                        Function 05B40B97 Relevance: .1, Instructions: 147COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 16566ca8406326c8c33cf3f8ebf996aad935fb0fb1db6e12db533433df25b46f
                        • Instruction ID: b1e96e3e43927cca76833d1573a029678b599a7be6da3a38e1d5ff6d16f2d7ee
                        • Opcode Fuzzy Hash: 16566ca8406326c8c33cf3f8ebf996aad935fb0fb1db6e12db533433df25b46f
                        • Instruction Fuzzy Hash: F451E338A41109EFCB18DF68D58889DBBF2FF89314B258199E9159B365CB31EC42CF50
                        Function 05ADE4D1 Relevance: .1, Instructions: 145COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045314433.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ad0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f9583efd60f86a921a01b8e6cda4df62864e55af1a97b400f36645eab2150f37
                        • Instruction ID: 8078bae31793d5a906d5aa65a1f105f3cf4220835f90a7b8e8d03a99464624cd
                        • Opcode Fuzzy Hash: f9583efd60f86a921a01b8e6cda4df62864e55af1a97b400f36645eab2150f37
                        • Instruction Fuzzy Hash: 0E516B30A042448FDB55DF69C498EADBFF6BF49310F1880A9E806EB3A1DB359D41CB60
                        Function 05AD6459 Relevance: .1, Instructions: 140COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045314433.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ad0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: bd6e60ed78098c11f1248fa76c56d0688a23523f4c1684b27566d78881b555f9
                        • Instruction ID: d10662aada544f7d1d5b22d12efa94306d77e19da3339f57040414553caac7af
                        • Opcode Fuzzy Hash: bd6e60ed78098c11f1248fa76c56d0688a23523f4c1684b27566d78881b555f9
                        • Instruction Fuzzy Hash: E5519334A40209DFCB14DFA5DA98EADBBB2FF88311F158554E916AB261CB31EC52CF50
                        Function 05B10448 Relevance: .1, Instructions: 140COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045615230.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b10000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a74845601a856f71b3e70be1b56fe98d6f62024ee6bb481f64b1fe81b524b68d
                        • Instruction ID: 9f697a772fcfa4a88d3134ecc82070352938913b143a5cd9d17874d14144c641
                        • Opcode Fuzzy Hash: a74845601a856f71b3e70be1b56fe98d6f62024ee6bb481f64b1fe81b524b68d
                        • Instruction Fuzzy Hash: 0A41E5316002188FCB24EB68C554BAEBBF7FF84300F848869D5069B394DF74ED858B90
                        Function 05AEB148 Relevance: .1, Instructions: 139COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 396968142e7e56ef2b527abd02e37aa1730e368c13e6211beb64ace4839ae212
                        • Instruction ID: 401d37d41d6f2aa12da328de5fced4a660b475f8d3d4fd86c5dcad0b4b5d4ffa
                        • Opcode Fuzzy Hash: 396968142e7e56ef2b527abd02e37aa1730e368c13e6211beb64ace4839ae212
                        • Instruction Fuzzy Hash: 7C41D631B001189BCB14ABB9A859A7E7FEBFBC9350F548579E945CB380DE34DC058BA1
                        Function 05AB5558 Relevance: .1, Instructions: 132COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045176249.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ab0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 708cb7445fe9b00709f8490921d0cf955aab1d7c6607b18b8d0284b7ebd33d79
                        • Instruction ID: f4c93c5a1dcd510594111f44cb98dcdb892e23ad4cfa0ff09b0d94cfeaf93227
                        • Opcode Fuzzy Hash: 708cb7445fe9b00709f8490921d0cf955aab1d7c6607b18b8d0284b7ebd33d79
                        • Instruction Fuzzy Hash: DA510770E002189FDB14DFA4D598AAEBBF6FF48310F548969D806AB3A5DB709C45CF80
                        Function 05AEBB58 Relevance: .1, Instructions: 128COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: af23ea3b684373f9a7c82d916f157d4148585410030d561b2e54fd230550440e
                        • Instruction ID: 166e600f9a040a882fe9b461b754601ce455dd28debc91cfa885439a78e55441
                        • Opcode Fuzzy Hash: af23ea3b684373f9a7c82d916f157d4148585410030d561b2e54fd230550440e
                        • Instruction Fuzzy Hash: A4512B35A04219AFCB14DF69C588DADBBB2BF88310F558469D816BB351DF31EC42CBA4
                        Function 05AB3270 Relevance: .1, Instructions: 128COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045176249.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ab0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 29c47295c424b611ec6552982770e41da770233cd721932af780120751d6b79f
                        • Instruction ID: c183a7d0e64dae72c76a910eb4e3b6f9fd787fb11d18181988c5a838034ea85d
                        • Opcode Fuzzy Hash: 29c47295c424b611ec6552982770e41da770233cd721932af780120751d6b79f
                        • Instruction Fuzzy Hash: 8A411234B406148FDB15DF28E98CA7FBBF2FF88601B148969E80687255DF709D46CBA1
                        Function 05B4A510 Relevance: .1, Instructions: 120COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7aedc71e648d53b3d3ada7bd93d515161bb261d64e0a2c72b6a4366cf4798301
                        • Instruction ID: daa281e4239973a04738684a1dddf44982f297be9c5b818bbe0f1efd3cbc5ba7
                        • Opcode Fuzzy Hash: 7aedc71e648d53b3d3ada7bd93d515161bb261d64e0a2c72b6a4366cf4798301
                        • Instruction Fuzzy Hash: FA414C31A043059FCB14DF78D5556AEBBB2FF88200F1485A9E40AAB295EF35E846CB50
                        Function 05B4A520 Relevance: .1, Instructions: 117COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5f0ffa6f11bdc4ba1358e9cd0d1ce9d1b67e46913c01fdf14f8e75d045577a1e
                        • Instruction ID: 90de6cdefaa11a538ff65b5aa6c380c7fcad8e6c710b5e622f09b37068356f0e
                        • Opcode Fuzzy Hash: 5f0ffa6f11bdc4ba1358e9cd0d1ce9d1b67e46913c01fdf14f8e75d045577a1e
                        • Instruction Fuzzy Hash: C2410A31A003059FCB14EF78D5556AEBBB2FF88200F54856DE40AAB294EF35E946CF90
                        Function 05AB7610 Relevance: .1, Instructions: 116COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045176249.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ab0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b142e1eec2ebe77b2adc679fef4e3aeb42c4a6b77304ede942a373e429d57530
                        • Instruction ID: 058c7f08deba02fb396e5c801e78ea46fd84608b9b8cc9c1ef06151772582a4c
                        • Opcode Fuzzy Hash: b142e1eec2ebe77b2adc679fef4e3aeb42c4a6b77304ede942a373e429d57530
                        • Instruction Fuzzy Hash: CF417A35B002159FDB04DB69D999EBEBBB6FF88201B148029E916DB365DF70DD02CB90
                        Function 05AEE940 Relevance: .1, Instructions: 115COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 712fa51cde123bdca7b34d0e39819606ed3185c145bcb7e46eee3f214dfbd292
                        • Instruction ID: e177f5b68e77aa7f449995e928fd93c0f236570160bee6ea48a4e60c54fad38b
                        • Opcode Fuzzy Hash: 712fa51cde123bdca7b34d0e39819606ed3185c145bcb7e46eee3f214dfbd292
                        • Instruction Fuzzy Hash: 6141AE313003068FCB15DF28D884A6EBBE6FF88310B008969E54ACB365DF70EC098B90
                        Function 05AB7468 Relevance: .1, Instructions: 115COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045176249.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ab0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f6dbcdf998e363f7035a6992b0ce1f314412f612ae3ef751694e7e5ff6a802c1
                        • Instruction ID: ffa9bf23500af96f9f0eb65ae2053e8d08190600b3d085f66741c955eae187ca
                        • Opcode Fuzzy Hash: f6dbcdf998e363f7035a6992b0ce1f314412f612ae3ef751694e7e5ff6a802c1
                        • Instruction Fuzzy Hash: 0F416D34A002158FDB14EF64D889A6EBBF6FF88300F108568E9169B355DF71ED46CB91
                        Function 05ABFD08 Relevance: .1, Instructions: 114COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045176249.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ab0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: edaa04ec41404fba3eb9c18973f18dfaa58d77cdfbd4349f0ef3675ac45d70f1
                        • Instruction ID: b6dd68f64a99e0d361e1c475fccff6caa978dd2cbdec27482f4bd0018aa3dbda
                        • Opcode Fuzzy Hash: edaa04ec41404fba3eb9c18973f18dfaa58d77cdfbd4349f0ef3675ac45d70f1
                        • Instruction Fuzzy Hash: 42310730B043449FDB159B78985896D7FFAEF86240B1844EAE849CB392DE31CD06D761
                        Function 05ADF878 Relevance: .1, Instructions: 113COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045314433.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ad0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: bc6688eb098e399af7014a84e664f0dd7f88fa4e656113e18fe5bf4acee3c6cd
                        • Instruction ID: c28ef365d318fd650d5f99751bbbac166f7509c408ac1ae4ffe32ed9536fb829
                        • Opcode Fuzzy Hash: bc6688eb098e399af7014a84e664f0dd7f88fa4e656113e18fe5bf4acee3c6cd
                        • Instruction Fuzzy Hash: 3341AC30B402599FDB24AB78942962E7FF2BF85301F1089A9E846DB3C5EE309D018B91
                        Function 05AEDEF0 Relevance: .1, Instructions: 111COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 82d6c9569d52999178ac1428ce4208187f342ca6edf16793ef682f3837e67a02
                        • Instruction ID: 3bdbad9c566a4adf09dc2e58eb3b6847a4be91e1ffc72bf820ddfe4026d7b551
                        • Opcode Fuzzy Hash: 82d6c9569d52999178ac1428ce4208187f342ca6edf16793ef682f3837e67a02
                        • Instruction Fuzzy Hash: 92418D35A006148FCB19DBB8C4589AEBFF6BF89211B154579E805EB394DE358C428BA0
                        Function 05AD2650 Relevance: .1, Instructions: 106COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045314433.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ad0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 460b7eb9b2c2e2a971904b90375cf91eee51cb69b078f227ba25c61331466e29
                        • Instruction ID: 1a1db2c306b84069c3258ebccff843c3df2b6db5afc34bddd145bbae73b0d249
                        • Opcode Fuzzy Hash: 460b7eb9b2c2e2a971904b90375cf91eee51cb69b078f227ba25c61331466e29
                        • Instruction Fuzzy Hash: 16319374B442189FDB15EB74D815B7EBBB2AF84300F1044A9D806EB395DF788D09DBA1
                        Function 05ADEB97 Relevance: .1, Instructions: 106COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045314433.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ad0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d4ef4c668539bb0d92fefc7a016a63880c32b2c141d3bd95cce17cde2ca98638
                        • Instruction ID: 6b30feebb5d664cbb355b2965496cd661d9e9b2e987600b0a2de00359dc47364
                        • Opcode Fuzzy Hash: d4ef4c668539bb0d92fefc7a016a63880c32b2c141d3bd95cce17cde2ca98638
                        • Instruction Fuzzy Hash: 5141C534A10508DFDB44EFA8C959A9DBBB2FF88304F1485A8E546AB3B1DB30AD45DB50
                        Function 05B1060F Relevance: .1, Instructions: 103COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045615230.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b10000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: eb2499485239b22d4fc8b298840bebc060e9140597ad056456746d2349ebf649
                        • Instruction ID: 96b82bd70301fe439d3002bdd5019ce0967b89b38420944bf84a583560b7bc01
                        • Opcode Fuzzy Hash: eb2499485239b22d4fc8b298840bebc060e9140597ad056456746d2349ebf649
                        • Instruction Fuzzy Hash: 7A41A0346002129FCB05DFA5D89496EBFB2FF8530170486AAE9058B756CB30ED56CBE1
                        Function 05AEC568 Relevance: .1, Instructions: 102COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5d4476923a56fca439c30432c0b3bede4afd13b66d47ce79a6cd6c33c41933c8
                        • Instruction ID: 5062fb0e77cce35839e0e19e9898e2f4415e6926a740952440689278e8315ae9
                        • Opcode Fuzzy Hash: 5d4476923a56fca439c30432c0b3bede4afd13b66d47ce79a6cd6c33c41933c8
                        • Instruction Fuzzy Hash: 1031D3347002108FCB15DB7C9969E6E3BF7AF89350B15416EE406DB395DE308C028B91
                        Function 05B4DFC2 Relevance: .1, Instructions: 100COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f0823fbfd91253211cf19e03e1b2b00ca812d99a9f5daaf4dc478bf69c128080
                        • Instruction ID: 51d64784f5846c18f0aac4c2edfe5af36916b906b966e6c2b49002d3d561e80c
                        • Opcode Fuzzy Hash: f0823fbfd91253211cf19e03e1b2b00ca812d99a9f5daaf4dc478bf69c128080
                        • Instruction Fuzzy Hash: 9A318D71E092589FCB12DFA8D8556DDBFF5FF46300F0950AAE404AB2A1D734AC44DB51
                        Function 05AB9651 Relevance: .1, Instructions: 100COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045176249.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ab0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c2342fb9eb805c08cc405b43182ddab548abf064358a604bb2a7c57ff568c03a
                        • Instruction ID: 42a22ac4421f7091520c89831bc583197de82d4a1544124bda1708e96c5034b4
                        • Opcode Fuzzy Hash: c2342fb9eb805c08cc405b43182ddab548abf064358a604bb2a7c57ff568c03a
                        • Instruction Fuzzy Hash: 2E3134302006019FCB15EB68D994A7EFBA7EF84310B558A28D1564B768DF71FD8E8B90
                        Function 05B4A02F Relevance: .1, Instructions: 99COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3c64cee5e0c1e66bccf178415e859ced2e42be064b97643ab9fa0aad7b5c71b6
                        • Instruction ID: b66ec6836e834c8f6b016457723eebba57b528b3f60bbcfe156d823554c24979
                        • Opcode Fuzzy Hash: 3c64cee5e0c1e66bccf178415e859ced2e42be064b97643ab9fa0aad7b5c71b6
                        • Instruction Fuzzy Hash: 5B3109377493454FC7259B78D8999693FFADF8621030A40E7D089CB3A2DD25DC0A9BA1
                        Function 05ADF6F8 Relevance: .1, Instructions: 99COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045314433.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ad0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f7438ed4403c6ba4d582b59d10e29bef42253b0c9213ee38679bc416d94ebe4a
                        • Instruction ID: 5ae972d19bf7612d7f5e51af399ce5dbd1a97d53a0e3d00da95ba6530817776e
                        • Opcode Fuzzy Hash: f7438ed4403c6ba4d582b59d10e29bef42253b0c9213ee38679bc416d94ebe4a
                        • Instruction Fuzzy Hash: 2B315734A042149FDB64ABB8D459B6E7FE6BB88310F14846DE54BCB791EF309842CB91
                        Function 05AB3510 Relevance: .1, Instructions: 98COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045176249.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ab0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 56809152ebf1fa2884d3abbb47774434d4a7611a924da1d003b2e67c75624013
                        • Instruction ID: ff49af81cbca5831af17e649628919790a4208804c773c34195283dab34f9d2e
                        • Opcode Fuzzy Hash: 56809152ebf1fa2884d3abbb47774434d4a7611a924da1d003b2e67c75624013
                        • Instruction Fuzzy Hash: 10313E317142148FDB14DB24D559AAEBBFABF89701B144969E402D7351DFB1DD01CF90
                        Function 05B4614D Relevance: .1, Instructions: 97COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 223bb84f1479e9ec9d58b1422e064fae8b10b39d9210b44890bf343755f1fbb0
                        • Instruction ID: 28e34d6eadef588f66a29bd4755d1bc6a8dc991cb5cf4da665a3a333af32c7de
                        • Opcode Fuzzy Hash: 223bb84f1479e9ec9d58b1422e064fae8b10b39d9210b44890bf343755f1fbb0
                        • Instruction Fuzzy Hash: 0241FA746002049FDB14DFA4D594AADBBF2FF4D305F1080A9E906A7390DB32AD46CF50
                        Function 05B181E0 Relevance: .1, Instructions: 96COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045615230.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b10000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 55099283718567e244d5d832c443f48a08c4bf040103763f97bfb87c633b3d63
                        • Instruction ID: 908a2855af10a3bc570961a0ddfcd9376f25680a5465966817d73952705ff02c
                        • Opcode Fuzzy Hash: 55099283718567e244d5d832c443f48a08c4bf040103763f97bfb87c633b3d63
                        • Instruction Fuzzy Hash: 9131E130A00A048ECB11EBB4D5587AEFBF2FF44300F444968E407AB754DF70A9898BE4
                        Function 05ABDD53 Relevance: .1, Instructions: 94COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045176249.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ab0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1d330bb86d6231c65f93c2baea91a86beaf3c9aa72db20e7d03949dfddac8205
                        • Instruction ID: f79167fc82e2822e15909b90ce108d015f31ee47f7b0b291782423bd0eb2e011
                        • Opcode Fuzzy Hash: 1d330bb86d6231c65f93c2baea91a86beaf3c9aa72db20e7d03949dfddac8205
                        • Instruction Fuzzy Hash: CE317031A002059FDB14DF65C548BAEBBB6FF88320F148928D802A7795DB71ED49CBD0
                        Function 05AB9B98 Relevance: .1, Instructions: 94COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045176249.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ab0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0ef181afaab1640d2a90ec86f7df23d42997623a63c491d0d503fa9b997d93bf
                        • Instruction ID: 95daa48cfd8167a3c1b515fe3e74572c6fa0f36a3ec0114c837696c21350d998
                        • Opcode Fuzzy Hash: 0ef181afaab1640d2a90ec86f7df23d42997623a63c491d0d503fa9b997d93bf
                        • Instruction Fuzzy Hash: 463145386047018FCB14DB61E99996EBBF7FF89202714892DE85787792DB70E805CB90
                        Function 05AED310 Relevance: .1, Instructions: 93COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d9bba4344005d538274b3d8e9a1cc583914ccf8cff163d0fa8a6e3af7792b330
                        • Instruction ID: d33b1bde4f594eabee0e0c53b7bfb3ed7a8bc9557c69564c09147368f74fe608
                        • Opcode Fuzzy Hash: d9bba4344005d538274b3d8e9a1cc583914ccf8cff163d0fa8a6e3af7792b330
                        • Instruction Fuzzy Hash: E8315E343043018FC715DB29D89896ABBA6FF84351B18886DE956CB795DF70EC42CB90
                        Function 05B176C9 Relevance: .1, Instructions: 93COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045615230.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b10000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 14e1a7907928581e1fa5398f34e517c30713253db24b620a420f7a5fed9d900a
                        • Instruction ID: 429b2215bbbb4a4dd53b29bed2b852bf60ea303fd5ac48a79b1941ec4e3546a7
                        • Opcode Fuzzy Hash: 14e1a7907928581e1fa5398f34e517c30713253db24b620a420f7a5fed9d900a
                        • Instruction Fuzzy Hash: 3F311438725B158FCB5A2B70A56E52D3FA2FB9920274144BDF803C7391DE398842DB95
                        Function 05AE4568 Relevance: .1, Instructions: 90COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d0247f09a37b002b17ee88090707c96650625a71392036a39ce4301ba7dfc934
                        • Instruction ID: 8c63c87cc679e5f29b5a4699a9836f628011002ce4a4cedebc4e87ea75de46d1
                        • Opcode Fuzzy Hash: d0247f09a37b002b17ee88090707c96650625a71392036a39ce4301ba7dfc934
                        • Instruction Fuzzy Hash: 4E318D71B0020A8FCB05EB69D840A6EBBB6FF89304B404669E4069B354EB30ED45CB91
                        Function 05AEE6F8 Relevance: .1, Instructions: 90COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f1db1d8892adadab42c7f1e20e4123f0037a8c16e6c84a82ac41cd5a77ee8d5f
                        • Instruction ID: 33641ed6463951a130327b19dfadda7d1fc5e717997ef92ed378b71c1bf60156
                        • Opcode Fuzzy Hash: f1db1d8892adadab42c7f1e20e4123f0037a8c16e6c84a82ac41cd5a77ee8d5f
                        • Instruction Fuzzy Hash: 78316F35A042098FDB15DFA8C088FEEBBF6AF48310F1550A9D411AB3A5DB349C85DFA0
                        Function 05AED320 Relevance: .1, Instructions: 90COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 46b40c10486c9ab4bd34b68f8b006f7e54192152b163616a963e211c05c50ecd
                        • Instruction ID: b0a47ab9cfbd88afd976705c8f8aa1fa609e25c44c6f4f79f9cc3fb174d7a33e
                        • Opcode Fuzzy Hash: 46b40c10486c9ab4bd34b68f8b006f7e54192152b163616a963e211c05c50ecd
                        • Instruction Fuzzy Hash: A93118343447118FC7149B29D894A2ABBA6FFC8251B18893DE916CB794DF70EC42CB90
                        Function 05AD2DB8 Relevance: .1, Instructions: 90COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045314433.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ad0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 66e2ffc4d03b9a57bc2bbf011e999c769cf7616a3cc432fde9518b6427b4e27d
                        • Instruction ID: 1820fad0434ebc0c632521989b63a03923f55e1ad5b264a8e8d96aad026e65d6
                        • Opcode Fuzzy Hash: 66e2ffc4d03b9a57bc2bbf011e999c769cf7616a3cc432fde9518b6427b4e27d
                        • Instruction Fuzzy Hash: CB314D32D14B068ACB10EFB9D800699F771BF95310F25C71AE55A7B240EB70B5D5CB91
                        Function 05B1F709 Relevance: .1, Instructions: 88COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045615230.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b10000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c7123312833a90da0b669e050db0ea1bbc7cec6c80a93da04323cf24dcc83cd7
                        • Instruction ID: 7f5555054518b3946708ec9f8c0b8aa52b1703801ce12dccff7ecf6656f326de
                        • Opcode Fuzzy Hash: c7123312833a90da0b669e050db0ea1bbc7cec6c80a93da04323cf24dcc83cd7
                        • Instruction Fuzzy Hash: 2E315431E10609CFCB04EFA4D559AACBBB2FF49300F548559E406BB360DF70A986CB90
                        Function 05AB7458 Relevance: .1, Instructions: 87COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045176249.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ab0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7ae913aa158b697f43c047140089bd322358317a4505b17c74de17e3a180b35f
                        • Instruction ID: 7474415d2a2d771e6cc3baad4a47245a96d9993e483b412b4a3cd651ab1caac4
                        • Opcode Fuzzy Hash: 7ae913aa158b697f43c047140089bd322358317a4505b17c74de17e3a180b35f
                        • Instruction Fuzzy Hash: 0C317E34A10211CFDB04DF64D889AAEBBB6FF88300F148569E9169B395DF71EC46CB90
                        Function 05AD2DC8 Relevance: .1, Instructions: 85COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045314433.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ad0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 71a82b7caae25b5b2a30c10ecae000463a63b005fd94bb141802cbd739dbd82c
                        • Instruction ID: 2cf669186d666dd4ca0a23763cc015185ef84b39461c5b922fe7b2ead8756a28
                        • Opcode Fuzzy Hash: 71a82b7caae25b5b2a30c10ecae000463a63b005fd94bb141802cbd739dbd82c
                        • Instruction Fuzzy Hash: 42315C32D10B0A8ACB10EFB9D800699F771BF99310F25C71AE55A7B240EB70B5D5CB91
                        Function 05ABC1C8 Relevance: .1, Instructions: 81COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045176249.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ab0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3de16b3a0d3f7dad7917064dd5ffcac23a3b2db8c2880fb6008bc1cb93cfd2dd
                        • Instruction ID: 93fd112f1ab9efaa96131fe4b5de2c1a37072986930fdb7726ceedcef0e58978
                        • Opcode Fuzzy Hash: 3de16b3a0d3f7dad7917064dd5ffcac23a3b2db8c2880fb6008bc1cb93cfd2dd
                        • Instruction Fuzzy Hash: CD21F931B046658FCF11ABB894145AD7FF5FF5A211B0484BAE811D7385EF348E01C791
                        Function 05B4F5E1 Relevance: .1, Instructions: 80COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4eaad5c907fada4dfd113758395aaf8e3f09e0d75395dcab5129a872779db9c3
                        • Instruction ID: cdc8f8e529ca497e948c9c2e04e0fffd53d4e6b0283e7b8891f9b72915744dd3
                        • Opcode Fuzzy Hash: 4eaad5c907fada4dfd113758395aaf8e3f09e0d75395dcab5129a872779db9c3
                        • Instruction Fuzzy Hash: A5217F753041149FC755DF69E888D6EBBFAFF8961171580AAE409CB361DB30EC06CB60
                        Function 05B4542F Relevance: .1, Instructions: 80COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 28d74f45d2d2b57cbbc2c1f2144db49c1c2bf4c8f481272fe4db8b6ed70baf39
                        • Instruction ID: 8a4b3feae5fe27254bda69b2cdfede5f818dfadbaaf99739dafc62a2690e3a8a
                        • Opcode Fuzzy Hash: 28d74f45d2d2b57cbbc2c1f2144db49c1c2bf4c8f481272fe4db8b6ed70baf39
                        • Instruction Fuzzy Hash: 7D219D72A106089FC761DF68C484E9BBBF8FF45314F4145AEE086DB651EA30F989DB90
                        Function 05AB3260 Relevance: .1, Instructions: 79COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045176249.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ab0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0ac02774494e944f42c249cf03ef3f79cf94dab8d1c2c4abf01b6a46f3df9081
                        • Instruction ID: ada3f1f6cf5a39c5392972d449ec44b5657d577dc3bfbadd3e8a1e81241dfd8d
                        • Opcode Fuzzy Hash: 0ac02774494e944f42c249cf03ef3f79cf94dab8d1c2c4abf01b6a46f3df9081
                        • Instruction Fuzzy Hash: B3215E31B046148FEB14DB78E88C97FBFB6FF84601B14896AE416C7256DF709801CBA1
                        Function 05AD3161 Relevance: .1, Instructions: 79COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045314433.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ad0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e9bda8c0716486a6575168cf580f11baf9f7d26a6bf412146cc801e7da6c4d6e
                        • Instruction ID: fce4b5ae307ad4a11ef88e838aa76c723ccb55e0fbfdcc912688a9e306dc48b4
                        • Opcode Fuzzy Hash: e9bda8c0716486a6575168cf580f11baf9f7d26a6bf412146cc801e7da6c4d6e
                        • Instruction Fuzzy Hash: FC21D231B28244CFDF0977B4A41AA3A7EE3BB51706F04847EF443C6281DE258945EB62
                        Function 065B35B3 Relevance: .1, Instructions: 78COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2046420275.00000000065B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_65b0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f56e54bc2ad9d7a14b869e62f4e4a29d790222906aa608e04b6d674cd86d6b78
                        • Instruction ID: 0b9f28c5412e8548b20e417ab1beb66114e63bfb5634e4a3d4368f34a5f90783
                        • Opcode Fuzzy Hash: f56e54bc2ad9d7a14b869e62f4e4a29d790222906aa608e04b6d674cd86d6b78
                        • Instruction Fuzzy Hash: 51215C35B400049FCB18DF69D994DA9BBB2FF88724F1180A5E9059F3A1DA31EC45CB10
                        Function 05AED961 Relevance: .1, Instructions: 77COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 75ac236e6ba8e376007b389d8945de9c95317037c03a8eaa9944e320769629d4
                        • Instruction ID: 1088a57a921686ec6666aed0a1f1771389ac560f0b42b38f029ce10187c2ff60
                        • Opcode Fuzzy Hash: 75ac236e6ba8e376007b389d8945de9c95317037c03a8eaa9944e320769629d4
                        • Instruction Fuzzy Hash: BF313E75A00105DFCF04DFA8D9849ADBBB6FF89314B248199E905AB365DB31ED06CFA0
                        Function 05ABC7B8 Relevance: .1, Instructions: 77COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045176249.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ab0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 467ca698e37a7330ffd821a201ece479d6dc22b0eb2eb612ffa1efe14c04fc0a
                        • Instruction ID: 880552749220606c12bd6f9fc81827d291033fb449a31549b870513d9c08a22a
                        • Opcode Fuzzy Hash: 467ca698e37a7330ffd821a201ece479d6dc22b0eb2eb612ffa1efe14c04fc0a
                        • Instruction Fuzzy Hash: 6621C535B002019FDB14EF64D899F6ABBA6FB84220F04C875D9168B256DB70EC15C790
                        Function 05AED970 Relevance: .1, Instructions: 76COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c423ffdbc7927ce9b2df5fad0741caf39a18aef93eff3905e6381c193f7e2462
                        • Instruction ID: a17d09ec10dbd9f056c49430792256aa33c4118bd15a1607443b83366d9698f2
                        • Opcode Fuzzy Hash: c423ffdbc7927ce9b2df5fad0741caf39a18aef93eff3905e6381c193f7e2462
                        • Instruction Fuzzy Hash: 34310F74600205DFCF04DFA9D9849ADBBB6FF893147248199E9059B365DB31ED06CFA0
                        Function 05AEB8D8 Relevance: .1, Instructions: 76COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: dbdd457ed0bb6f20a4cc4bc2b8444b0ae65598979108863156b9912495fe801d
                        • Instruction ID: c8d6b715efb70dd72b4640a5866da63d308a13d1348822bebeed09428efb6b50
                        • Opcode Fuzzy Hash: dbdd457ed0bb6f20a4cc4bc2b8444b0ae65598979108863156b9912495fe801d
                        • Instruction Fuzzy Hash: 6A21CA353002058FCB24DB6DD9C4E2ABBE6AFCC31475585A9E19ACF369DB35EC068B50
                        Function 05AB0358 Relevance: .1, Instructions: 76COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045176249.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ab0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 53215ee33cbc2bd63f703a4df866ecc01f5a9038d68f7046e458f450c2a8a365
                        • Instruction ID: 7db346ed448172ca8366bc9d4382c749777d874ba26230e78024c86b14d4b511
                        • Opcode Fuzzy Hash: 53215ee33cbc2bd63f703a4df866ecc01f5a9038d68f7046e458f450c2a8a365
                        • Instruction Fuzzy Hash: 1F215E71B446119FEB18DF69D98CEAEB7AAFF84600B408568E516C7251DBB0D801CB90
                        Function 05AB1D88 Relevance: .1, Instructions: 76COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045176249.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ab0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ed545328d72e4b8f5f12bc4d3436e0b36c830ee38b68651c8df7360736e577ed
                        • Instruction ID: 0e0c9418577b4389784c0b51225f27aaee9f9e29c06c01e30257bf19fed4da25
                        • Opcode Fuzzy Hash: ed545328d72e4b8f5f12bc4d3436e0b36c830ee38b68651c8df7360736e577ed
                        • Instruction Fuzzy Hash: 4021B0347046548FC715DB39D454A6ABFF6EF8921071488BDE459C7391CE30DC02DB90
                        Function 05AEBB4B Relevance: .1, Instructions: 74COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 72aa731707e886d5c16e7daef0642f952dddc431c1a2725d2b8dba84aa680d28
                        • Instruction ID: 253c9bef1882fbabdc5d12ceb92a08b867d43a36f54d84e7e181266e0ef219dd
                        • Opcode Fuzzy Hash: 72aa731707e886d5c16e7daef0642f952dddc431c1a2725d2b8dba84aa680d28
                        • Instruction Fuzzy Hash: 01212675E042199FCB14CBA9D989AAEBBF6BF8C200F148469E815F7351DB31A941CB60
                        Function 065B0FD0 Relevance: .1, Instructions: 73COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2046420275.00000000065B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_65b0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: cada5ee97446481f240e52b58eaf61c1da160a83b865d8eefdd1e524554833d7
                        • Instruction ID: a5d2841a5a02ea00cb8126d2c90bf6245af15a60f8a756c7930a6424e08d7f23
                        • Opcode Fuzzy Hash: cada5ee97446481f240e52b58eaf61c1da160a83b865d8eefdd1e524554833d7
                        • Instruction Fuzzy Hash: 8921A430B04508AFDB90AB69C9948BEB7FAFFC43207155569E5158B3A1DB30DC51CB91
                        Function 0275D01C Relevance: .1, Instructions: 72COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2035197696.000000000275D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0275D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_275d000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 55d43d02583429ff2f665991f8f18be5acb6159aca06a859aad0bd0f94e67ae9
                        • Instruction ID: 0bd14fd30036adbd2c4bcdfdc576922cd0abbee282814687496633b2f35d921e
                        • Opcode Fuzzy Hash: 55d43d02583429ff2f665991f8f18be5acb6159aca06a859aad0bd0f94e67ae9
                        • Instruction Fuzzy Hash: 1321DEB1604244DFDB24DF24DAC4B26FBA5EF88314F20C569DC0E4B256C3BAD847CA62
                        Function 05B42350 Relevance: .1, Instructions: 71COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 46eaa9113875d09970d17f91950c3b0807db559f73f26187e1b2cfe819339085
                        • Instruction ID: 38bd11b8439c177d3ef91f6fc9d6162f069c479c2eba7b0405f69e3176a03bcb
                        • Opcode Fuzzy Hash: 46eaa9113875d09970d17f91950c3b0807db559f73f26187e1b2cfe819339085
                        • Instruction Fuzzy Hash: 8C21F379B005158FC704DF69D98885AFBB6FF89615B2540A9E906DB332CB30ED05CB60
                        Function 05AB4C30 Relevance: .1, Instructions: 71COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045176249.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ab0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 178268fa9d55aa8bc7dfb5e6c52099f4178c9dc801150febdc1d2549d5828451
                        • Instruction ID: 0062b440fd06d65d2057e768c47be8b2b5f73966db2f0069137c06841dda9550
                        • Opcode Fuzzy Hash: 178268fa9d55aa8bc7dfb5e6c52099f4178c9dc801150febdc1d2549d5828451
                        • Instruction Fuzzy Hash: 6E11C1327006299BCB159B79E84897E7BEEEBC9261318843DE51AC3741EE31DC0687D0
                        Function 05AEE528 Relevance: .1, Instructions: 70COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6b7d25b447588a5cb4d2699c556b86d58777cfb7986da9c75ee7a0a3bcbb0579
                        • Instruction ID: 6db4f2ed8a7a840a28e3e1ddfb9c0818d40492a1034ff4af62f92e7ec1d55614
                        • Opcode Fuzzy Hash: 6b7d25b447588a5cb4d2699c556b86d58777cfb7986da9c75ee7a0a3bcbb0579
                        • Instruction Fuzzy Hash: 6A218E35300610AFCB15DB69D898D7ABFEAEF8D311B104469FA8687361CA36EC41CB60
                        Function 05B45021 Relevance: .1, Instructions: 70COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d8ccca32d049122e98a7b8c783259c8e94f5df171b88ea369302e9899a8160ca
                        • Instruction ID: 587c9eb2b41dceb57c31f7c3f16b8018b9d86dff4656fac3946e5387a118e4d4
                        • Opcode Fuzzy Hash: d8ccca32d049122e98a7b8c783259c8e94f5df171b88ea369302e9899a8160ca
                        • Instruction Fuzzy Hash: 1921AF30914709CFCB11EF64C959A9DFBB0EF45200F0545AAD441BB261EB30BA8ACF91
                        Function 05B40E58 Relevance: .1, Instructions: 69COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 60f3fd7c927aed94fe242d968c858a0f4f7e9973c6304a2c7fe44924e7ac669d
                        • Instruction ID: 479b1238d7b63e8b3663da1ba6cb19080b733f456cfcb0012d71a04202222733
                        • Opcode Fuzzy Hash: 60f3fd7c927aed94fe242d968c858a0f4f7e9973c6304a2c7fe44924e7ac669d
                        • Instruction Fuzzy Hash: B9211531754A058FC728AF29E89DA2A7BE2FB882117148568F51BCB750DF30EC169B50
                        Function 05AB7763 Relevance: .1, Instructions: 69COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045176249.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ab0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4aff1ebe9a1e66856ab47230295bdb885f5389f790656480a508a77e3a04c84c
                        • Instruction ID: 34fc5ba01fc435e2114c4ce57951c421456e20350d819e685f06f28c593a59b7
                        • Opcode Fuzzy Hash: 4aff1ebe9a1e66856ab47230295bdb885f5389f790656480a508a77e3a04c84c
                        • Instruction Fuzzy Hash: BA11D271B001155BCF18EB68D881EBEBBF6EFC4210F508068D506AB394CF71AD098BE1
                        Function 05B10439 Relevance: .1, Instructions: 69COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045615230.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b10000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: eafcefafdc703fccaf4c58d3fd875f4f6a099f19d9fc011ced10cdf19a444683
                        • Instruction ID: 68bdac04e662a7213096e7ae179dea9586e8a38fe13f4da3a49c84f09a5c8eb0
                        • Opcode Fuzzy Hash: eafcefafdc703fccaf4c58d3fd875f4f6a099f19d9fc011ced10cdf19a444683
                        • Instruction Fuzzy Hash: B8112B312002048FC711EB68C994B5DBBB7EF84310F408979D5158F3A5DE70ED898BA0
                        Function 05B4D480 Relevance: .1, Instructions: 68COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 71c6e76fc83d01e0dcc2d533877e21add9ca02a14d6dfb04736e2527724c8fe8
                        • Instruction ID: 2d529ca423e799c075b55ba42cf25d404595ed07117cc88a9d648d24e22901ff
                        • Opcode Fuzzy Hash: 71c6e76fc83d01e0dcc2d533877e21add9ca02a14d6dfb04736e2527724c8fe8
                        • Instruction Fuzzy Hash: BF21A731A206099FCB159B68D449BAEBBB9FF89300F10C66DF546A7350EF70A844CB90
                        Function 05ADD12E Relevance: .1, Instructions: 67COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045314433.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ad0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d9acdb04748ca91d7455cbd1642de73c611807d6b6c6ec3843c6627f50adbe9f
                        • Instruction ID: e888363cafd11f0fb928df6dc2a35db10b92339e11b97135752cd31707096ede
                        • Opcode Fuzzy Hash: d9acdb04748ca91d7455cbd1642de73c611807d6b6c6ec3843c6627f50adbe9f
                        • Instruction Fuzzy Hash: 0221F831A042459FCF05DF68D880A9EFBB2FF81254B14C1BAD4499F256DB30E90ACB90
                        Function 05AB0AD1 Relevance: .1, Instructions: 66COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045176249.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ab0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e09935685224e568cff640b5bb04ba68551da85ee1841e2fab338870827d47f8
                        • Instruction ID: 9ecd58d004f9744039f135f4b238a36bcb7ecf6c8e2149de97a9c76e26478b89
                        • Opcode Fuzzy Hash: e09935685224e568cff640b5bb04ba68551da85ee1841e2fab338870827d47f8
                        • Instruction Fuzzy Hash: 57117F34700611AFDB189B38D498AAEBBA6FF84204754852DD40BCB7A1DF39EC12CBC5
                        Function 05AE1147 Relevance: .1, Instructions: 65COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7132f537f54a1b029454e2e47aa75a70d4ac1c42787bf45e6b9321503f7b1d3f
                        • Instruction ID: e000e16e6900e55da2f4fcb1c52dc5ea570c9fc14379bd5b6d3d6ce4263d1ae4
                        • Opcode Fuzzy Hash: 7132f537f54a1b029454e2e47aa75a70d4ac1c42787bf45e6b9321503f7b1d3f
                        • Instruction Fuzzy Hash: 0111B475B002045BCF09EB689949FBEBFE6EFC8200B14846DE806DB385DE718D018B90
                        Function 05B40D60 Relevance: .1, Instructions: 65COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c38060c7a39a33845c5276a98f9d9ad020b77b201447c0dbe44dd3336003bb56
                        • Instruction ID: 66f0c5bb1774f1545964c4dd85fcf35d53500f9376795840993d5fd43ed8654a
                        • Opcode Fuzzy Hash: c38060c7a39a33845c5276a98f9d9ad020b77b201447c0dbe44dd3336003bb56
                        • Instruction Fuzzy Hash: 381190316046548FC325DF29C844946BBF6EF86314705896AE549CB762DA31FC4A8BD0
                        Function 05AB7770 Relevance: .1, Instructions: 65COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045176249.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ab0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 29d15d3eb7894ce29aabff73b2b590d81aec7ce75b9e226ea5704250046598a1
                        • Instruction ID: 81bd9c128a86bd12d456ec841956661e35dc248791aa88053d0d9da4b53bf5bf
                        • Opcode Fuzzy Hash: 29d15d3eb7894ce29aabff73b2b590d81aec7ce75b9e226ea5704250046598a1
                        • Instruction Fuzzy Hash: 6B11AC70B001155BCF18EBA8D891EBEBBF6EFC4210F518568D106AB394DF71AD098BE1
                        Function 05AD8BC0 Relevance: .1, Instructions: 65COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045314433.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ad0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: fb6821c15c1b438c27160b5f2bd19655c135aab9e86d6e7df2912cfc3bcc67f3
                        • Instruction ID: 1b180d82603cc3f06a2d7a81b49b50ec6a9a9943401ca8e4c1a113b346a72173
                        • Opcode Fuzzy Hash: fb6821c15c1b438c27160b5f2bd19655c135aab9e86d6e7df2912cfc3bcc67f3
                        • Instruction Fuzzy Hash: A8212E31A0020ADFCB14EB65D989A6EFBB6FF84300B14C528D41A9B365DB35ED46CB61
                        Function 0275D005 Relevance: .1, Instructions: 63COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2035197696.000000000275D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0275D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_275d000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 122765488eda974f87413b5d3e45e4b80b41bb874c02e17035e3c6c34e1e0873
                        • Instruction ID: 06e3f5695221864cb4c31f7c93bbac4c55d633973a192673aebe650270defff5
                        • Opcode Fuzzy Hash: 122765488eda974f87413b5d3e45e4b80b41bb874c02e17035e3c6c34e1e0873
                        • Instruction Fuzzy Hash: 2C218E755083849FDB12CF24D994B15BF71EF46214F28C5EAD8498F2A7C37A980ACB62
                        Function 05AE1158 Relevance: .1, Instructions: 63COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 913c05314f0f91ab050edfc38421ff662a0eacffa1766e42c5b837bbb7b5b967
                        • Instruction ID: b16e9881a8f816b494e9129a4fdd5a6ddee1877f7e6d3a014504c3b35f3339b1
                        • Opcode Fuzzy Hash: 913c05314f0f91ab050edfc38421ff662a0eacffa1766e42c5b837bbb7b5b967
                        • Instruction Fuzzy Hash: FF11C431B002049BCF08EB699994E7E7AE7EFC8210B10803DF506D7385CE718D019B91
                        Function 05B44E88 Relevance: .1, Instructions: 63COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 372b44209023ec8d065932c46b02448257ed4b3682a23a86609e490c9d361661
                        • Instruction ID: d5e11effe62c8e41b53680f8205b8dea59cbd0a4040553168f2a1a5fe7610403
                        • Opcode Fuzzy Hash: 372b44209023ec8d065932c46b02448257ed4b3682a23a86609e490c9d361661
                        • Instruction Fuzzy Hash: 78211471A106088BDB18DFA9D58A6DDBBF2EF4C311F14806AD406B7260EB71A994CF60
                        Function 05B1974A Relevance: .1, Instructions: 63COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045615230.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b10000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: cfe74728cc69556105ca85b6b2977b183b093d19a80162130c54e533ea4b76fc
                        • Instruction ID: 25f25e69c88a46a21fe38578e0c77862ff8442baad2cb488802595adf7db9d5a
                        • Opcode Fuzzy Hash: cfe74728cc69556105ca85b6b2977b183b093d19a80162130c54e533ea4b76fc
                        • Instruction Fuzzy Hash: 9B219631A246198FCF05EF78D8548DDBBB6FF89310F054266E401BB264EF70994ACBA1
                        Function 05AE2948 Relevance: .1, Instructions: 62COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0264f0ba5d63f0ae58b34b5a51c5102e103bc373131c9cdf48a8ea6b3a820b93
                        • Instruction ID: 6597f91f4dd6f12f167d4e36bb629f3b83edfe2c63e792a8295d463c28bbc32a
                        • Opcode Fuzzy Hash: 0264f0ba5d63f0ae58b34b5a51c5102e103bc373131c9cdf48a8ea6b3a820b93
                        • Instruction Fuzzy Hash: E5119D397002024F8B14CB6DC990E7EFBFAEF88240315806AE896E7359DB30ED0187A1
                        Function 05AD2897 Relevance: .1, Instructions: 62COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045314433.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ad0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 53041d995ae58c13dc6c777c74fff924978d12d748f8be0eacd7deadecf21a31
                        • Instruction ID: 0d46f8e13de25198a852714e41a59d156931293d7125c2a2875e325a19a53ec6
                        • Opcode Fuzzy Hash: 53041d995ae58c13dc6c777c74fff924978d12d748f8be0eacd7deadecf21a31
                        • Instruction Fuzzy Hash: 8B216D31D007068ACB11EFB9D8017E8BB72FF85314F208769E65A7B241EB31A595CB91
                        Function 05AE46C8 Relevance: .1, Instructions: 61COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2dc0704094bed659f6826d5d6854a587c1f9cdc2ac5a8343242fee47576b8208
                        • Instruction ID: d046ed7fe487e6b72d97b41bc1f1a7546fcca70fb7868f63fb9f74fed2ecf69c
                        • Opcode Fuzzy Hash: 2dc0704094bed659f6826d5d6854a587c1f9cdc2ac5a8343242fee47576b8208
                        • Instruction Fuzzy Hash: A2214F30E00209DFCF45EFA8D954DAEFFB5EF45300F108569E569AB264EB349942CB81
                        Function 05AB0AE0 Relevance: .1, Instructions: 61COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045176249.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ab0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 96c3527c20bd91903abd1e7721d649aa68505176e4a95daf92253e5f7de4a803
                        • Instruction ID: 0a3ea179df7c7e5b63a827314e4c1fc145d774d119455d417c29515dfab19fb1
                        • Opcode Fuzzy Hash: 96c3527c20bd91903abd1e7721d649aa68505176e4a95daf92253e5f7de4a803
                        • Instruction Fuzzy Hash: BB116D30700611ABCB18AB38D49886EBBA6FFC4604354852DD80BC7BA1DF39EC12CBC5
                        Function 05ADE41B Relevance: .1, Instructions: 60COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045314433.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ad0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 03c128ceb5587e3add6694d655d9c34a4d05fe7d2f6c58a4e3fe53b785595269
                        • Instruction ID: ca57acd119aa0ed6b6b50405cb0cc89d4cea625b90877140dfd1ce06081b210d
                        • Opcode Fuzzy Hash: 03c128ceb5587e3add6694d655d9c34a4d05fe7d2f6c58a4e3fe53b785595269
                        • Instruction Fuzzy Hash: 6F118E70B402089FDB04EFA4D45AB6D7FF6EB45301F1184A9E90A8B791DE309D029B91
                        Function 05B1D433 Relevance: .1, Instructions: 60COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045615230.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b10000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 29195f0c9d0efe0945a248587849a914f005ea1fa61980830af0d116f95ab2ba
                        • Instruction ID: fe83f9aa7bd372593f6d1d96c2978b11d5621bbfbc1ba04b62a5e1f8e86cb247
                        • Opcode Fuzzy Hash: 29195f0c9d0efe0945a248587849a914f005ea1fa61980830af0d116f95ab2ba
                        • Instruction Fuzzy Hash: BB11A231E042589FDF14CBA5C4506EEBFF6AF89310F5880A9E842BB245DA75A940CB64
                        Function 05AB54B0 Relevance: .1, Instructions: 59COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045176249.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ab0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e3e44f41517292295f7b0610f0c626af42724191c2b64ed7abe4fad509c6b10d
                        • Instruction ID: 80bd06640e000f3b4b1d4517fb5c584bbc0bf27c925716869ec10b24c3a2c9b0
                        • Opcode Fuzzy Hash: e3e44f41517292295f7b0610f0c626af42724191c2b64ed7abe4fad509c6b10d
                        • Instruction Fuzzy Hash: 12115831204200CFE715DF65D445F99BBAAFF99352F04C42AE81A8F250DB72D941CF60
                        Function 05ADE828 Relevance: .1, Instructions: 59COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045314433.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ad0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 653303f1303049afbe6a537c41845baa53110b912aecf0e188347d35608db50a
                        • Instruction ID: 35a97d623bb481cf94d77d3578fc6e94ff870f1cba0c4309d2fbea956bb08516
                        • Opcode Fuzzy Hash: 653303f1303049afbe6a537c41845baa53110b912aecf0e188347d35608db50a
                        • Instruction Fuzzy Hash: 1711B431A046188FCB14DF68D4059DEBFF5BF89300F008569D413FB250DB709544CBA0
                        Function 05B474A8 Relevance: .1, Instructions: 58COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 75fe61c8a560cac0697dcae0277939cb407ae6ca44905af451685a227ce6aee4
                        • Instruction ID: 0b21abed5ecc490bdff0db13bd889fb7c408f7a8604460501e9233afb0f6b204
                        • Opcode Fuzzy Hash: 75fe61c8a560cac0697dcae0277939cb407ae6ca44905af451685a227ce6aee4
                        • Instruction Fuzzy Hash: DA1182766402008FCB15EB78D94059DBBB2EF8531070586B9D00A9B775DF71ED4ACF90
                        Function 05B42C29 Relevance: .1, Instructions: 58COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3d910d2a763d71a91925316c627dab53cb85fb15cc80ed7ed479e5db4ea08828
                        • Instruction ID: 956e8217082847dce4d94af2a409ae706a5114daa7258acb85220048067e434e
                        • Opcode Fuzzy Hash: 3d910d2a763d71a91925316c627dab53cb85fb15cc80ed7ed479e5db4ea08828
                        • Instruction Fuzzy Hash: AD11C23A604115ABCB308E19D88196AFB35FBA0320B14C1BAF45587202C731F955FFD1
                        Function 05B19758 Relevance: .1, Instructions: 57COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045615230.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b10000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ac42c03eb536dea051deabdac85f59fc99521544bfc929942b9eec3408a5940a
                        • Instruction ID: 93a8fffab5ac33904343b9872e3a07014cd63fcc3564a3199df7f3f9f7818e49
                        • Opcode Fuzzy Hash: ac42c03eb536dea051deabdac85f59fc99521544bfc929942b9eec3408a5940a
                        • Instruction Fuzzy Hash: AF118631A2051D8FCF05EF68D9548DDBBB5FF89310F00466AE4017B264EF70A949CB91
                        Function 05AE4736 Relevance: .1, Instructions: 56COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 56ef1ce451560fc20bf36b3a92020bb68ee53eb98b31d2eadd2391ffbbdbcea0
                        • Instruction ID: a3761e139758e56ca90a110ae399151fdb16e96aeb6991dab56f022fe679e4d9
                        • Opcode Fuzzy Hash: 56ef1ce451560fc20bf36b3a92020bb68ee53eb98b31d2eadd2391ffbbdbcea0
                        • Instruction Fuzzy Hash: 5F112C30A002089FCB04EFA8D994BADBBB6EF88710F108569E516AB2A0DF709941CB50
                        Function 05AE1671 Relevance: .1, Instructions: 56COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ab45b820e8e12ce1ae28b71cd3a738e8abfc55a40d5643d9f0d6cb94196471de
                        • Instruction ID: 2afdf3331c685daf676f5d9134745c5757180b2649bddcaa40085a267d1387fa
                        • Opcode Fuzzy Hash: ab45b820e8e12ce1ae28b71cd3a738e8abfc55a40d5643d9f0d6cb94196471de
                        • Instruction Fuzzy Hash: BC1140357102114F8F14DB6DD995E6FBBEAAFC8660B18802EE819CB345EF30DC019BA1
                        Function 05AB5288 Relevance: .1, Instructions: 55COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045176249.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ab0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 754e94fed5170e8ee5468bc0f1c68085b6b1542256510173a807faf757ab65b9
                        • Instruction ID: 2f94cd5472ea689ca439dad0d2fc0a9908abebc16259d8fbe79619c93f04fccd
                        • Opcode Fuzzy Hash: 754e94fed5170e8ee5468bc0f1c68085b6b1542256510173a807faf757ab65b9
                        • Instruction Fuzzy Hash: E5118E32E002168FDB04DF9AE889AAEBBB9FF89200F108026D515D3311D7709811CBD0
                        Function 05B4E68A Relevance: .1, Instructions: 54COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9a7e62871778db1693eefb7f464647210788a7145fb56bc591211430ded8dedb
                        • Instruction ID: 34e6d78341e6d778b279293dc961fffcf32075851237e1d9802b614746f2c811
                        • Opcode Fuzzy Hash: 9a7e62871778db1693eefb7f464647210788a7145fb56bc591211430ded8dedb
                        • Instruction Fuzzy Hash: C81133753042119FCB25CE19D498E6AB7AAFF84711B1980D6F815CF265C730DD41DFA1
                        Function 05ABF323 Relevance: .1, Instructions: 54COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045176249.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ab0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 024003b8694bce7b5c51b88f51f229fec932bddce77ffa3be07d7bbe6d48c3ca
                        • Instruction ID: 26131a0f097376fb50d7a53ff7f56f7f7a1a35b567bac115d15e47838442096a
                        • Opcode Fuzzy Hash: 024003b8694bce7b5c51b88f51f229fec932bddce77ffa3be07d7bbe6d48c3ca
                        • Instruction Fuzzy Hash: 871191356002199FDB14EF15D884EBEFBBAFB88310B088569E81697755DB70EC45CBE0
                        Function 05B1F4AA Relevance: .1, Instructions: 54COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045615230.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b10000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f455104a2cce1361b9794cd08bf03eded657da8b9f5a98731a697bf1531b7a0e
                        • Instruction ID: e582aa2a59099cf872816ffcd234f7ee77790dc16cf6896b4c3a5088943acd2d
                        • Opcode Fuzzy Hash: f455104a2cce1361b9794cd08bf03eded657da8b9f5a98731a697bf1531b7a0e
                        • Instruction Fuzzy Hash: EF01D2367046018FC714DE28D8948697BABFF8921435580A6E902CB362EA30ED06C7A4
                        Function 05B4E5F0 Relevance: .1, Instructions: 53COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3a792c754cc55ca9dd03508100804ecccc2a7489e0dea93c50a5cab5a415f6d8
                        • Instruction ID: 84b716c4391ffa556c3b637b8fe81024c28db35fa6d4d4138f353b094c6282ff
                        • Opcode Fuzzy Hash: 3a792c754cc55ca9dd03508100804ecccc2a7489e0dea93c50a5cab5a415f6d8
                        • Instruction Fuzzy Hash: 6C11C675A04248EFCB51CFA8D8449A9BFF5FF09200F1484D9E849DB261D336DA61EF61
                        Function 05AD4A01 Relevance: .1, Instructions: 53COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045314433.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ad0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d7e98f0e86d097ced808bffb840ae9547df766154339ee5978dfcc5865b25bab
                        • Instruction ID: ce58828dc04c5d6339af48494efabf6df797700ba8615b05997e77e9bb660282
                        • Opcode Fuzzy Hash: d7e98f0e86d097ced808bffb840ae9547df766154339ee5978dfcc5865b25bab
                        • Instruction Fuzzy Hash: 8C115E357103149FCB21AB74E858B2ABBA3EFC8215F54486DE143CB791DFB0A84A9B51
                        Function 05B4DFA2 Relevance: .1, Instructions: 52COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 906562ec45afd7d1306861be814e396b7f55fe10d92ae4b1bc191a825178c0a1
                        • Instruction ID: e16ecbf7528fb6711c406ce817478df8c67925da81d087bbc3d60113976155fe
                        • Opcode Fuzzy Hash: 906562ec45afd7d1306861be814e396b7f55fe10d92ae4b1bc191a825178c0a1
                        • Instruction Fuzzy Hash: E111D274E052199FCB01DFA8E994AECBBF2BF89310F1490A6E401B73A0CB35AC45CB51
                        Function 05B4E012 Relevance: .1, Instructions: 52COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7704cda72003fcbc86716bf463852c4a505910cc2ce276ebbccbfb13f4339c9d
                        • Instruction ID: d4471b57d585623cc3ef057a8f8dfbb5d983375c25a9ffc96b068797a9659888
                        • Opcode Fuzzy Hash: 7704cda72003fcbc86716bf463852c4a505910cc2ce276ebbccbfb13f4339c9d
                        • Instruction Fuzzy Hash: C9111031E002299BCB04DFA8E985AEDBBB2FF89310F54916AE405B7390CB356845CB64
                        Function 05AE46D8 Relevance: .1, Instructions: 51COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b556f61d0bfdf397db7f9d042c034470794a921ae97b9f7885b06a12671741de
                        • Instruction ID: 9b811cfe6236345193e3c42763f73b9318002aa241608c64c3da78eb8a878e51
                        • Opcode Fuzzy Hash: b556f61d0bfdf397db7f9d042c034470794a921ae97b9f7885b06a12671741de
                        • Instruction Fuzzy Hash: 0F11FE70E0020ADFCB44EFA8D9549AEFBB5FF48300F108569D469A7264EB349A42CF91
                        Function 05B40F30 Relevance: .1, Instructions: 51COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9a34d1b773878d99d03dc82b438c8f239a6d7f0e81040e7d87da1edd886a7615
                        • Instruction ID: 5d3621925a81ee8a76cb3b245cc954a59874e7d0c76e83d8a7c8f1bfb2608ce2
                        • Opcode Fuzzy Hash: 9a34d1b773878d99d03dc82b438c8f239a6d7f0e81040e7d87da1edd886a7615
                        • Instruction Fuzzy Hash: CFF02D323086049FC724EA1DD884857BB94FFC062571648FEE1888B512E721F8438B51
                        Function 05AD4A10 Relevance: .1, Instructions: 51COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045314433.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ad0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1fc230258d3d7fc78bd188a01c88e8cf917fa857ebdf50c0c895e0e3ecd80fe3
                        • Instruction ID: 77dcfb91d29dff3293f45a8f34e56f86c257da0da3f51d4cbfc64813de13234f
                        • Opcode Fuzzy Hash: 1fc230258d3d7fc78bd188a01c88e8cf917fa857ebdf50c0c895e0e3ecd80fe3
                        • Instruction Fuzzy Hash: E8015B343103149FCB25AB75A858B3ABBA7FFC8215F54486CE50787790CFB1AC4A9B50
                        Function 05B1950F Relevance: .0, Instructions: 50COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045615230.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b10000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: dcf1d953110f8b1d9e726a08db2dad88c032ce92b28755c891c75a041734b5bd
                        • Instruction ID: 65592d774da3865e84f0900a09f295b1d629d4839784c01cc4c4d1c430c90ee7
                        • Opcode Fuzzy Hash: dcf1d953110f8b1d9e726a08db2dad88c032ce92b28755c891c75a041734b5bd
                        • Instruction Fuzzy Hash: BE11F374A00229CFDB54DF68C898B9DBBF2FF88304F5585A5E906EB261DB30A945DB40
                        Function 05B4E020 Relevance: .0, Instructions: 49COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5f75fce0556d84314e28f515a0674a168aaee794ea84a6914fdac706142b95e2
                        • Instruction ID: ce5cd2e773b9503463b1cffbcd0fd8f1021572c7f97a65bcf1b797ffddab34d5
                        • Opcode Fuzzy Hash: 5f75fce0556d84314e28f515a0674a168aaee794ea84a6914fdac706142b95e2
                        • Instruction Fuzzy Hash: B9110330E002189BCB04DFA8E985AEDBBF6FF89310F14906AE405B7350CB346C40CB60
                        Function 05B4E552 Relevance: .0, Instructions: 48COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 585ab535dd8e638b3085534c7004787207d4187371dd3226fd33ff94939d6f67
                        • Instruction ID: 1d8a11d748a274862d81e7c19870fb012b519ca98bace1f1eefa4830cdadae72
                        • Opcode Fuzzy Hash: 585ab535dd8e638b3085534c7004787207d4187371dd3226fd33ff94939d6f67
                        • Instruction Fuzzy Hash: 2301D631A042599BCB25CFA5C814AEEBFF6BF49300F144469E442A7350DF76E905DBA1
                        Function 05ABA306 Relevance: .0, Instructions: 48COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045176249.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ab0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e49d13c1af700c0cd6472f5fb543413f0a755eb36c05c660330b594a3760c3ec
                        • Instruction ID: 1069f6ee68c3fadfbfede31be3e38d1583785d4d5433347464af182d0d517540
                        • Opcode Fuzzy Hash: e49d13c1af700c0cd6472f5fb543413f0a755eb36c05c660330b594a3760c3ec
                        • Instruction Fuzzy Hash: 52114839A041188FEB04CBA8C944AEDBBF5AF4C310F1981A9D401BB762CB759C44CBA0
                        Function 05AB5D30 Relevance: .0, Instructions: 48COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045176249.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ab0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f4d1eb7b89d72ec303aad620230a2ede3884465b11f69e116b21912ce38301d8
                        • Instruction ID: a741a6798c7a9bbd028d85a8ad3ba56f128171b758c31c2e5da32f4c4479f4af
                        • Opcode Fuzzy Hash: f4d1eb7b89d72ec303aad620230a2ede3884465b11f69e116b21912ce38301d8
                        • Instruction Fuzzy Hash: 42012632B017005BD3159A31E894B6F3BAADFC5604B54803DE90A87341DE31CC0BC790
                        Function 05AB1E5F Relevance: .0, Instructions: 48COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045176249.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ab0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d8f3120b6b42e9dcdf71934bed3b9fdc23e85b433362339647520198097dafdd
                        • Instruction ID: 832da30f18c42b23f4d52e3a6d68d8483fd066528acbbfd60ebdfb67b22af5e7
                        • Opcode Fuzzy Hash: d8f3120b6b42e9dcdf71934bed3b9fdc23e85b433362339647520198097dafdd
                        • Instruction Fuzzy Hash: 82111278700B019FC325DF29E090806BBF2FF893103108A6AD84A87B91DB30F956CBD1
                        Function 05AE2DA0 Relevance: .0, Instructions: 47COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1c3b42d605750326869b9d3d6ebfbd74f9fa3d091cba68c3cc753f835832f4a0
                        • Instruction ID: 4f50cd7a3167056bfea66e0de67c85c6c7aaec1472d55353c87be498069b2c86
                        • Opcode Fuzzy Hash: 1c3b42d605750326869b9d3d6ebfbd74f9fa3d091cba68c3cc753f835832f4a0
                        • Instruction Fuzzy Hash: DE11A875E006199F8F50DFA9D8408AEFBF5FF4C210B144569E959E3710D731A915CF60
                        Function 05AEDE59 Relevance: .0, Instructions: 47COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3f75aad495f5911cd75aec62621ea5a5eb31e3e87d0bc169fa513352ae663f74
                        • Instruction ID: d88963409b0074604ffffa38ecddd74e14767a4f82f21e1460497e3fde288980
                        • Opcode Fuzzy Hash: 3f75aad495f5911cd75aec62621ea5a5eb31e3e87d0bc169fa513352ae663f74
                        • Instruction Fuzzy Hash: 770142B2B083109FCB159B689C08A7EBFE2FFA9280301006EE11AC7241DB349D11D760
                        Function 05AEE519 Relevance: .0, Instructions: 46COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 44c1229baa60070c4d778927d1a3d4955bf6403f89d5197e74639d47ba6da810
                        • Instruction ID: 6b569dba83a5256e4546d232497259db6fddd8605d349dd66e88397f6c031d7d
                        • Opcode Fuzzy Hash: 44c1229baa60070c4d778927d1a3d4955bf6403f89d5197e74639d47ba6da810
                        • Instruction Fuzzy Hash: 5601B1353005509FC725CB69D898E7BBFEAEB8D311B148069F996873A1CA35DC41CB60
                        Function 05AEC4DF Relevance: .0, Instructions: 45COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: aa362c47d2d7b7fbf1a9146d830d1f01ca6ca47b3a3c49cf0df98577581b79ff
                        • Instruction ID: 2e8c550404767aaa9f78d31b04217e8196c8429578c50e2edc78bcd192951770
                        • Opcode Fuzzy Hash: aa362c47d2d7b7fbf1a9146d830d1f01ca6ca47b3a3c49cf0df98577581b79ff
                        • Instruction Fuzzy Hash: 8A01D471B403019BCF29EB74A518B6ABBE3EF80621B0544BDD5069B651DF35DC06CBA0
                        Function 05B4CAD0 Relevance: .0, Instructions: 45COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b6169ce08f90d6ccc0e545f62b744ffa15048e973ba8765caea00741eda823ae
                        • Instruction ID: 70c7150394d89fcbb4b385a96666c9c00b140dcd1392d3a56d4d6230de914c5f
                        • Opcode Fuzzy Hash: b6169ce08f90d6ccc0e545f62b744ffa15048e973ba8765caea00741eda823ae
                        • Instruction Fuzzy Hash: 8D01C4353505148FC714DFA9D448C65BBE9FF89B2131640AAEA05CB331DA32EC41CB90
                        Function 05AB3488 Relevance: .0, Instructions: 45COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045176249.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ab0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9363de1a31ce9f5e1429e3d5db73cd4105f74cbee51bfc9d66939513ff1018da
                        • Instruction ID: ec2a4221fa8164b9e9e8109037414c33f07610956456862cc403ecd90211c948
                        • Opcode Fuzzy Hash: 9363de1a31ce9f5e1429e3d5db73cd4105f74cbee51bfc9d66939513ff1018da
                        • Instruction Fuzzy Hash: B401BC30609249CFCB05DB74D858A6D7FF9EF41201B2489AEE842C7281EF31C902D792
                        Function 05ABEDC8 Relevance: .0, Instructions: 45COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045176249.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ab0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a3203bef316d6b1f32216531baf60534f08928b3195b2d0d7acb2a1c3a8045fc
                        • Instruction ID: c2881df03382cc935820c74dce126c361b1daddc1dfa88f9c1b31f37d9245e74
                        • Opcode Fuzzy Hash: a3203bef316d6b1f32216531baf60534f08928b3195b2d0d7acb2a1c3a8045fc
                        • Instruction Fuzzy Hash: DD018432704114CFE714DB68E495EEAB7AEFF84320F048599D04587746D7B1E845DBE1
                        Function 05ADD690 Relevance: .0, Instructions: 45COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045314433.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ad0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9b0d31410049a8dab40464fe891494b9fe37dccaacb52ae6f9945c21db439041
                        • Instruction ID: 060941e082238e35f14cbbb8eaf13439d314d5142699ffb8fa53a860e02f444e
                        • Opcode Fuzzy Hash: 9b0d31410049a8dab40464fe891494b9fe37dccaacb52ae6f9945c21db439041
                        • Instruction Fuzzy Hash: 3D01D4357002145BCB24AA74E849BBEBBF6FBC0651F148528E50397280DF3098068BA1
                        Function 05B10570 Relevance: .0, Instructions: 45COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045615230.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b10000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 60f54137854209be05c3ca0ba2189b9af96534f66a9998030ccc996123437777
                        • Instruction ID: 104f3b2491d8c314ab5ac4ad2ca8f47ba78e315ee0d2b678ef48424db7b39fb0
                        • Opcode Fuzzy Hash: 60f54137854209be05c3ca0ba2189b9af96534f66a9998030ccc996123437777
                        • Instruction Fuzzy Hash: D001C430A002198BDB64EB64C6587EEBBF6BF88300F444469D402B7280CF78BD84CB64
                        Function 05B1C698 Relevance: .0, Instructions: 45COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045615230.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b10000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f7016ca63c543f5748972b6a3b0e2290a043a177e2e7fb2c175b7de36a27ac66
                        • Instruction ID: a3042595bab22d95a46bfd2a9c79be42f06181359aceca1cb362087b388acbac
                        • Opcode Fuzzy Hash: f7016ca63c543f5748972b6a3b0e2290a043a177e2e7fb2c175b7de36a27ac66
                        • Instruction Fuzzy Hash: 36111575A442188FCB04DFA9C548AEDBFF6BF48300F5484A9D801BB251CB75AD40CBA4
                        Function 05ABF5F8 Relevance: .0, Instructions: 44COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045176249.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ab0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5dce144d4e778eb30f1fa9b6d1ea79e9dadc5968985375e5e4be6f7c9d0518b3
                        • Instruction ID: aff34e64fa1fbe394319956c60817a6754c644d60ab8ebe0a785c786348bf8ba
                        • Opcode Fuzzy Hash: 5dce144d4e778eb30f1fa9b6d1ea79e9dadc5968985375e5e4be6f7c9d0518b3
                        • Instruction Fuzzy Hash: 9A0181313402008FDB55DF68E980BA6F7E9FB44215B0885B9D50ACB766CB61E8058B80
                        Function 05AEC4F0 Relevance: .0, Instructions: 43COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 73bef891431cc2d6d57f998d60cc6b76945f0207cb61bc4e22c4c637ac70f89c
                        • Instruction ID: 2689b913d214898831a6838f713ca760681f3154085e634dce7e7ad214e99b81
                        • Opcode Fuzzy Hash: 73bef891431cc2d6d57f998d60cc6b76945f0207cb61bc4e22c4c637ac70f89c
                        • Instruction Fuzzy Hash: 4C01D631B003159BCF28AB75A514A6EBBF7FFC1621B04452DD50697240DF31EC4A8BE0
                        Function 05AEDE68 Relevance: .0, Instructions: 43COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d9fdeb179d5621bf23ba889889f64a25f69524c39a3a0853b351075dcdec30cb
                        • Instruction ID: da24a27afd25cb3fe5425cdf5b76f1c128b611b044944c92671f963af7fa80cc
                        • Opcode Fuzzy Hash: d9fdeb179d5621bf23ba889889f64a25f69524c39a3a0853b351075dcdec30cb
                        • Instruction Fuzzy Hash: 56018135B042555F8B24DBAA9C48A3EBEE7FFC9250714442DE506C7340DF71AC068794
                        Function 05B4A4A0 Relevance: .0, Instructions: 43COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1ae17bf51e4bd32847b8116ddbaae655163113a70f565c3d9c8bfe8d45de0dc6
                        • Instruction ID: 59cdf09a3d773d785bc7bb3b325106b2f1805061ec937afe61102d2381a04e0e
                        • Opcode Fuzzy Hash: 1ae17bf51e4bd32847b8116ddbaae655163113a70f565c3d9c8bfe8d45de0dc6
                        • Instruction Fuzzy Hash: F501A731A042545FCB119BB8D88CA9EBFF5FB49211F040169F145D73A2C731AD45CB90
                        Function 05ADD70F Relevance: .0, Instructions: 43COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045314433.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ad0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 037c5f111716d5085f89f497799eeffcf5d043638c6b29a2af5608f0ed1c2119
                        • Instruction ID: 5bbe9731126a86fdf83efe73c3cc31a1aaeea1fd9bc64417d8b5e5e27f78b13c
                        • Opcode Fuzzy Hash: 037c5f111716d5085f89f497799eeffcf5d043638c6b29a2af5608f0ed1c2119
                        • Instruction Fuzzy Hash: 2AF0C8357481145BDF647774E81EFBA7F9AF740750F14406AF5479B2C0DE6488418BE1
                        Function 05AE40C0 Relevance: .0, Instructions: 42COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8d07a53ebdbad4f9f19f577fc1b24debe9d64d4461a07cbdf2dcbcc2626ec2b2
                        • Instruction ID: d1fe6049fd48c0eda8f83c0db69af557c9d80ac1cb2772005bcb5d9b8fc2dd9a
                        • Opcode Fuzzy Hash: 8d07a53ebdbad4f9f19f577fc1b24debe9d64d4461a07cbdf2dcbcc2626ec2b2
                        • Instruction Fuzzy Hash: 31017131D4822A9FDF10EB79DC05BAEBFF6BF48304F044564E421AA294CB789549DFA0
                        Function 05B4E560 Relevance: .0, Instructions: 42COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4e43e93bbbad675191665c36bc26b37be9f2aa5e807a77eedccf567fe8d19273
                        • Instruction ID: 0ec924f19d6657dea87c30b4b5998ea88b14217cb43e09562e8c591fca07b562
                        • Opcode Fuzzy Hash: 4e43e93bbbad675191665c36bc26b37be9f2aa5e807a77eedccf567fe8d19273
                        • Instruction Fuzzy Hash: 0701D871A042589BCF25CFA5C814AAEBFF6BF4C300F04446DE452A3250DF75E900EBA1
                        Function 05AB5449 Relevance: .0, Instructions: 42COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045176249.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ab0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3132def448cb42e511be9aeba5edd3012b588ba396d02ff7c1c7a0ae587adc12
                        • Instruction ID: c9cd757843243c35745e53e381a28e1016c30bc6edbca7e9254ccb065195c568
                        • Opcode Fuzzy Hash: 3132def448cb42e511be9aeba5edd3012b588ba396d02ff7c1c7a0ae587adc12
                        • Instruction Fuzzy Hash: BFF03176E14129ABCF05DBA9DC05BEEBBFAEBD8710F14C026E215D2240EB3159128B90
                        Function 05AB5228 Relevance: .0, Instructions: 42COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045176249.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ab0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8a115d2d36ec4316205c9bf1ae8787e278c2e37e27f8229610a1cde4bd72b459
                        • Instruction ID: 4a84926651e059648d6720c1d3ce3098a0c78c4876d86a4148ac164470e263f6
                        • Opcode Fuzzy Hash: 8a115d2d36ec4316205c9bf1ae8787e278c2e37e27f8229610a1cde4bd72b459
                        • Instruction Fuzzy Hash: 58F01232345114ABCB049A5AE889A9FBB9EEBD9261F548126F909C7611CE309D02C7A0
                        Function 05AD4180 Relevance: .0, Instructions: 42COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045314433.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ad0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a0b7cde65cb2a2dc60d79071ee88ca7239e14582a60c1f68e9b15d09ec6adda4
                        • Instruction ID: dd69cc01a3c8fff43725955b35c4e78cbfde73c18c00d0a1ac7b05421baeb034
                        • Opcode Fuzzy Hash: a0b7cde65cb2a2dc60d79071ee88ca7239e14582a60c1f68e9b15d09ec6adda4
                        • Instruction Fuzzy Hash: 370156312006059FCB04DF19EA48E9ABBF6FF88310B55C469E40A8B735DBB0E9468B90
                        Function 05B18560 Relevance: .0, Instructions: 42COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045615230.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b10000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: debe6ee19ae59a1f6917279b2abe350bfc1f480978671ef801673833b4b29162
                        • Instruction ID: 86c9a122ef09cc8f912878ec42422dc0bf920c710123fb5726ed175f22f1121b
                        • Opcode Fuzzy Hash: debe6ee19ae59a1f6917279b2abe350bfc1f480978671ef801673833b4b29162
                        • Instruction Fuzzy Hash: 670149317053809FD72227B0549876ABFB3FB86314F9414ADF1868B6C2CA61684AD790
                        Function 05AEEEA9 Relevance: .0, Instructions: 41COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1596fdd2e5156a8473eadc5602aa856bc0ad1a21ee7448595f88744940043671
                        • Instruction ID: 64174a4f319f024c919ffb61e7e75bfcff00b783f8e8fb2a37e9fe336e4c69f6
                        • Opcode Fuzzy Hash: 1596fdd2e5156a8473eadc5602aa856bc0ad1a21ee7448595f88744940043671
                        • Instruction Fuzzy Hash: 8C01817A6043459FCB02DF68E94989E7FB6FB89211705846AF84687362CA70CC16DB61
                        Function 05AE40D0 Relevance: .0, Instructions: 40COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: cdf8c59fe670bcd952feea82ff439f10f254d935b22b5f8f2347f0f5859015c9
                        • Instruction ID: ba70e5bb4430e9e8eaa5c9481905b79e31223aefbc7bc72edea89e804a7d1acf
                        • Opcode Fuzzy Hash: cdf8c59fe670bcd952feea82ff439f10f254d935b22b5f8f2347f0f5859015c9
                        • Instruction Fuzzy Hash: 24018F31E0821E8FDF10EBA9DD05BEEBBFABF48300F004565E421A6294CB785545CFA1
                        Function 05AE1EB0 Relevance: .0, Instructions: 40COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: bed51cb5d8f737d6bba70c06efadde27ff3bfc4f6da4db2079a1728df6ad5560
                        • Instruction ID: a8710db85a62c545f1ce2846bc4e752780fa9a4d6578c8e3ec787ec6f1f58c42
                        • Opcode Fuzzy Hash: bed51cb5d8f737d6bba70c06efadde27ff3bfc4f6da4db2079a1728df6ad5560
                        • Instruction Fuzzy Hash: 36F096367102105BCB109A2DD495E6EBFEEEBCC260715C01AF909C7315DF70ED025A90
                        Function 05ABF583 Relevance: .0, Instructions: 40COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045176249.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ab0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6564f601a453359348b71ac25a010f569c24d5cd9d475e2a5561ff90b4e55d77
                        • Instruction ID: 30a81bde1f8e18f0eccbaf5f3a165f5b0e48ec26948af483c20699ac79d7e750
                        • Opcode Fuzzy Hash: 6564f601a453359348b71ac25a010f569c24d5cd9d475e2a5561ff90b4e55d77
                        • Instruction Fuzzy Hash: 3BF0F4316002108FCB20DB24D980B66F7AAFF81314F488A7CC50A8B795CB70FD0ACB90
                        Function 05ADD6A0 Relevance: .0, Instructions: 40COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045314433.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ad0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 093ecc13197fbeb2b159139c90065365ee57d9dbd48e2b7de56770bb5e70f4a1
                        • Instruction ID: ebd545bb36814a57e8ebe90cb8bd2bdb0efe89692c8f4533b653a558faeeab65
                        • Opcode Fuzzy Hash: 093ecc13197fbeb2b159139c90065365ee57d9dbd48e2b7de56770bb5e70f4a1
                        • Instruction Fuzzy Hash: 06F0A4357106155BCB24EB65A489BBEBBF7FBC0661F048528E517872C0DF719806CBA0
                        Function 05B171B2 Relevance: .0, Instructions: 40COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045615230.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b10000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 90bec0febc7ec96e48018fffe664c0c64e390089acb5d07a489139d29cb3fe4d
                        • Instruction ID: f6072a1f09127a719bcd37eb9b3ca08c927a44d40598ac4327e3a7c246d483fc
                        • Opcode Fuzzy Hash: 90bec0febc7ec96e48018fffe664c0c64e390089acb5d07a489139d29cb3fe4d
                        • Instruction Fuzzy Hash: 9E019270D081598AEB50DBA5C4087BE7FB2FB46300F4540A9E812AB296CF796146DBA5
                        Function 05AEB070 Relevance: .0, Instructions: 39COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3ecdac3547d1b330b5f72f798df9e7ca41292103f034655b2a548ec94e827aa7
                        • Instruction ID: 032b4c80430e5e6eafe8e99708d3965345a7608ccbbcd38d09827400727c2080
                        • Opcode Fuzzy Hash: 3ecdac3547d1b330b5f72f798df9e7ca41292103f034655b2a548ec94e827aa7
                        • Instruction Fuzzy Hash: A0F05E2611A7A01FC706963CE8626943F74DE47225B1940D7E681CF273DD58EC4E8799
                        Function 05B4E7B8 Relevance: .0, Instructions: 39COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9dd5d028e2844c4e399ce4a21086b43f5518979aa715f44047868184cb78585f
                        • Instruction ID: f20b28778487458c60e491d290594bc5a6434539dcbfc5eb036ed4b2830f741c
                        • Opcode Fuzzy Hash: 9dd5d028e2844c4e399ce4a21086b43f5518979aa715f44047868184cb78585f
                        • Instruction Fuzzy Hash: 0401F676A00125AFC715CF4CD985DAAF7A9FF48321705C566F948DB301DB30EC428B90
                        Function 05AE54B0 Relevance: .0, Instructions: 38COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c700af09ded32df756151c7dc6c2d813f2f1896de15d56a4e3d81341223e9e5f
                        • Instruction ID: dc9c9c836ccac2978d8d0be36e64961f05c2181425e352899c87060e9069b099
                        • Opcode Fuzzy Hash: c700af09ded32df756151c7dc6c2d813f2f1896de15d56a4e3d81341223e9e5f
                        • Instruction Fuzzy Hash: BE01D470E482199FDB11EFA8E41576E7FF2BB05308F0044ADD052976C1DB780505DFA2
                        Function 05B4A430 Relevance: .0, Instructions: 38COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 72309ba1f34df7f774d21929ebd612b8896c267c5307adc9e26722eeb984ff5d
                        • Instruction ID: 85afba478cc3ea6f4e4e377611cc0bffe1c4609fa3a0359cf2baa81f499902fd
                        • Opcode Fuzzy Hash: 72309ba1f34df7f774d21929ebd612b8896c267c5307adc9e26722eeb984ff5d
                        • Instruction Fuzzy Hash: 40F0C231254200CFCB258B68E04D6A8BBF7FF8921570A00AEE04ACB7A1CB71DC02CB40
                        Function 05AD4190 Relevance: .0, Instructions: 38COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045314433.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ad0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0cd8123f10fd365f89220d738410b578dfa6b1c78ef078f1ead59289d0fa165a
                        • Instruction ID: 3ba421474cec6f3d75086f825ff9f13ad4bb9b9224d2005399f7a8916483976a
                        • Opcode Fuzzy Hash: 0cd8123f10fd365f89220d738410b578dfa6b1c78ef078f1ead59289d0fa165a
                        • Instruction Fuzzy Hash: E90146302006058FC754DB19D948D9AFBF6FF88710B55C469E80A8B725DBB0E9458B90
                        Function 05ADF868 Relevance: .0, Instructions: 38COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045314433.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ad0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e59b2f470e169f0a4bc5f7e7f0d985aa1be7391a3b5392db8e8e1b02f4efbb9c
                        • Instruction ID: 343f46cea4166c0620983c2a1e990ad1a8439d86c2a663fd810b5a0bfc1fa36e
                        • Opcode Fuzzy Hash: e59b2f470e169f0a4bc5f7e7f0d985aa1be7391a3b5392db8e8e1b02f4efbb9c
                        • Instruction Fuzzy Hash: CCF0C236604214DFCB14AA64E506AAEBFB0FF45215F54C46DD95B87A40C721E892C791
                        Function 05AEE4F0 Relevance: .0, Instructions: 37COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c2dcf3cfe8873bc821bbf8fc2c5e0df42ac63cf2945bae1c403b5aebb96a6d7f
                        • Instruction ID: 3cc7b772de8aaa1a26d7e160dce6e8c5bbae34bff0d8f5c63dd9594a0452d291
                        • Opcode Fuzzy Hash: c2dcf3cfe8873bc821bbf8fc2c5e0df42ac63cf2945bae1c403b5aebb96a6d7f
                        • Instruction Fuzzy Hash: 74F024767469904FD305DB2CD8A0E66BFE4EF8C30071444AAE6D2C7361C536E841CB64
                        Function 05B4749D Relevance: .0, Instructions: 37COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: dddde9dbf44415acee6e4b6c4ad3c0c44260106b63f8246c051008490ec97f06
                        • Instruction ID: 17448c4b3daf7f1658ed0da9bf5b8673a05cd6ad8848025dd8a53ca20638acfa
                        • Opcode Fuzzy Hash: dddde9dbf44415acee6e4b6c4ad3c0c44260106b63f8246c051008490ec97f06
                        • Instruction Fuzzy Hash: 3FF01D357406158FCF15DBA8E459AAC7BB2FB88221B1501A5E5069B360DF31ED46CF90
                        Function 05B43F10 Relevance: .0, Instructions: 37COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2344c2a8922485c3afedec1734b9723704021fadeb98aa853ee7981d1b19f501
                        • Instruction ID: ee25c9d234208584451097f7c4654286771cb85f380c2d1a9af2e5925b83fa1c
                        • Opcode Fuzzy Hash: 2344c2a8922485c3afedec1734b9723704021fadeb98aa853ee7981d1b19f501
                        • Instruction Fuzzy Hash: 95F03C762146109FC325CB29D888A6ABBF6FF89711B0944AAF946C7671C771FC41CB50
                        Function 05B4015C Relevance: .0, Instructions: 37COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: bcec00abc358b20aa0033db2eb26f4cb22625642dabab84015aa48136eaefd70
                        • Instruction ID: 6d3519b67ea6b2d521ca482fd8d851f4220c0970c0f7eed4a4e73a39baa7791d
                        • Opcode Fuzzy Hash: bcec00abc358b20aa0033db2eb26f4cb22625642dabab84015aa48136eaefd70
                        • Instruction Fuzzy Hash: E901E831640B04DFC324DF2AC984957FBF5EF88310B008A6AE54A87775DA71F8498B90
                        Function 05AD260B Relevance: .0, Instructions: 37COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045314433.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ad0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d8d0050c417c357b11e3d33a9a8050bd17d34679ff7d7e20461324928629904a
                        • Instruction ID: dba7c4eb474c04d89f4b07bfcc85e9bd4abd5761e946b847e00543faafa8316c
                        • Opcode Fuzzy Hash: d8d0050c417c357b11e3d33a9a8050bd17d34679ff7d7e20461324928629904a
                        • Instruction Fuzzy Hash: BAF0A7376192645FD710EB7CEC1A7897FB8EF4A214F0800A6E485CB662E925D845C7A2
                        Function 05B474B8 Relevance: .0, Instructions: 36COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f16863a01b60e579fcfd28d4357f8fbd0d5842e7d07eec04241e87fc70922ceb
                        • Instruction ID: 69eb72ab22981aa5969455bb452fa5bd967e95649f6f5de5d089a86d5d6c924d
                        • Opcode Fuzzy Hash: f16863a01b60e579fcfd28d4357f8fbd0d5842e7d07eec04241e87fc70922ceb
                        • Instruction Fuzzy Hash: 7DF03C322402005FC725EB28D94086EFBA6EFC53107408A7DD10A4B768DF71F98A8BD4
                        Function 05B18570 Relevance: .0, Instructions: 36COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045615230.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b10000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b5b7f01c766fec791de35855a87ddb708d510dd68efabc7c4c2ed7ed564884f8
                        • Instruction ID: 99a5a1212027c811b1ef704a33cd3bed77725c350eaf92019109da3f8a0bbe61
                        • Opcode Fuzzy Hash: b5b7f01c766fec791de35855a87ddb708d510dd68efabc7c4c2ed7ed564884f8
                        • Instruction Fuzzy Hash: E0F0C2317003509FDB2226A5A488B6ABFE2FB86620F90046CF54A47681CE72A845C794
                        Function 05B171C0 Relevance: .0, Instructions: 36COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045615230.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b10000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c10c781c5ab86ec58ab62d9f9de9088ca3e32b819b70510bb854ca5604c9472a
                        • Instruction ID: 5003c45b4b0326362ef589bd68de8967be8b16bca8439610716f1544988ce924
                        • Opcode Fuzzy Hash: c10c781c5ab86ec58ab62d9f9de9088ca3e32b819b70510bb854ca5604c9472a
                        • Instruction Fuzzy Hash: 3601F770D081598BEF50CBA5C4047AE7FF1FB46300F4440A9E812BB191CF796142DFA4
                        Function 05AEB13B Relevance: .0, Instructions: 35COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 572d9662607961d58e37e4c3210d8d5bbb619b221b0f09a155d9aaf47c23b896
                        • Instruction ID: cf5a6748af0b4e7ecd3b59ac557f4cfe3dea370de57ddbcf199d84c8a56f6f9d
                        • Opcode Fuzzy Hash: 572d9662607961d58e37e4c3210d8d5bbb619b221b0f09a155d9aaf47c23b896
                        • Instruction Fuzzy Hash: 37F0893620011C6BCB105555ED8AF9E7F6ADBC1660F414064ED1557254DB3199098BB1
                        Function 05B4A440 Relevance: .0, Instructions: 35COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9a3c91b282962e737a6d96134c8e4e895027534dfe2cc46804c304d41deff613
                        • Instruction ID: 3c711c3d9161513ff0647cd81776757bc5053e0f02945f805a040b0e315ecc76
                        • Opcode Fuzzy Hash: 9a3c91b282962e737a6d96134c8e4e895027534dfe2cc46804c304d41deff613
                        • Instruction Fuzzy Hash: 02F06D313406108FCB289A69E44C96AB7EBEFC961171540BDE00AC73A0CF71EC42CB50
                        Function 05B43187 Relevance: .0, Instructions: 35COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a8f5025402d24faf6b3800b099dbeefb25f02c4830a5d0e18fa30b1bafbdd4e0
                        • Instruction ID: c76586e9b9dedca10916139136cbac1207effaf6bebcf29a9340d307078b460a
                        • Opcode Fuzzy Hash: a8f5025402d24faf6b3800b099dbeefb25f02c4830a5d0e18fa30b1bafbdd4e0
                        • Instruction Fuzzy Hash: 38F0903A700005DF9B248F5CE8848AAFB76FBC0325324C4BAD50547200CB32A4AADBA0
                        Function 05AB5458 Relevance: .0, Instructions: 35COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045176249.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ab0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 51ec0f8cdd2f1a883b968c8e8386d94e3cb72746ff2fc39f14bdc245ce39009c
                        • Instruction ID: 48e237e2acac6c9965a29412afa6aa7e4bdd5cac3304a1833e4805c0f8b4daf3
                        • Opcode Fuzzy Hash: 51ec0f8cdd2f1a883b968c8e8386d94e3cb72746ff2fc39f14bdc245ce39009c
                        • Instruction Fuzzy Hash: 22F01272E10128AFCB05DB99DC05AEEBFFAEFC8611F048026E619D3240EB7059158B90
                        Function 05AD34F8 Relevance: .0, Instructions: 35COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045314433.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ad0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 68b75952b25c5f862c1c738a1b75ae590ce89f82796a5f405b13fe7919f1209e
                        • Instruction ID: 931d65a558f52367466d9eb7207747a3c97da98edac66da141ddbe9d3491cbf6
                        • Opcode Fuzzy Hash: 68b75952b25c5f862c1c738a1b75ae590ce89f82796a5f405b13fe7919f1209e
                        • Instruction Fuzzy Hash: 3DF06932A002188FCB00DFA9E80559EBFF5FB88320B00462AE919D7240DB30A945CF94
                        Function 05AE1EC0 Relevance: .0, Instructions: 34COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 10e12a3086891add150eb5901694a364588dfd0c30ccf11420b376866c29f071
                        • Instruction ID: 1f4bfc330040065412d5d04edbed4ad093f5a071eb339f93e08d1cba06bd802c
                        • Opcode Fuzzy Hash: 10e12a3086891add150eb5901694a364588dfd0c30ccf11420b376866c29f071
                        • Instruction Fuzzy Hash: EDF0F8367142149F4B149A1EA89896EBFEEEBCC6A1315C02AF809C7345DF71ED0286A5
                        Function 05AD41F4 Relevance: .0, Instructions: 34COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045314433.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ad0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8d5b19c3d3202ab787e03479613a12876e9b02e4d7a225233f1f0f166b699eff
                        • Instruction ID: c056b0c85a3ffebbe02cbd20a471cb07c0b4e26977e40fc6f434be6df69be7e5
                        • Opcode Fuzzy Hash: 8d5b19c3d3202ab787e03479613a12876e9b02e4d7a225233f1f0f166b699eff
                        • Instruction Fuzzy Hash: D3F0C272604200CFCB01DB28D858A59FBF1FFA4241B45C0AAE406CB675DB74EA85C750
                        Function 05B40FB0 Relevance: .0, Instructions: 33COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: fb2b2b95cfc0aeb5c1f9e1320f0f196680d3937295d737288e70ac49fd2277b1
                        • Instruction ID: ff420388ab9d77168a3220853eafb679f0321a423ca363de2ce8f93c656869eb
                        • Opcode Fuzzy Hash: fb2b2b95cfc0aeb5c1f9e1320f0f196680d3937295d737288e70ac49fd2277b1
                        • Instruction Fuzzy Hash: BCE0923631051487872166BDB01947E7BAAEAC05B6318007FE60EC2A00DE26D8039690
                        Function 05AB97B8 Relevance: .0, Instructions: 33COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045176249.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ab0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b897317b914fc5c0b30e3a3afe23b7ddb13c0182bb1731dc66515613e0f15e05
                        • Instruction ID: fc0dbd0ca41c7d7906c466ad94229a349feb5bdf36a393332a99f93d37c4eb7f
                        • Opcode Fuzzy Hash: b897317b914fc5c0b30e3a3afe23b7ddb13c0182bb1731dc66515613e0f15e05
                        • Instruction Fuzzy Hash: 47F0E9767047414FCB11C7ACD584E6BBBDAAF8921070988BED15ECF316DB60D8458790
                        Function 05AE1220 Relevance: .0, Instructions: 32COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 51104ddb8bc66cbf2196794ab914fa08f0f60252fa19b8ed552bcbd771d262e9
                        • Instruction ID: 4a3365d306cbb3db4649d21f47c5fe92d11c8f410825e3562ad77dc7bfdc5516
                        • Opcode Fuzzy Hash: 51104ddb8bc66cbf2196794ab914fa08f0f60252fa19b8ed552bcbd771d262e9
                        • Instruction Fuzzy Hash: 20E09A723041141B5B1CA69E6890D3FAADEDFC92A0354803EE40CC7345DE71DC0143A0
                        Function 05AEDEE2 Relevance: .0, Instructions: 32COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b008c29b69e3f9d666e1d25de99d7af95e0d30678dfe38ba853f8a0da777ad25
                        • Instruction ID: f2525ca85575bbe75760d7ecc47e8f60abef693a1882dc746982d3ed9efa4725
                        • Opcode Fuzzy Hash: b008c29b69e3f9d666e1d25de99d7af95e0d30678dfe38ba853f8a0da777ad25
                        • Instruction Fuzzy Hash: 3AE0D8777093501B8B154ABA3994DEFEF9E6EC91A530A9077F94CD7282E9248C065270
                        Function 05B43F20 Relevance: .0, Instructions: 32COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0a9576bd717f8a03e8fa5ae1041571c644c9a2dcb6ea62b09bdfe29c1482627a
                        • Instruction ID: 2671e4b3913c36629f8f8456aa4952f272048ff069270abdefe853ee8f47730a
                        • Opcode Fuzzy Hash: 0a9576bd717f8a03e8fa5ae1041571c644c9a2dcb6ea62b09bdfe29c1482627a
                        • Instruction Fuzzy Hash: CCF01736210A109FC364CB29D888E6AB7FAFBC8721B0844AAF50687670CB71FC41DB50
                        Function 05B4F6A9 Relevance: .0, Instructions: 31COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 90360a07947b4cc3c13f7d8d9c529aee07372edfd9bc0f42fff3bce7e89d6ecf
                        • Instruction ID: 2c06fe1c4f048905cf53908e6e987753ad6b3b9a7c3bad9b209742c535c438fe
                        • Opcode Fuzzy Hash: 90360a07947b4cc3c13f7d8d9c529aee07372edfd9bc0f42fff3bce7e89d6ecf
                        • Instruction Fuzzy Hash: 72F0A070E10219AF8B40DFBC94085EEBBF9EB08200B118066E458E7301E730AA04CFE1
                        Function 05B4F997 Relevance: .0, Instructions: 31COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 663e2df1569413589f6dc3b4d7ab1ee52b42988304b5c60cc3234b66927d800d
                        • Instruction ID: bd699f83edeb49f7e1241c403630ddfc8456d4c44f26c51da71668cc42df4ace
                        • Opcode Fuzzy Hash: 663e2df1569413589f6dc3b4d7ab1ee52b42988304b5c60cc3234b66927d800d
                        • Instruction Fuzzy Hash: 50F0E5313483541FD3219BACD458B66BBE8BF45750F4940ABE141CB6E2EB60D841C794
                        Function 05AD3498 Relevance: .0, Instructions: 31COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045314433.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ad0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6949fef345212fd23da500d2303c2a60cb520d1889c9e78fbfbd41cfb9789286
                        • Instruction ID: 3beed7f5377612eb0b45b00a1335379b07162b6f8db69a6b1b0b049f27aa80f9
                        • Opcode Fuzzy Hash: 6949fef345212fd23da500d2303c2a60cb520d1889c9e78fbfbd41cfb9789286
                        • Instruction Fuzzy Hash: 06E06536354118ABC71067A9B848A6A7EAEF7C9321F404178F50A87254DE715C469BA4
                        Function 05AD36F7 Relevance: .0, Instructions: 31COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045314433.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ad0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b8039a69fb8a94c73a43b6bf758aff05d77a648ff4ae8e1a6d1014adcb49d98c
                        • Instruction ID: e3c421e00978ce605d497f7bbb6a8de725141d5f7d11b710194c0cb84257f564
                        • Opcode Fuzzy Hash: b8039a69fb8a94c73a43b6bf758aff05d77a648ff4ae8e1a6d1014adcb49d98c
                        • Instruction Fuzzy Hash: 4DF0E236241A219FC314CF19E404E89BBF5FF89720B1881AAEC0987321CB21ED81CBC1
                        Function 05AD50FD Relevance: .0, Instructions: 31COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045314433.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ad0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 382638ec926fab4ef2dac95c68aa14626f12e054774cd1c30a25db544b29e17e
                        • Instruction ID: a486393f48ef522fc68d31f266f13c20ae90a0bca060c4b560b5ad46dcc85a58
                        • Opcode Fuzzy Hash: 382638ec926fab4ef2dac95c68aa14626f12e054774cd1c30a25db544b29e17e
                        • Instruction Fuzzy Hash: E601E435A55219AFDB10EB90DD45FEDBBB2BF48300F144006F812BA2A1CB359941DB60
                        Function 05AD7650 Relevance: .0, Instructions: 30COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045314433.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ad0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d66ffb7161e9b874db1282d4479cac17c93c0c6c52f505d7165d28fe7562b6ce
                        • Instruction ID: 67aaa961ae4e8894f389a5e71658ef369be396ce257dcd6f27ed4b92d7e468c9
                        • Opcode Fuzzy Hash: d66ffb7161e9b874db1282d4479cac17c93c0c6c52f505d7165d28fe7562b6ce
                        • Instruction Fuzzy Hash: 0BF027B6D00129CBDB24DA24EC817D9FBB4EB48300F0048B7D556F3740E6B08994CB30
                        Function 05AB4C2E Relevance: .0, Instructions: 29COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045176249.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ab0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 04e18c00bbd8fb99cf463897385190b09e7c7b8aaaa01b6ff81a0559ff25a15e
                        • Instruction ID: 4969b3073015f0e4708e8d63a2c297c723f94b23d65fee5033788b6c51b684ef
                        • Opcode Fuzzy Hash: 04e18c00bbd8fb99cf463897385190b09e7c7b8aaaa01b6ff81a0559ff25a15e
                        • Instruction Fuzzy Hash: B4E06D327041296F5B14CA99A8849BF7BEEEBC8221309442DE11ED3241DF3198068790
                        Function 05AD2859 Relevance: .0, Instructions: 29COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045314433.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ad0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9b364b181d86014d69e37df85c9113b68e5842f3d682b87b7ac2f8443ac3c523
                        • Instruction ID: 045bb892209356bdea76ca8ac29b05242ff2f80b40736f4cd60f2df1642a29f5
                        • Opcode Fuzzy Hash: 9b364b181d86014d69e37df85c9113b68e5842f3d682b87b7ac2f8443ac3c523
                        • Instruction Fuzzy Hash: 63E0DF3235402017C50472ADB0506BDAA8FCBC4220B55003AE10BC7240DEA89D4652D9
                        Function 05B1C736 Relevance: .0, Instructions: 29COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045615230.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b10000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 10e3463a59f6112844b36afc99291fb2e7638471a3b57dc4fccdb63b7f6e9714
                        • Instruction ID: f2d1f37e2632d84f9fc643d1937df3e712d4eae712d0fb7b50705bb4d7a0a023
                        • Opcode Fuzzy Hash: 10e3463a59f6112844b36afc99291fb2e7638471a3b57dc4fccdb63b7f6e9714
                        • Instruction Fuzzy Hash: B9F0A97A6802118FC314CB68D5C8B16B7A8EB8522DB6489BAD45AC7A21C675EC82C794
                        Function 05AEBD28 Relevance: .0, Instructions: 27COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8c0105cca588280bcd5de90223e671ba5b6cec0b82841aff11b7f6bd8073dc31
                        • Instruction ID: 03a5f75410b7e5210c2451f007c216c8028b02150524ce238df2ea74fd073287
                        • Opcode Fuzzy Hash: 8c0105cca588280bcd5de90223e671ba5b6cec0b82841aff11b7f6bd8073dc31
                        • Instruction Fuzzy Hash: 47E09231F1022D4B8B00B7ACA8598FEBF7AEBC6351B404569E516A7244EE30695987E2
                        Function 05B44DF2 Relevance: .0, Instructions: 27COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1526c2d7b7cfb272ab0a26f888c0b3bc87d239c648578beb310593a261129f87
                        • Instruction ID: 6fddfabd5ce884ef5f7a0398dc62068772807a362e46dc46ac1ad871e7fe62cc
                        • Opcode Fuzzy Hash: 1526c2d7b7cfb272ab0a26f888c0b3bc87d239c648578beb310593a261129f87
                        • Instruction Fuzzy Hash: D4F05872C0020A8FCB40EFB8DA452DEBFB0AF05200F50816AD919FB215E7384665CF81
                        Function 05ABDF35 Relevance: .0, Instructions: 27COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045176249.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ab0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a7d051000e1a29aef2de81c67cbc9a38a9b111f45deae36214ebea81c117eb25
                        • Instruction ID: 62ff48bac99c53f2e28272196faa687e2145613c101f9843620ad97717e19ad0
                        • Opcode Fuzzy Hash: a7d051000e1a29aef2de81c67cbc9a38a9b111f45deae36214ebea81c117eb25
                        • Instruction Fuzzy Hash: 3AF0A9366010059FCB41DF94D644EDDBBB2FF48310B2582A1E5086B226C772ED56CB90
                        Function 05AE4078 Relevance: .0, Instructions: 26COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6acfaf55d585abfef62d068175ac6665d7c268f31a4d937b75c40e0d88187597
                        • Instruction ID: 2088ae0ee6ea26035fb9918e372ec3a4c0ed54f4506ba48bf41d31ea7b12fdba
                        • Opcode Fuzzy Hash: 6acfaf55d585abfef62d068175ac6665d7c268f31a4d937b75c40e0d88187597
                        • Instruction Fuzzy Hash: 49E0DF322151308BCB056AB4F80A29CBFA9FB8C112B04803AF80AC2280CF36D8029A80
                        Function 05AEBD20 Relevance: .0, Instructions: 26COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: deeffbe9e87e35c0f5732bc45b93c49bfe8169053d0c5ba666778894b1be96d9
                        • Instruction ID: 217c1c1012082acde617e207cf931788fc3b7d5f8e12d68b5d41b18144892e5a
                        • Opcode Fuzzy Hash: deeffbe9e87e35c0f5732bc45b93c49bfe8169053d0c5ba666778894b1be96d9
                        • Instruction Fuzzy Hash: F9F0E539B002298BCB007BFCA5548FD7F76EFC5211B444969D556A7204EE30199987A1
                        Function 05AEBAC0 Relevance: .0, Instructions: 26COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 094d17c48f601f3b977b35b59a1405812504dfed1b1b3df01f2a6c2057aa050c
                        • Instruction ID: 1a3f4f81b23957d7a45d3a7600432085b44ba376c6c84f60fe2b8ec88da64d21
                        • Opcode Fuzzy Hash: 094d17c48f601f3b977b35b59a1405812504dfed1b1b3df01f2a6c2057aa050c
                        • Instruction Fuzzy Hash: 2BF03930E0420CAFCB44EFA8E85159DBFB5EB85300F0081E9E409AB354EA316A098F81
                        Function 05AD34A8 Relevance: .0, Instructions: 26COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045314433.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ad0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b3c7c5bcc5076cc90bf77cce386ee3ec713f70a30f8a94aee0665364dfb5c8c6
                        • Instruction ID: b8d294e27019b80463189d97ddc2f9dc84475fcf7ae9fcef10a710bcac326a3d
                        • Opcode Fuzzy Hash: b3c7c5bcc5076cc90bf77cce386ee3ec713f70a30f8a94aee0665364dfb5c8c6
                        • Instruction Fuzzy Hash: CAE0DF31304118ABCB1066AAB84882BBEAEEBC9320B4081B8F60AC7344DE714C048AA0
                        Function 05ADF6E8 Relevance: .0, Instructions: 26COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045314433.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ad0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5e00baf2fc9c442ac41803e106225962cb1586c182983b38de9ef63207527c35
                        • Instruction ID: a85205b2ab814ea88c156ff5e5350283c00886ca6f3c39322a097555d1d1692a
                        • Opcode Fuzzy Hash: 5e00baf2fc9c442ac41803e106225962cb1586c182983b38de9ef63207527c35
                        • Instruction Fuzzy Hash: 28F02B3021C6508FDB455B38E549E9A3FA5FF4561170514AAF047CB6B2EF309887CB50
                        Function 05ADD1CF Relevance: .0, Instructions: 26COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045314433.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ad0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 20d87cb965f8cc776012aaa920218675013ae09b19d461c1ae5766b0d4b851b6
                        • Instruction ID: 64d0cce5dcb9d7b03fe6faec4e177f2a8698cf2543e822c7e9a1499cbeeb7343
                        • Opcode Fuzzy Hash: 20d87cb965f8cc776012aaa920218675013ae09b19d461c1ae5766b0d4b851b6
                        • Instruction Fuzzy Hash: 73E06531B401168BDF14EBA5E48197FFBA3FFC0240F40C539C21657154EE30A81947D4
                        Function 05AEB9B0 Relevance: .0, Instructions: 25COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ff86c13ff786a827cced232d49633699d89ad669eb878aab4ca27060b422f971
                        • Instruction ID: 0f3d91377a7377961de3802a04b49594b192a7c9e9da197ddf86ef4a0bbb14fc
                        • Opcode Fuzzy Hash: ff86c13ff786a827cced232d49633699d89ad669eb878aab4ca27060b422f971
                        • Instruction Fuzzy Hash: 19E07574E45208ABCB44DFB9D55669DBFF5EB88210F04C1EAD858E3340EA34AA159F81
                        Function 05ABBA21 Relevance: .0, Instructions: 25COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045176249.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ab0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 01b4219ff1df523204b47f1e9601995fa7ae97f3e6634c099a6b87ca4450f61a
                        • Instruction ID: 5d3c85d32c4cb4a1488e3fb7e0f5e428cac653889ffbaa44180ba7e8019ee7f2
                        • Opcode Fuzzy Hash: 01b4219ff1df523204b47f1e9601995fa7ae97f3e6634c099a6b87ca4450f61a
                        • Instruction Fuzzy Hash: 3BE01A352106149FC308EB29D44AA66BBA9FF88211B508469E95ACB760DF31E801CA90
                        Function 05AE4160 Relevance: .0, Instructions: 24COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: bac1874d07936b6935438ec996b2b87c7c2c868d9391fb30ceee98d5e3329470
                        • Instruction ID: 44128e7d40091d22dbc3ab9a8a1d36917211b9d36a9b2d20456d64c8809274fc
                        • Opcode Fuzzy Hash: bac1874d07936b6935438ec996b2b87c7c2c868d9391fb30ceee98d5e3329470
                        • Instruction Fuzzy Hash: 85E0227184C3A68ECF118BA4CC11BBA7FF5BF29200F06009AC051DA2AAC7AC8105C360
                        Function 05AEBA77 Relevance: .0, Instructions: 24COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7ec57e93a520c8442e01ed25439aa10f7955d7dfc3d28a8cef72822d7ee93344
                        • Instruction ID: 2859d3c9c5f34892810a98f47d0442cb45bf2b9cc855db4567838776c39b3b4e
                        • Opcode Fuzzy Hash: 7ec57e93a520c8442e01ed25439aa10f7955d7dfc3d28a8cef72822d7ee93344
                        • Instruction Fuzzy Hash: D0E01A363102118FCB14DB2CE885E957BE2EF9D325B1945A9B4458B368DB35EC028B80
                        Function 05B44E00 Relevance: .0, Instructions: 24COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: fe513934927d1454eafe9bfa62fda9a305fa4c22e2610ecee00bebc67790c244
                        • Instruction ID: 66ca0200b6744e68821fd3d100173ea52d0a136a3cb0f5e59fe54ce406aaa5b1
                        • Opcode Fuzzy Hash: fe513934927d1454eafe9bfa62fda9a305fa4c22e2610ecee00bebc67790c244
                        • Instruction Fuzzy Hash: 88F01571C002198FCB40EFB8D9016DEBBF4AF09200F108166D949E7210E7305A558BC1
                        Function 05B43D60 Relevance: .0, Instructions: 23COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f0cee4f869b8881493a52171037ae3f8f8fda20ea651856007660450ddf4feb0
                        • Instruction ID: 253c94ab8e42f93b95129981b4a4060a75c20140be18cea11f4eba2e81622467
                        • Opcode Fuzzy Hash: f0cee4f869b8881493a52171037ae3f8f8fda20ea651856007660450ddf4feb0
                        • Instruction Fuzzy Hash: 44E026767041508FC3025F68E5444997FBA9FCA12132A40C7E005C7363CA30DC07C7A0
                        Function 05B4F6B8 Relevance: .0, Instructions: 23COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5a97b05e69fe809af7ba47e90a70d368ff957ca01f7459672547e4d7c824c780
                        • Instruction ID: ab103d84877acf85a1ea70aea8aeb34abdd20fbd89c65626406611dc37412f0f
                        • Opcode Fuzzy Hash: 5a97b05e69fe809af7ba47e90a70d368ff957ca01f7459672547e4d7c824c780
                        • Instruction Fuzzy Hash: E6E01A71E00218AF8B90EFB8D4055EEBBF9AF48210B108166E918E3300E730AF10CFA1
                        Function 05AB1430 Relevance: .0, Instructions: 23COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045176249.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ab0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8a62e622523dd55ec33daff824213f38d8b3f0afdecea0a2a859a87fe00d506c
                        • Instruction ID: eaddd8d9490fa1a5ed2aa53b9904acced7574707001871317cc906efa2adaf57
                        • Opcode Fuzzy Hash: 8a62e622523dd55ec33daff824213f38d8b3f0afdecea0a2a859a87fe00d506c
                        • Instruction Fuzzy Hash: C9D0A73234012086FB4022F6774ABFF63CEAF80025F08C8B6DD0CD6652FA6AD95613C0
                        Function 05ADD0D7 Relevance: .0, Instructions: 23COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045314433.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ad0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ed35fe6aadd32b46b9c95f991e4c1cfcb5d437277cb83bd71c98f4a960bf7e33
                        • Instruction ID: 3f660bbf470831c8cb01839efb521e3fcf04524d985ef03524af9c126dc62757
                        • Opcode Fuzzy Hash: ed35fe6aadd32b46b9c95f991e4c1cfcb5d437277cb83bd71c98f4a960bf7e33
                        • Instruction Fuzzy Hash: D6E0DFA3C0D3E04FD3274F244C50B927FB4EFA2240F8B00E78482CB193E508D80A8322
                        Function 05B45113 Relevance: .0, Instructions: 22COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c8c83b078def7bff1d78e068642d708d470354c309edd42a5a37ec65776e9eed
                        • Instruction ID: 88aa1893f0babe3c953eafa87567f505002e7475b9c4dcfb7e1b7eab28186a83
                        • Opcode Fuzzy Hash: c8c83b078def7bff1d78e068642d708d470354c309edd42a5a37ec65776e9eed
                        • Instruction Fuzzy Hash: 8DE09230A44B0ACFDB20DF60C009AADBBB1AF49300F25099AD44266291CB312AC1EF91
                        Function 05AD2640 Relevance: .0, Instructions: 22COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045314433.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ad0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f0cd1b5a37c7434dd088257b0ebae1ee253c5493b1893152080a426a9d023018
                        • Instruction ID: ed93845be2f01a0b68591d20f66cd74c2ef487efb51a82d92f59e0b597f1c7c9
                        • Opcode Fuzzy Hash: f0cd1b5a37c7434dd088257b0ebae1ee253c5493b1893152080a426a9d023018
                        • Instruction Fuzzy Hash: 6FE0C2367001089FC710AA79EC0EB893FA9EF09655F0000A5FD0AC7251DA31DD50CBD2
                        Function 05B42320 Relevance: .0, Instructions: 21COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a3b90068de1c2c7706eda81583861bc43acb723b9606048859f6c6989b93a122
                        • Instruction ID: 0195094cacf4139dd59da0614faf21d3cf6adcffd293d188c32be8e0597c0d92
                        • Opcode Fuzzy Hash: a3b90068de1c2c7706eda81583861bc43acb723b9606048859f6c6989b93a122
                        • Instruction Fuzzy Hash: 0AD012357105188B4604561EE41985EFBDFEFC9A1131540A6F505C7321DEA1DC0246A4
                        Function 05B181A8 Relevance: .0, Instructions: 21COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045615230.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b10000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: eea2f8b8247d24a1db5494b66f54f9231279aaf2935f03cc2e65efed34b24b16
                        • Instruction ID: c44cf5581837cd9a5a6df1e1d2df1294f1a1f8b9aa70e1b37d485765a09bced3
                        • Opcode Fuzzy Hash: eea2f8b8247d24a1db5494b66f54f9231279aaf2935f03cc2e65efed34b24b16
                        • Instruction Fuzzy Hash: 88E0C2F69067944FD7A24AA0960D3A27B62BB09520F8A298FF895C7651DA2464028B26
                        Function 05AEB138 Relevance: .0, Instructions: 20COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: cf749104ff905ed23235b3ca588475830577def481c6ec7180476a4d22d676f6
                        • Instruction ID: b4fcea58f1260457a0ef3a40042beabd30d090d2c8d6c325f757b753a279d8ee
                        • Opcode Fuzzy Hash: cf749104ff905ed23235b3ca588475830577def481c6ec7180476a4d22d676f6
                        • Instruction Fuzzy Hash: B7E01739340A088FCB10EB68D558C6EBBF6EF88705304885AF14BCB770DA75EC458BA0
                        Function 05AEB0E1 Relevance: .0, Instructions: 20COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e8072de6ff18a16628f3055e3cfaa936341220936bea034ffc764e72f60775b5
                        • Instruction ID: eb27fcce8271d707c550d760e897668d210d0ce229f3b64381318dccf8a7bc10
                        • Opcode Fuzzy Hash: e8072de6ff18a16628f3055e3cfaa936341220936bea034ffc764e72f60775b5
                        • Instruction Fuzzy Hash: ABE08C353006148FC700EB68D448C6ABBE9EF88714304486AF10AC7330CAA1EC418BD0
                        Function 05AEBAD0 Relevance: .0, Instructions: 20COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b79e6462fd1684702ee4d1c8ab7135fc38ffd6f1078693adf228369e29246800
                        • Instruction ID: 3e57a88747888019901f81932a71309cdcbfa281ab2a2afddfdc66d54e331d1b
                        • Opcode Fuzzy Hash: b79e6462fd1684702ee4d1c8ab7135fc38ffd6f1078693adf228369e29246800
                        • Instruction Fuzzy Hash: 92E01A30D0020CAFCB44EFA8E4404ADBFB6EB85300F0081FDE409A7354DA302A088F81
                        Function 05AEFA79 Relevance: .0, Instructions: 19COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4b8e3b126432f826bb84c7e521b453e70f6c019a5e0aef48ca10876b9b58c4cf
                        • Instruction ID: b5ab68b2b8c4f6c1d9d9527f1804daebe5d40d34f494caa75e3d71162520f34c
                        • Opcode Fuzzy Hash: 4b8e3b126432f826bb84c7e521b453e70f6c019a5e0aef48ca10876b9b58c4cf
                        • Instruction Fuzzy Hash: 7EE04F70C0625D8FCB44DFFD84416ADBFF1AB08204F2055E9C848E3305E2304650CF81
                        Function 05B43D70 Relevance: .0, Instructions: 19COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2eed966617415cad3628c7ea03e46f7d6dcad9aa98c699b7001f068af7e8cb7c
                        • Instruction ID: edf516be0b852aa34b6f8200f532b91ece145c90924fa5e149358c3487ced407
                        • Opcode Fuzzy Hash: 2eed966617415cad3628c7ea03e46f7d6dcad9aa98c699b7001f068af7e8cb7c
                        • Instruction Fuzzy Hash: 96D05E327100209F87049F5EE5048AABBEFDFC962132540ABE109C7322CE71EC03C7A0
                        Function 05B195F2 Relevance: .0, Instructions: 19COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045615230.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b10000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0149874d21b62d282611f676abecd8af44228683840c8d888c4906f43bf3e8db
                        • Instruction ID: d5f9558cce8515333abefce3ba75b1ecbf4df924d408eedd2f2a2f8e334c617b
                        • Opcode Fuzzy Hash: 0149874d21b62d282611f676abecd8af44228683840c8d888c4906f43bf3e8db
                        • Instruction Fuzzy Hash: C2E0E535A10129CFCF609F80E895B9DBF31FB48311F5080A5E94AA3210CF315D96CF50
                        Function 05B1C782 Relevance: .0, Instructions: 19COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045615230.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b10000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a9f5a2c58fcc2f5d55215f06072a964eeb3c23feb6ef5d886dea702f80df4936
                        • Instruction ID: 74df994520c9f91701fbb889c8431b4c7312c4b384b828ea78e0ccbe38065843
                        • Opcode Fuzzy Hash: a9f5a2c58fcc2f5d55215f06072a964eeb3c23feb6ef5d886dea702f80df4936
                        • Instruction Fuzzy Hash: 02D02B71F0A3810F8303D76C62544127FF19E4710034A00D3C498DF24ADE20CD444755
                        Function 05AEB9F8 Relevance: .0, Instructions: 18COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 89d381757322d6f1d1d7495342bd259333b1c2b128b9ce738c28d523b56a5501
                        • Instruction ID: 8a7d51165ae5e42dbe466cb04ea3caa66f81cca58d997f2c20891b0652e1e96f
                        • Opcode Fuzzy Hash: 89d381757322d6f1d1d7495342bd259333b1c2b128b9ce738c28d523b56a5501
                        • Instruction Fuzzy Hash: BAD0A731544108B7CB40D9B8C9567997B7ED785110F408299D94896200DC21EE156592
                        Function 05AEB9C0 Relevance: .0, Instructions: 18COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 56ffc7c534aba930b11a0eee752f917ca7357b8b4ac31c9d81ed8c91676c4ad0
                        • Instruction ID: 1b6a35f8e332e208b861b3297c9ec00ba29f1056f9afa87856c7c43b1159bebe
                        • Opcode Fuzzy Hash: 56ffc7c534aba930b11a0eee752f917ca7357b8b4ac31c9d81ed8c91676c4ad0
                        • Instruction Fuzzy Hash: C2E09274E05208AFCB44EFA9E44549DFFF4AB88200F00C1AA9818E3300EA349A018F80
                        Function 05AB34D9 Relevance: .0, Instructions: 17COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045176249.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ab0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4171ac1b7cb1be09d1053f6a8bd81a002b724ac06ea8a73d1e76fe2d92011d1a
                        • Instruction ID: 8ddaa0efbf5940b13b1282bf1c2841b1a5744f5881e14211e8f84b1fe9cdf2b5
                        • Opcode Fuzzy Hash: 4171ac1b7cb1be09d1053f6a8bd81a002b724ac06ea8a73d1e76fe2d92011d1a
                        • Instruction Fuzzy Hash: D8D05E72204105CFE708EF20E494BA9BBE4EF04701F190E2DE482CB294EF31D946CB91
                        Function 05AD3450 Relevance: .0, Instructions: 17COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045314433.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ad0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: aecf33fa43bdd0eaa1428c742ea415810c8d94c555981588885cd6aa2b2d1f70
                        • Instruction ID: 144858815fb78609e1a8bb2d5b1acdb06156e6382ce8c0c7f4f837ed5eb85f14
                        • Opcode Fuzzy Hash: aecf33fa43bdd0eaa1428c742ea415810c8d94c555981588885cd6aa2b2d1f70
                        • Instruction Fuzzy Hash: B5E08C70648808CBDF18EF28E18871A3FF2FB88319F00C19CE4064B248DF3498829F80
                        Function 05AEAC30 Relevance: .0, Instructions: 16COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f8f19d236c3ffe331ac5bdf7c019381cb5def5c78e4584fd2c821a0d6d87f055
                        • Instruction ID: e7a774bba372ae85145136c7db23018c675c3bf6fa0ed5a85c2684d5a7b50bfc
                        • Opcode Fuzzy Hash: f8f19d236c3ffe331ac5bdf7c019381cb5def5c78e4584fd2c821a0d6d87f055
                        • Instruction Fuzzy Hash: ABD0A53241060DCFC3407754DC45EE87774F721310F40555DE10556111FB24D555C7B3
                        Function 05ADE4A8 Relevance: .0, Instructions: 16COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045314433.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ad0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 37f92494b6f344975842e2d9901c8682ab392a6006e898d852fdfc9457a945d9
                        • Instruction ID: dc60f7ba5b0f69f71a04681ed0bec00945ce089fd486ca7dda095fd3f349f895
                        • Opcode Fuzzy Hash: 37f92494b6f344975842e2d9901c8682ab392a6006e898d852fdfc9457a945d9
                        • Instruction Fuzzy Hash: ACD0A7343102109FC200971CD405D967BE9EB49A21B00809AF905CB360CFB1EC0087C0
                        Function 05B1C790 Relevance: .0, Instructions: 16COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045615230.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b10000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 38142383fff128a63e9e55c9cff32f0a0239443e9dec20fb223f0c5fdfbb2421
                        • Instruction ID: 83126d2946c12f829ec404b96a1ea5cfa80eddc6566105e7051c8ce4a7420b7b
                        • Opcode Fuzzy Hash: 38142383fff128a63e9e55c9cff32f0a0239443e9dec20fb223f0c5fdfbb2421
                        • Instruction Fuzzy Hash: 9AD02230B0570A1B0310B66CB000C6277EEDF8B02038001A2D80CCB304EFA0EC404394
                        Function 05AEB0A8 Relevance: .0, Instructions: 15COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ed6a46a1e503befa32b2cf642e958d80b553c3cb3ea1a6a309bdb416fe92ba35
                        • Instruction ID: d98e11928bc2fdb21c19987c51bd1d6e3bbd58fd77417db73efdadacf429e110
                        • Opcode Fuzzy Hash: ed6a46a1e503befa32b2cf642e958d80b553c3cb3ea1a6a309bdb416fe92ba35
                        • Instruction Fuzzy Hash: 9BD0C931260A248FC705AB6CE4448997BE9EF4966531041AAF616CB335DFA1EC008BC4
                        Function 05B43EE8 Relevance: .0, Instructions: 15COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e370d2d671787c47c6161c7bceaac4eb6a5fae18da639af51a4296f64a40d700
                        • Instruction ID: 5b74903c5da29313b2985e90e4ea42628b635941d7e3385dfacaae34bce9fd8c
                        • Opcode Fuzzy Hash: e370d2d671787c47c6161c7bceaac4eb6a5fae18da639af51a4296f64a40d700
                        • Instruction Fuzzy Hash: 09D012B100B2508FC7630A30BC5A488BF33DB0B15435B54D7D4419B692C5338C878755
                        Function 05ADD8B3 Relevance: .0, Instructions: 14COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045314433.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ad0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a6d118cfdd98ebe1f5b187f280167cd251a2c317b1e658c04cfe46eba62113e4
                        • Instruction ID: 6ace125bbf522b7c73f59400e428db76eff8e0740bd3229afa2011cdd42445be
                        • Opcode Fuzzy Hash: a6d118cfdd98ebe1f5b187f280167cd251a2c317b1e658c04cfe46eba62113e4
                        • Instruction Fuzzy Hash: D5D0A729A441008FDF17B324880DF2D69FA7781284F840199C06397244EA25CA02CB61
                        Function 05B181B8 Relevance: .0, Instructions: 14COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045615230.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b10000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: fd82f602d2aca77f7db31eb6e1224b722e1ee9f57dfc9dbe25152d6a945c5602
                        • Instruction ID: 0017507c164d56596cf3aeca4c64a88d2ae472d9c6ccf95255496944c6138c0f
                        • Opcode Fuzzy Hash: fd82f602d2aca77f7db31eb6e1224b722e1ee9f57dfc9dbe25152d6a945c5602
                        • Instruction Fuzzy Hash: C7D0A7315016188FC7605554D1087A6B7DAF708630F44155EFC4582500CE6074508B84
                        Function 05AEAC61 Relevance: .0, Instructions: 13COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e712a1d1da6e31e0f7390147dc4e51a93a261a6c253ddf1c7eb4ee0b14bc4649
                        • Instruction ID: 94eddce38566c61b59caebcfbdfb94f487aa531fb753cabfb2cade8446009233
                        • Opcode Fuzzy Hash: e712a1d1da6e31e0f7390147dc4e51a93a261a6c253ddf1c7eb4ee0b14bc4649
                        • Instruction Fuzzy Hash: BAD0C972850609CED710BA64EB54B597B29BB12301F008A5EE445BA255EB31D269CB51
                        Function 05AE3FA0 Relevance: .0, Instructions: 12COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7346c76e5c50c669db7bc4ce4ee0522583742d4236ce1ed184e23f5892795fa5
                        • Instruction ID: 854d71b7ea2edf97cff9ca5dfdcaf78f42fa3274151024faadda73c78f0a3288
                        • Opcode Fuzzy Hash: 7346c76e5c50c669db7bc4ce4ee0522583742d4236ce1ed184e23f5892795fa5
                        • Instruction Fuzzy Hash: 79C02B3022850D4BDF001FF0780E72E7B5CEF48713F040021F00EC1180DE14D4029550
                        Function 05B4A410 Relevance: .0, Instructions: 12COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045821162.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b40000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e57f76652c9f2b63db44a42bc9b5d155ba34d577ba09cc8ee7cc3a4b47f7ee77
                        • Instruction ID: aee8be07b45a10a3e1f33ead5575fc46a4344fb94243c60d68694c6d39e38a6c
                        • Opcode Fuzzy Hash: e57f76652c9f2b63db44a42bc9b5d155ba34d577ba09cc8ee7cc3a4b47f7ee77
                        • Instruction Fuzzy Hash: 5BC08C30190108CFCB10ABE8F00DCB93BAAFF8822931040E5F62C87631EB22EC018A50
                        Function 05AE3F93 Relevance: .0, Instructions: 11COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 48231c1443649446a9a251e937388ce6677eb9a2df6d0a0947666a6fb91df0b4
                        • Instruction ID: 58d8be14a47f110018254833af2758f2468d721afc639e96c1aade29c7bbc83b
                        • Opcode Fuzzy Hash: 48231c1443649446a9a251e937388ce6677eb9a2df6d0a0947666a6fb91df0b4
                        • Instruction Fuzzy Hash: 0AC08C30124002C6FF101B90BB1AB2D3A1AEF08713F080019F91AE42C0CF10C0168512
                        Function 05B1853F Relevance: .0, Instructions: 11COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045615230.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5b10000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ad0f032796082d1e209d8d5522eb1b94a68ad7a795e05e0f3de1cee3e651a31f
                        • Instruction ID: 49459e1aa662b103ecae5553552a0ed6c6417294b3254c47abd014339e9f3af9
                        • Opcode Fuzzy Hash: ad0f032796082d1e209d8d5522eb1b94a68ad7a795e05e0f3de1cee3e651a31f
                        • Instruction Fuzzy Hash: 1BC08C7004E2C14FC3039FA0891C2C03F703F63294F2B1283C094CA283DA12042BCB3A
                        Function 05AEAC70 Relevance: .0, Instructions: 10COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9ee7928bb9c07c9e6beb19b8885b60522faa04de63bb9f1db7ab80681e062af8
                        • Instruction ID: 3cab7f8cdd405d95fd5b370b214ba597f8208ddf83cfb8ed796f4c5829ef4d06
                        • Opcode Fuzzy Hash: 9ee7928bb9c07c9e6beb19b8885b60522faa04de63bb9f1db7ab80681e062af8
                        • Instruction Fuzzy Hash: 07C0123285070D8EC700BAA8E408898BFB8BB15300B008A2AE4452A202EF30A1A9CB91
                        Function 05AEAC40 Relevance: .0, Instructions: 10COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045431315.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ae0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f1f6648560e8bac819d8ec9b953b9092e794f005d5cc88d1faaf8c442003836d
                        • Instruction ID: 7966287ce463e8d5b04d3000ce67bf4ad04cd72514606d55d9d9568eaf4e2146
                        • Opcode Fuzzy Hash: f1f6648560e8bac819d8ec9b953b9092e794f005d5cc88d1faaf8c442003836d
                        • Instruction Fuzzy Hash: 11C0123145070C8EC740BA68D4048987B78BB15201B40511AD44526111EF30A5A9C791
                        Function 05AD2800 Relevance: .0, Instructions: 9COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2045314433.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5ad0000_Setup_latest.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 97f078c91e9dbaed0595d9949a2eb2d0776e456a3f184c7339fb962ac44f1531
                        • Instruction ID: 05d62823d8ec322bf2d825fcb650ae916a03878f94dee784fc485689beac00bb
                        • Opcode Fuzzy Hash: 97f078c91e9dbaed0595d9949a2eb2d0776e456a3f184c7339fb962ac44f1531
                        • Instruction Fuzzy Hash: CFB0021652010487DF047934D9DB72C6F21A7C4696F4C9A545009C5253C91CD405BF56